Data Processors

Data processors and the information we share

As part of our policy to provide you with and open and transparent overview of what information we hold, we have listed the companies we work with. Below is a list who we share your information with to help provide our service to you and what that information is.


Our Partners

Why we use them.

What we share.

What safeguards are in place?


If you consent and opt-in to allow us to send you marketing communications, we use MailChimp to send those e-mails and to track who opens and what is clicked within those e-mails.

We maintain a list of e-mail addresses and keep a list of those e-mail addresses in Mailchimp. When you click on a link that information will be stored, and we will use that information to help us provide you with similar offers.

Information may be sent out of the EU for processing. MailChimp has self-certified to both the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield regimes and lawfully transfers EU/EEA personal data to the U.S. pursuant to our Privacy Shield Certification. We also complete a SOC II Type 2 examination on an annual basis for the Trust Principal Criteria of Security, Processing Integrity, Confidentiality, and Availability.


When you place an order, we will send you updates on your order status through Mandrill. Mandrill will log when you open or click on a link within the e-mail. These are transactional e-mails we send to ensure you are kept in informed. If you contact us through our customer care links our reply will go through Mandrill.

We will share your e-mail address and name along with any content that was sent to you. E-mails sent this way are retained for 30 days for audit purposes and to allow us to re-send them if requested.

As Above. Mandrill is now a part of MailChimp.


We use STRIPE to process your payment if you opt to pay by card or Apple pay.

In order to identify you and to process your payment whilst making appropriate checks for fraud we send STRIPE your name, address, e-mail and billing address details and your transaction number. We use a secure method of sending them your card number, expiry dates and CVV that we cannot access and do not store. We do keep a token that relates to your transactions in order to verify payment.

Information may be transferred outside the EU.

Stripe has certified to the EU-US and Swiss-US Privacy Shield for this reason. Stripe’s Privacy Shield certification is here, and our Privacy Shield Policy here. For more information, please visit Stripe’s EU data transfer support page here.


We use PayPal to process payments

We send PayPal your name and delivery address. And the amount we need to charge you. As you sign in to their systems as they handle all of the payment we do not need to send any other information.

Information may be passed outside the EU.

Further information can be found at:


If you consent and opt to receive Trustpilot invitations, you will receive an e-mail invitation to review our service.

We will send them only what they need to contact you, your name and e-mail address along with the transaction number so that we can confirm that your review is a genuine review.

Information may be transferred outside the EU. Only the minimum amount of information required to provide the service you ask for is transferred. Further details available at:


When you visit our website Google use cookies identify you and see what it is you look for on our website. We use this to see what people find interesting about our site so we can improve the services and products we offer.

Using this website will result in small data files being stored on your computer. These are known as cookies. Most websites do this.

We use cookies for:

<![if !supportLists]>· <![endif]>Remembering settings, so you won’t have to re-complete an entire form if there is a mistake.

<![if !supportLists]>· <![endif]>Measuring how our website is used so we can improve your experience (see Google Analytics below).

<![if !supportLists]>· <![endif]>Our cookies aren’t used to identify you personally. You can manage and/or delete them as you wish, refer to your web browsers help documentation and settings for details on how to do this, the information is usually found under privacy/security settings.

Google may transfer data outside the EU. They are committed to the highest levels of data security. Further details can be found at:

UK Mail

We use UK mail to deliver your order to you.

In order to do this, we share your name and address along with your transaction number. If you opt to receive order updates we will also send them your contact details including e-mail and mobile telephone number

UK Mail have high levels of security. Further details of their information security policy can be found at


We use some Microsoft services to provide the services you request. If we contact you or you contact us via e-mail then this information will be stored on Microsoft server computers.

This may include your name and address, your e-mail address and other contact details such as telephone number along with sensitive personal information in the content of the e-mail. We have a retention policy which says we will not keep e-mails longer than is necessary.

Microsoft may send information outside the EU.

Microsoft has extensive expertise in protecting data, championing privacy, and complying with complex regulations, and currently complies with both EU-U.S. Privacy Shield and EU Model Clauses. We believe that the GDPR is an important step forward for clarifying and enabling individual privacy rights. We want to help you focus on your core business while efficiently preparing for the GDPR.

Pass My Parcel

We use Pass My Parcel to deliver your order to you.

In order to do this, we share your name and address along with your transaction number. If you opt to receive order updates we will also send them your contact details including e-mail and mobile telephone number

some of the processes involved in our use of your personal data may require your data to be stored or processed in countries outside of Europe. For example, where our service to you falls outside of the EEA and we engage international third-party couriers as part of the service to you.

Whenever we send (or permit a third party to send) your personal data outside of Europe, we will make sure that we take steps necessary to protect your data as required by applicable laws. For example, we may implement specific contract terms or we may rely on service providers who adhere to certain compliance programmes overseas, or we may select service providers based in countries with strong local laws to protect your personal data.

Royal Mail

We use Royal Mail to deliver your order to you.

In order to do this, we share your name and address along with your transaction number. If you opt to receive order updates we will also send them your contact details including e-mail and mobile telephone number

Royal Mail Group may need to transfer personal information about customers to third parties located outside the UK. If we do, we will ensure that information is protected to a level which meets the requirements of UK law.


We use Freshdesk to help with our contact management. Our e-mails, live chat, twitter and Facebook contacts are run through Freshdesk.

The information held includes your name and contact details including e-mail address and location along with the content of any communication we have with you, which may include sensitive information. In addition, we may supplement this information with notes we make to help process your order.

Freshworks, Inc. participates in and has certified its compliance with the EU-U.S. and Swiss-US Privacy Shield Framework. Freshworks, Inc. is committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List [].


We use Algolia to support our online search functionality.

We pass through limited details such as name and contact details which are indexed and stored in Algolia’s systems. We do not send any sensitive personal information.

Algolia, Inc. is a USA based company with subsidiaries in France and UK operating our services globally in more than 15 regions. Your data primarily stay in regions where you decide your data to reside. Logs of search queries and operations can be processed outside of the EU but always stay in a system respecting privacy and security.


We use Amazon servers to keep all of your data and to process that information in order to deliver the services you request from us. Our servers use the highest levels of security available including encryption at rest, London based servers using DMZ and encryption of data in transit using SSL.

The personal data we hold is:

Account details

Name, Addresses, E-mail, Gender, Date of Birth, Telephone number.

Order details

Status of order, internal notes relating to your order, the content of your order, how much you paid, delivery tracking details, IP address, any data passed back from payment providers, any information we needed to collect to verify your order,


If you opt-in to receive different types of communication


relating to your order including any communication we have had with you, this may include sensitive information.

Partner orders

As above.