Privacy Policy


Top Of The Clops is committed to respecting the privacy and data security of its customers and visitors to our website and our social media.

This Privacy Policy explains how we collect, store and use personal information about you.

The GDPR is new European legislation which replace the Data Protection Act which seeks to strengthen data protection for all individuals across the European Union. Even though the UK has chosen to leave the EU, the UK will still implement the regulations when they come into force on 25 May 2018.


Section 1 – How and Why do you use my data

1.1   You have a right to know how your data is used. This is called the ‘Right to  be informed’.

1.2 We will provide you with concise, transparent and easily accessible information through this Privacy Notice. This will explain how we use your personal data

1.3 When you purchase products from us we are defined as the Data Controller and companies e.g. payment providers, website provides and any other third party companies we work with are the Data Processors. The Data Controller (Top Of The Clops) is responsible for how your data is processed and used and the Data Processor uses the data in accordance with the Data Controllers request.

1.4 We collect the following personal data from you in order to complete your order– your name, shipping, billing addresses, email address, phone numbers and IP address. This is recorded alongside details of what items you purchased, dates of purchase, order number, number of items purchased, what payment method e.g. Paypal you used, shipping cost and any discount code used.

1.5 We will also hold other publicly available personal data such as photos, reviews that you have posted, liked, shared or commented on by posting these on our public Facebook page, Twitter page or Instagram page.

1.6 We have a legal basis to collect and process your data because

To Fulfil a contract  - We have to collect and process your personal data in order to complete your order and deliver your purchases to you

When you provide consent – We obtain consent from you when you choose to give us your personal data to receive email marketing or when you choose to interact with our social media by  posting photos, comments, likes etc

For our Legitimate interests – We can also process your data when it is deemed our legitimate interest to do so and when these interests are not overridden by your data protection rights. 

Examples of our legitimate interests are

  • To process and complete orders
  • Ensuring the security and integrity of our services at all times
  • Enabling our Website to operate effectively
  • Protecting and maintaining the safety, health and welfare of our customers
  • Managing complaints, queries, customer contacts or disputes
  • Promoting, marketing and advertising our products and services
  • Managing warranty claims by customers
  • Understanding our customers’ behaviour, activities, preferences, and needs;
  • Improving existing products and services and developing new products and services;
  • Complying with our legal and regulatory obligations, such as preventing, investigating and detecting crime, fraud or anti-social behaviour, this may include the need to work and share this information with law enforcement agencies.


Section 2 – Who has access to my data?

2.1  Your payment transactional card details are not seen, held or processed by Top Of The Clops. When you complete your checkout process and reach the payment stage you choose which payment provider you wish to use from the choice of Paypal, Applepay, Googlepay or by card which is ShopifyPay then this third party payment provider acts as the Data Processor and they use your payment details e.g. debit or credit card or bank account details.

2.2 Your payment providers have their own privacy policies in respect of your use of their services to pay for your order. For these providers, we recommend that you read their privacy policies so you can understand the manner in which, these providers will handle your personal information. (see section 3.5 and 3.6 for links to payment providers Privacy Policies)

2.3 Our website provider Shopify Inc will have access to your personal data in order to host and manage our website.

2.4 We will write your name and address on packets and parcels that contain your order in order for these to be delivered to you. The companies we use are Royal Mail and Parcel Force. We need to use your data in this way so that we can fulfil delivery of your order.

2.5 Top Of The Clops is a small business and therefore there are limited people within the business who have access to your personal data.

2.6 We do not pass your data onto any other companies for marketing purposes

2.7 We only share your personal data with payment providers, website provider and courier companies.


Section 3  - How Secure is my Data

3.1 We store all your personal data on our website. We do not hold personal data outside of the website system as our other administration records are anonymised by order number, order date and order value.

3.2 Your data on our website is stored through Shopify’s data storage, databases and the general Shopify application. Shopify Inc stores your data on a secure server behind a firewall.

3.3 Your data on our website is processed within Europe by Shopify’s Irish branch Shopify International Ltd.

3.4 Our website includes an SSL certificate that uses industry standard 256-bit encryption technology. This is the same level of encryption used by large banks to keep your information secure. This means our site is https rather than http

3.5 If you choose to pay via credit card then our website provider will process this payment via ShopifyPay and they process your credit card data. Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted. Your credit card information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, ShopifyPay is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). This adheres to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information. For more information, you may also want to read Shopify’s Terms of Service ( or Privacy Statement (

3.5 If you chose to pay via Paypal, ApplePay or GooglePay you will need to view their privacy policies regarding the security of your payment details.

3.6 If you visit an external website link from our social media or website we are not responsible for the privacy practices and security of other sites and encourage you to read their privacy statements.


Section 4 – Amending my data

4.1 You have a right to amend the data we hold on you at any time if you feel that it is inaccurate or incomplete. This is called the ‘right to rectification’.

4.2 If you have created an optional customer account on our website - You can amend your details on the account section of our website at any time

4.3 If you want us to amend your data, we can do so for you at any time. You can email or write to us and let us know what needs changing

4.4 We will always let you know when we have corrected your data.


Section 5 – Accessing my data

5.1 You have a right to have access to your data that we hold on you at any time

5.2 Accessing your data is called a Subject Access Request (SAR).

5.3 You can access your data by writing to us or emailing us to request this.

5.4 We will provide you with the data we hold on you within 1 month and this will be free of charge

5.5 We will provide your data to you in the same format you requested it – for example if you request via email then we will email you your data

5.6 We must provide you with your data in a commonly accessible format. This is known as Data Portability. We will provide your data in electronic form in a PDF


Section 6 – Deleting my data

6.1 You have a right to request for your data to be deleted or removed. This is called the ‘right to be forgotten’.

6.2 If you wish to be deleted you can contact us via email or in writing.

6.3 We cannot delete your data whilst you have an open order with us because we will not be able to complete your order and send you your purchase

6.4 We cannot delete your data until 180 days have passed since your last order. This is because this is the legal window for a charge back on an order to be made.

6.5 If we are able to delete your data we will remove your data from our website by working with our website provider Shopify Inc. They will keep non personal data associated with an order such as date of purchase and item purchased but will delete all personal data and anonymise the record.

6.6 We will contact you to let you know what data we have been able to delete from our records and from our website


Section 7 – Restricting my data

7.1  You have the right to ‘block’ or stop us processing your personal data.

7.2 When you request this you give us permission to be able to store your personal data but we can not process it any further.  This will mean we will be unable to complete any further orders for you as this involves processing your data.


Section 8 – Email Marketing

8.1 You have a ‘right to have to freely give your consent’ to have your personal data such as email address used our mailing list

8.2 We have never used automated or pre-ticked boxes to add your email address to our mailing list. This means if you receive email marketing from us you have chosen to receive this.

8.2 Prior to the implementation of GDPR, we contacted everyone on our email mailing list and asked individuals to ‘opt in’ again to continue to receive our emails. Anyone who did not opt in will be removed from our list before the 25th May 2018

8.3 If you are on our mailing list, you can change your mind at any time by clicking the unsubscribe link in the footer of any email you receive from us, or by contacting us at

8.4 We use Mailchimp as our marketing automation platform. By joining our mailing list you agree that the information you provide e.g. name and email address will be passed to Mailchimp for processing in accordance with their privacy and terms


Section 9  - Cookies

9.1 Like most websites, we use Cookies on our website.

9.2 A cookie is a small data file which is placed on your computer or other web browsing equipment such as Smart Phone or Tablet as you browse our website. They are used to ‘remember’ when your computer or device has access our website. Cookies are essential for the effective operation of our website and to help you shop with us online.  They are also used to tailor the products and services offered to you.

9.3 Cookies do not collect information on your name, address or payment details.

9.4 We use Google Analytics to analyse the use of our website. Google Analytics generates statistical and other information about website use by means of cookies. The information generated relating to our website is used to create reports about the use of the website. Cookies and Google Analytics help us understand how customers access and navigate around our website. Google will store this information and Google's privacy policy is available at:

9.5 If you feel unhappy about the use of Cookies you can disable the Cookies from your browser and delete all Cookies currently stored on your computer.  You can disable different types of Cookies. However in general our website may not operate properly if cookies are switched off.  If you only disable third party cookies, you may not be prevented from making purchases on our site.  If you disable all cookies, you may be unable to complete a purchase on our site.


Section 10 - How do I Complain?

10.1 If you feel that we have not managed your data correctly you can contact us to complain by email, WhatsApp, Social Media or phone.

10.2 You have the right to lodge a complaint with the Information Commissioner’s Office.  Further information, including contact details, is available at


Section 11 - How to contact us

You can contact us


Section 12 - How can I keep up to date with this policy?

We review this Privacy Policy regularly and reserve the right to make changes at any time to take account of changes in our business and legal requirements.

This was last updated on 29/03/24