Jollybox – UK Sensory Toy Shop

Privacy Policy

Effective Date: 26/06/2025
Business Name: Jollybox
Jurisdiction: United Kingdom
Contact Email: [email protected]
Website: www.jollyboxrewards.co.uk

Who We Are

Jollybox is a UK-based sensory toy shop dedicated to supporting children’s development through sensory play. We are committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

What Data We Collect

We may collect the following information when you interact with our website:

  • Contact details submitted via forms (e.g. name, email address, message)

  • Technical data, such as IP address, browser type, and usage patterns

  • Comment form data (if enabled), including IP address and browser user agent

  • Media uploads (please avoid uploading images with embedded location data)

  • Cookie preferences and login/session data (see Cookies below)

Order and Payment Information

When you place an order on our website, we may collect:

  • Name, billing and shipping addresses

  • Contact details and order history

  • Transaction details (e.g. product(s) purchased)

Payments are processed securely by third-party payment providers. We do not store or have access to your full payment card details.

How We Use Your Data

We use your information to:

  • Respond to enquiries and provide customer support

  • Process and fulfil orders

  • Improve website functionality and user experience

  • Prevent fraud, spam, and unauthorised activity

  • Comply with legal obligations

Legal Basis for Processing

We process your data under one or more of the following legal bases:

  • Consent – when you voluntarily provide data (e.g. via contact forms)

  • Contract – to fulfil purchases and deliver our services

  • Legitimate interests – to maintain and improve our website and services

Cookies

We use cookies to enhance your browsing experience. These may include:

  • Functional cookies (e.g. remembering login details)

  • Analytics cookies (e.g. to track website usage with tools like Google Analytics)

You may be asked to accept or manage cookie settings when you first visit our site. You can adjust your cookie preferences at any time via your browser settings or our cookie banner (powered by CookieYes).

Embedded Content

Pages or blog posts may include embedded content (e.g. videos, maps, social media). Embedded content from other websites behaves as if you visited those sites directly and may collect data or use cookies independently of Jollybox.

Comments (If Enabled)

If you leave a comment:

  • We collect the data you enter, along with your IP address and browser information to prevent spam

  • An anonymised string (hash) may be sent to the Gravatar service to display your profile image (see their privacy policy at https://automattic.com/privacy)

User Accounts (If Applicable)

If our website offers account registration:

  • Profile data is viewable and editable by you and site administrators

  • Login cookies are used for convenience and expire according to browser or site settings

  • Data is retained while your account is active or as required by law

Who We Share Data With

We do not sell your personal data. However, we may share data with trusted service providers, including:

  • Secure website hosting providers

  • Analytics platforms (e.g. Google Analytics)

  • Email marketing or contact form tools (e.g. Mailchimp, form handlers)

  • Spam and security monitoring services

All providers are required to protect your data and only use it for the purpose of delivering their service.

Data Retention

We retain your personal data only as long as necessary:

  • Comments and metadata may be stored indefinitely

  • Contact form submissions are kept for customer service purposes

  • Account data is retained while the account is active

Your Rights

Under UK GDPR, you have the right to:

  • Access the personal data we hold about you

  • Request correction or deletion of your data

  • Withdraw consent at any time

  • Request a copy of your data in a portable format

To exercise these rights, please email us at: [email protected]

International Data Transfers

Some of our service providers (e.g. Google, Mailchimp) may store data outside the UK. We ensure any data transfer complies with UK data protection laws, using safeguards such as the UK Data Bridge or Standard Contractual Clauses.

How We Protect Your Data

We use appropriate technical and organisational measures to protect your data, including:

  • Secure SSL encryption

  • Limited access controls

  • Secure servers and data storage

  • Regular system monitoring

Only authorised personnel have access to your personal data.

Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with a new effective date.

Contact

If you have any questions about this policy or how we handle your data, please contact:
[email protected]

Page in Development

Don’t worry, you can still order products from our shop in the meantime.