Privacy Policy

​At Tea Ducks, your trust is as important to us as the quality of our teas. We are committed to protecting your privacy and handling your personal information with care, transparency, and respect. This policy explains how we collect, use, and safeguard your data when you visit our website, make a purchase, or subscribe to our communications.
By using our website www.teaducks.com, you agree to the practices described in this Privacy & Cookie Policy.

1. Introduction

1.1 Purpose of This Policy  

This Privacy & Cookie Policy explains how Tea Ducks Ltd (“Tea Ducks”, “we”, “our”, “us”) collects, uses, stores, and protects the personal data of individuals who visit www.teaducks.com, place orders, join our mailing list, or contact us.

1.2 Our Commitment to Your Privacy  

We handle your personal data with transparency, respect, and diligence. Your trust matters to us, and we safeguard your information with the same care we apply to selecting and preparing our teas.

​

1.3 Legal Framework  

We process personal data in accordance with:  

    – the UK General Data Protection Regulation (UK GDPR),  

    – the Data Protection Act 2018, and  

    – the Privacy and Electronic Communications Regulations (PECR).

​

1.4 What This Policy Covers  

This policy explains:  

    – what personal data we may collect,  

    – why we collect and process it,  

    – how we use, share, and protect it, and  

    – the rights you have under data protection law.

​

1.5 Updates to This Policy  

We may update this policy to reflect changes in our practices or legal obligations. Updates will be published on this page.

​

​

2. Information We Collect

​

We may collect personal data directly from you, automatically through your interactions with our website, or from third parties.

​

2.1 Information You Provide Directly

​

Identity Data  

    – Includes your name, surname, title, and gender (if provided).

​

Contact Data  

    – Includes email address, telephone number, and billing and delivery address.

​

Account Data  

    – Includes login credentials and preferences stored in your account.

​

Order Data  

    – Includes purchased items, delivery instructions, and transaction references.

​

Customer Service Data  

    – Includes messages, feedback, and details of queries or complaints you send to us.

​

2.2 Information Collected Automatically

​

Technical Data  

    – Includes IP address, browser type, operating system, device type, and time zone settings.

​

Usage Data  

    – Includes pages viewed, navigation paths, time spent on pages, and products searched for.

​

Cookies and Tracking Data  

    – Includes information on browsing behaviour and preferences. See Section 5 for details.

​

2.3 Information Received from Third Parties

​

Payment Providers  

    – Provide confirmation of payment authorisation. We do not receive or store full card details.

​

Delivery Partners  

    – Provide confirmation of successful delivery or attempted delivery.

​

Marketing and Analytics Providers  

    – Provide anonymised usage insights, but only where you have consented to such tracking.

​

2.4 Special Category Data  

We do not intentionally collect special category data such as health, ethnicity, political opinions, or biometric data. If such information is inadvertently provided, we handle it with particular care and delete it unless strictly necessary.

​

​

3. How We Use Your Data

​

We process your personal data only where lawful, necessary, and proportionate.

​

3.1 To Process and Deliver Orders  

    – Manage and confirm payments via secure third-party providers, and maintain transaction records where required.  

    – Prepare, package, and dispatch products to your specified address.  

    – Handle returns, refunds, and exchanges.  

    – Maintain order history and invoices for accounting and legal compliance.

​

3.2 To Provide Customer Service  

    – Respond to queries relating to products, orders, or accounts.  

    – Investigate and resolve service issues or complaints.  

    – Provide important updates about orders or deliveries.

​

3.3 To Operate and Improve Our Website and Services  

    – Monitor website functionality, performance, and security.  

    – Analyse browsing patterns using cookies and analytics tools (subject to consent).  

    – Develop and enhance our website features, product offerings, and user experience.

​

3.4 To Send Marketing Communications (With Consent)  

    – Send newsletters, promotional offers, and product announcements.  

    – Notify you of updates, campaigns, or events.  

    – Tailor communications to your interests where you have agreed to receive such content.

​

3.5 To Comply with Legal and Regulatory Obligations  

    – Maintain transaction and financial records for UK tax and accounting purposes.  

    – Respond to lawful requests from regulators or public authorities.  

    – Prevent misuse of services, fraud, or unlawful activity.

​

3.6 To Protect Our Business Interests  

    – Enforce our terms and conditions.  

    – Maintain network and information security.  

    – Establish, exercise, or defend legal claims.

​

​

4. Legal Basis for Processing

​

Tea Ducks processes personal data under the following lawful bases:

​

4.1 Contractual Necessity  

    – Process and deliver orders, manage payments and refunds, and provide customer support.  

    – Communicate with you about the status of your purchases.

​

4.2 Consent  

    – Send newsletters, promotional communications, and tailored content.  

    – Use non-essential cookies for personalised browsing or targeted advertising.  

You may withdraw consent at any time (see Section 9).

​

4.3 Legal Obligation  

    – Retain records for tax, accounting, and audit requirements.  

    – Respond to lawful requests from regulatory or public authorities.  

    – Comply with consumer protection legislation.

​

4.4 Legitimate Interests  

    – Operate, maintain, and improve our website and services.  

    – Prevent fraud, maintain security, and ensure proper system use.  

    – Analyse website usage where permitted, and defend legal claims where necessary.

​

4.5 Vital Interests  

    – Process personal data where necessary to protect your vital interests or those of another person, such as in safety-related situations.

​

​

5. Cookies

​

5.1 What Are Cookies?  

Cookies are small text files placed on your device when you visit a website. They support site functionality and provide information to the website owner. Cookies may be set by Tea Ducks (first-party cookies) or by external providers (third-party cookies).

​

5.2 Types of Cookies We Use

​

Strictly Necessary Cookies  

    – Enable essential website functionality such as page navigation, secure areas, and order placement.

​

Performance and Analytics Cookies  

    – Collect anonymous data on how visitors use our website. We use this information to improve performance and user experience.

​

Functional Cookies  

    – Remember your language and region preferences, and provide enhanced features such as saved login details.

​

Targeting and Advertising Cookies  

    – Deliver relevant ads based on your browsing behaviour and may be set by third-party partners.

​

5.3 Cookie Consent  

A cookie banner allows you to:  

    – accept all cookies,  

    – reject all non-essential cookies, or  

    – manage your granular preferences.  

5.4 Cookie Duration  

    – Session cookies expire when you close your browser.  

    – Persistent cookies remain for a defined period.  

Non-essential cookies are retained for up to 13 months.

5.5 Third-Party Cookies  

These support features such as embedded videos, social sharing, and analytics. Third-party providers may collect and use your data in accordance with their own privacy policies.

​

6. Who We Share Your Data With

6.1 Service Providers and Subcontractors  

    – Payment providers process secure transactions.  

    – Delivery partners prepare and deliver your orders.  

    – IT providers support hosting, maintenance, storage, and technical operations.  

    – Marketing providers assist with email campaigns and analytics, but only with your consent.

6.2 Legal and Regulatory Authorities  

    – We may disclose data where required by law, regulation, or legal process.

6.3 Business Transfers  

    – In the event of a sale, merger, restructuring, or acquisition, personal data may form part of the transferred assets.

6.4 Independent Third-Party Controllers  

    – Some third parties, such as delivery companies or payment processors, operate under their own terms and compliance obligations.

​

7. International Data Transfers

7.1 Locations  

We primarily store and process data in the United Kingdom and the EEA. Certain trusted providers may transfer or process data outside these regions.

7.2 Safeguards  

    – Adequacy decisions,  

    – Standard Contractual Clauses (SCCs), and  

    – technical and organisational measures such as encryption and access controls.

7.3 Further Information  

You may request details of safeguards using the contact information in Section 11.

​

​

8. Data Retention

8.1 Customers Who Have Placed an Order  

    – Account details and order history: up to 5 years.  

    – Invoices and payment records: minimum 6 years.  

    – Order-related customer service communications: up to 2 years.

8.2 Prospective Customers and Subscribers  

    – Marketing contact details are retained for up to 3 years unless you unsubscribe earlier.

8.3 Cookies and Tracking Data  

    – Non-essential cookies remain on your device for up to 13 months.  

    – Anonymised analytics data may be stored longer.

8.4 General Enquiries  

    – General correspondence not linked to an order is retained for up to 1 year.

8.5 Exceptions  

We may retain data longer where required by law, necessary for legal claims, or essential for preventing fraud or safeguarding individuals.

​

​

9. Your Rights

​

9.1 Right of Access  

    – You may request confirmation of whether we process your data and obtain a copy.

​

9.2 Right to Rectification  

    – You may request correction of inaccurate or incomplete personal data.

​

9.3 Right to Erasure  

    – You may request deletion of your personal data where legally applicable.

​

9.4 Right to Restrict Processing  

    – You may request temporary restriction of processing in specific circumstances.

​

9.5 Right to Data Portability  

    – You may receive your data in a machine-readable format and request transfer where feasible.

​

9.6 Right to Object  

    – You may object to direct marketing at any time.  

    – You may object to processing based on legitimate interests unless compelling grounds override your rights.

​

9.7 Right to Withdraw Consent  

    – You may withdraw consent at any time without affecting prior lawful processing.

​

9.8 Automated Decision-Making  

    – Tea Ducks does not use automated decision-making with significant effects.

​

10. Security

10.1 Technical Measures  

    – We use encryption where appropriate, firewalls, and intrusion detection.  

    – We apply updates and patches regularly.  

    – We enforce access controls, data minimisation, and pseudonymisation where possible.  

    – Systems are monitored for vulnerabilities.

10.2 Organisational Measures  

    – Staff training on data protection and information security.  

    – Confidentiality obligations for employees and contractors.  

    – Access restrictions based on least-privilege principles.  

    – Data breach response procedures.

10.3 Limitations  

    – While we take reasonable steps to protect your data, no method of transmission or storage is completely secure.

​

11. Contact Us

If you have questions or wish to exercise your rights, contact:

Tea Ducks Ltd  

Email: support@teaducks.com

We may ask for proof of identity before fulfilling certain requests.  

We aim to respond within one month, extending by up to two months where necessary.

​

​

12. Changes to This Policy

​

Tea Ducks may update this Privacy & Cookie Policy to reflect changes in our practices or legal requirements.  

Where material changes occur, we may notify you directly and seek consent where appropriate.