Your Privacy


You take your privacy seriously. So we do too.

Here's what we do:

  • We adhere to UK and EU privacy regulations including GDPR to safeguard your personal data.
  • We always use secure pages wherever you enter personal data. Look for the padlock in the address bar.
  • We are PCI DSS compliant. This means our servers and procedures have passed the strict controls laid out by the credit card providers, and our servers are regularly monitored and tested for security.
  • We do not store your card details - these are passed securely to your bank in the background when you complete your order and we do not have access to your card number or security code at any time.
  • We are open and clear about how we use any personal details you give us, and we only use those details for the purpose it is intended.
  • We do not sell any of your personal information to anyone at any time.
  • If we use any external software or other services as part of our service to you, we ensure they are GDRP or EU-U.S. Privacy Shield compliant to safeguard your data.
  • You can unsubscribe from any mailings or contact you get from us at any time, just by clicking the link in any email you receive, or by asking us by phone, text or email.
  • You can call us on 01386 293201 or email us at if you're unsure about anything or want to know more about how we protect your privacy.

Here's the detail:

Who are we?

ThreadPepper Ltd is a private company based in the United Kingdom and registered with Companies House with registration number 11365727. Our address is Nicholas House, Heath Park, Main Road, Cropthorne, Worcestershire, WR10 3NE. Data Protection Registration No. ZA559696.

What data do we collect and how do we use it?

This Privacy Policy covers personal data which is any data that can identify an individual. It does not include aggregate or anonymous data where personally identifiable information is not available.

Contact Information: If you use a form on our website, send us an email, call us, send us a text, or send a message through social media or by any other medium, we will use your contact information to reply to you to help you with your query under GDPR guidelines for Legitimate Interest. We may use external software or apps to manage this communication so we can help you more effectively, and where this is the case these services have been confirmed as GDPR or similar compliant.

Order Information: When you place an order with us on our website or by phone, we will use the information in that order to process your order for you as per GDPR guidelines for Contracts. We do not have access to, or store, your credit card information, which is processed by Shopify or PayPal, both of which are GDPR or similar compliant. We do however log the last 4 digits of your card and the card type so we can provide you with that information if you wish to place another order. If we are asked to charge your card in lieu of payment for a future order, this is done using a secure token system provided by Shopify or PayPal. We are not at any point able to see your card details or re-use them in the original format.

We will use the contact details in your order to contact you about your order, follow-up with you to ensure you are happy with your order, and offer additional assistance to complete your order or future orders under GDPR guidelines for Legitimate Interest.  You can ask us not to contact you at any point by clicking on the unsubscribe link in emails or replying to any messages you receive.

If you choose not to provide us with relevant personal information, we may not be able to assist you with your queries or fulfil your order.

Technical Data: When you place an order with us, we log your IP address so we have a record of the order in case of fraudulent use of your card, and we maintain this information according to GDPR guidelines for Contracts. We use Google Analytics and Facebook Pixels to collate data about visitors to our site so we can ensure we provide the best possible service and to offer relevant marketing using GDPR’s Legitimate Interest processing guidelines. This data is anonymous and is not personally identifiable.

Reviews: If you provide us with a review this will usually be through an external service specifically designed for this purpose. Where this is the case, we have ensured any service we use is GDPR or similar compliant so your data is protected. We will use these reviews on our website, and where you have offered additional information to support the review, for example a photo, this will be included in the review and maintained as per GDPR’s Legitimate Interest guidelines. You can contact us at any time to have the review removed. If you have provided a review through a 3rd party, including social media, you can remove that review at any point by logging in to that platform. We will usually be unable to remove such reviews on your behalf. We may use reviews you have used on review sites or social media on our website or elsewhere under the same GDPR basis, and you can request the removal of these reviews at any time by contacting us.

Sensitive Data: We do not collect sensitive data. Sensitive data includes ethnicity, religion, sexual orientation, political orientation and health data, amongst others.

Prize Draws & Competitions: If you have entered any prize draws or competitions we hold we will use your entry information to communicate with you regarding the draw or competition, and subsequently send you further marketing communication by email, post, text or phone, and process this data as per the GDPR guidelines for Legitimate Interest. You can unsubscribe from any of these at any time by replying and asking to be removed.

Opting Out:
If you ask us not to contact you, we will remove you from all contact and notify you when this has been completed. You may also request partial-removal, in the event you have a contact preference, for example if you only want to be contacted by email, and not by phone or text. We will however still need to contact you about your order if it is absolutely essential, unless you specifically request not to be contacted in such cases as well. You should be aware that if we are unable to contact you about your order due to such a request, we may be unable to fulfil your order.

Retention of your Data:
We will only keep your data for as long as is necessary for providing you with the services we offer, and to adhere to legal requirements. When deciding how long to retain your information, we will look at the type of information, what it is used for, and what legal requirements there are.

Your Rights:
You have certain rights under GDPR in relation to the data we hold about you. This can include, amongst others, the right to get a copy of this information, correcting it or deleting it. Detailed information can be found on the ICO’s website at
If you are unhappy with the way your information is being used, you should in the first instance contact us and we will do our best to resolve it. If we are not able to resolve this to your satisfaction, you have the right to put your complaint to the ICO.

Transfer of Data:
We do not sell any of your personal data to anyone. Except in the case of a sale of the business or assets of ThreadPepper Ltd or its trading companies (in which case you will be notified and given the opportunity to unsubscribe), your personal details will never be sold to third parties, unless agreed or requested by you or required by law.

We use cookies on our website to enable online shopping and provide a better experience online for our customers. Cookies may be used to track and store online ordering information, to retain information you have previously entered on the site, or in the use of 3rd party applications, used to improve your experience on the site and to provide more relevant advertising on this and other websites. For more information on the types of cookies we use and how they are used, please see our Cookie Policy.


ThreadPepper Ltd ("ThreadPepper"): Registered in England No. 11365727. Data Protection Registration No. ZA559696.