Privacy Policy
Last updated: 21 August 2025
Summary
This Privacy Policy explains what personal information we collect, how and why we use it, who we share it with, how long we keep it, and the rights you have under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2) Scope of this policy
This policy applies when you visit totote.uk, place an order, create an account, contact us, engage with our marketing, or interact with us on social media, and to any website that links to it.
3) Personal information we collect
We collect information you provide directly and information collected automatically when you use our website.
Information you provide: names, email addresses, telephone numbers, billing and delivery addresses, account log‑in details, order details, communications and support tickets, marketing preferences, product reviews.
Payment information: payments are processed by our payment providers; we do not store full card numbers. Providers include WooPayments/Stripe, PayPal and Apple Pay. See their privacy notices at https://stripe.com/gb/privacy and https://www.paypal.com/uk/legalhub/paypal/privacy-full.
Social logins: if you choose to register using a social account (e.g., Google), we receive basic profile details as permitted by your settings.
Automatically collected data: IP address, device identifiers, browser type, pages viewed, time stamps, referrers, approximate location, and cookie identifiers. See our Cookie Policy: https://totote.uk/cookie-policy-uk/
Data from other sources: we may receive updates from advertising/analytics partners, social media platforms and delivery partners, to improve security, fraud prevention and customer experience.
4) How and why we use your information (legal bases)
We process personal information only where we have a lawful basis. The main purposes and legal bases are:
- Provide the website, take and fulfil orders, deliver goods, process payments, manage your account and provide customer support — performance of a contract and legitimate interests.
- Send service messages (order updates, policy changes) — performance of a contract / legal obligation.
- Prevent fraud, secure our services, diagnose issues — legitimate interests.
- Marketing by email/SMS (where you opt‑in, or under the ‘soft opt‑in’ for similar products to existing customers) — consent or legitimate interests (you can opt out at any time).
- Analytics, preference cookies and advertising cookies — consent, managed via our cookie banner (Complianz).
- Record keeping for tax/accounting and to comply with laws — legal obligation.
Where we rely on consent, you can withdraw it at any time using the links in messages or by contacting us.
5) Who we share information with
We use carefully selected processors who act on our instructions and implement appropriate security measures. Categories include:
- Hosting and infrastructure (e.g., Hostinger, WordPress.com);
- Ecommerce platform and plugins (WooCommerce, WordPress);
- Payments (WooPayments/Stripe, PayPal, Apple Pay);
- Analytics/advertising (Google Analytics, Google Ads/AdSense, YouTube embeds, Instagram advertising);
- Communications and live chat (Chaty);
- Couriers and delivery partners to deliver your order:
[Royal Mail / Evri]
We may also disclose information where required by law, to establish or defend legal claims, or in connection with a business transfer.
6) International transfers
Some partners may process data outside the UK/EEA. Where this occurs, we rely on an adequacy decision (where available) or put in place appropriate safeguards such as the UK International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses, together with technical and organisational measures.
7) How long we keep information
We keep information only for as long as necessary for the purposes described:
- Orders and transaction records: generally 6 years for tax/accounting;
- Customer support records: up to 2 years after last contact;
- Marketing preferences: until you opt out;
- Website logs and analytics data: typically 12–24 months;
- Account data: until the account is closed, plus a short period to administer closure and comply with law.
If we cannot immediately delete data (e.g., backups), we will securely store and restrict access until deletion is possible.
8) Security
We implement appropriate technical and organisational measures designed to protect personal information. However, no method of transmission or storage is completely secure; use of the website is at your own risk.
9) Children
We do not knowingly collect or market to anyone under 18. If you believe a child has provided personal data, contact us and we will delete it.
10) Your rights
Under UK GDPR you have rights to access, rectify, erase, restrict or object to processing, and to data portability, and not to be subject to decisions based solely on automated processing where that produces legal or similar effects. You also have the right to withdraw consent at any time.
To exercise your rights, email [email protected]. We may need to verify your identity. We aim to respond within one month.
11) Complaints
If you are unhappy with how we handle your data, please contact us first so we can try to resolve it. You also have the right to complain to the UK Information Commissioner’s Office (ICO): https://ico.org.uk, Tel: 0303 123 1113.
12) Cookies and Do‑Not‑Track
We use cookies and similar technologies as explained in our Cookie Policy (Complianz). You can manage your preferences or withdraw consent at any time via the cookie banner. Most browsers also let you control cookies. We do not currently respond to browser DNT signals.
13) Social logins
If you choose to register or log in using a social media account, we receive basic profile information as permitted by your settings. We use this only for account creation/authentication and as otherwise described in this policy.
14) Changes to this policy
We may update this policy from time to time. The latest version will always be posted here with a new ‘Last updated’ date, and, where appropriate, we will notify you by email.
15) Contact us
Email: [email protected]
Telephone: +44 7353 784483
[CONTACT PHONE — to be confirmed]
Postal address:
[POSTAL ADDRESS LINE 1, CITY, POSTCODE — to be confirmed]