privacy policy

This notice sets out how and why we (Ginger & May) collect, handle and share your personal data. We may update this policy from time to time by updating this page.


Ginger & May is an online retail business based in the UK and for the purposes of data protection law we are the “data controller” when you browse our website, shop with us online, contact us or subscribe to our newsletter.


The data we have about you comes from several sources:

Directly from you…
for example, when you:

- register (create an account) on our website

- place an order on our website

- submit a comment or review

- contact us - via the website, by email, in writing or by phone

- engage with us on social media

- engage with us and provide your details at an event

- subscribe to our newsletter

- enter competitions we are running or involved in

- complete a survey or answer questions we pose

From someone making a purchase on your behalf…
if someone else makes a purchase on your behalf or as a gift for you they may provide us with your name and address for delivery. If you supply another person’s details please ensure they are happy for you to do so.

From other companies…
we may receive data about you from other companies if they have your permission to share it. For example, if you enter a competition and agree to having your personal information shared with us e.g. for marketing purposes or for us to send a prize to you.

Via technology…
as you engage with our website, open our newsletters or interact with our adverts (including those on third party websites) your interaction may be tracked using automated technologies such as cookies. There is more information on our use of cookies below.

There are several reasons why we collect personal data, which includes personal information and contact details, transaction data, usage data, your comments, reviews and preferences, and technical data:

To fulfil an order we collect transaction data (e.g. details of the products, price, date) in addition to personal information and contact details:

- name

- email address

- billing address

- the shipping name and address

- telephone number

To register an account on our website we collect your:

- name

- address

- email address

- user name

- password

To keep you informed of news and offers by email, with your consent, we collect your:

- name

- email address

To better understand our audience and to plan and review the effectiveness of advertising and marketing activities, and to tailor the mailings we send to you we may ask questions which are optional to answer. These may include:

- the age and gender of your children

- your relationship to children you shop for (e.g. parent, grandparent, family friend)

- your gender

- your age

- your income bracket

- the names of other stores in which you like to shop

- the names of blogs, magazines or publications you like to read

- the method by which you heard about or found the Ginger & May website

To track and analyse use of our website our systems gather a range of technical data, for example:

- internet protocol (IP) address

- device type

- browser type and version

- time-zone setting and location

- browser plug-in types and version

- operating system and platform and other technology on the devices you use to access our website.

Payment processing
We use PayPal to process payments and, when making your payment, PayPal will collect your credit or debit card details and/or collect and store information required to create a PayPal account if you choose to do so. Ginger & May does not separately receive, collect or store your card or bank details. We also recommend you read PayPal's Privacy Policy which can be accessed by clicking here. Payment confirmation emails will come from PayPal.


We use this information to:

- enable you to create an account on our website if you wish

- process your order, confirm it to you and arrange its delivery

- contact you if we have questions or information about your order

- request a review of your purchase or of our website

- respond to enquiries from you

- keep records to enable us to process refunds or exchanges

- keep records for statistical, analytical and accounting purposes

- send you our newsletter or other information, if you have requested this

- tailor our newsletter or marketing information so that it may be more relevant to you

- deliver relevant adverts to you via your browser and social media (re-targeting)*

- review our business and make informed decisions in relation to marketing, direction and growth

*we do not currently use behavioural remarketing (re-targeting) but will likely do so in the future and therefore include it here. Further information is given below.


Like most e-commerce businesses, we use trusted third-party services to help us manage our business effectively and these relationships require relevant elements of customer data to be shared in order for the service to be provided.  We use the services of third-party companies for the following purposes:

- payment processing

- parcel delivery, including via courier or directly from a designer or manufacturer

- advertising and marketing, including email marketing, and social media management

- managing product and site reviews

- record keeping and accounts

- website development, hosting and server storage

- email hosting

- analytics

- running competitions

- affiliate marketing

The companies with which we have third-party relationships include (but are not limited to): Affiliate Window, Buffer, Facebook, Full Phat Design, Google +, Google Ads, Google Analytics, Hermes, Hootsuite, Instagram, Interparcel, Kashflow, Later, LCN, Linkshare, Mailchimp, Parcelforce, PayPal, Pinterest, Tradedoubler, Twitter, UPS and Yotpo.

We work with companies only where we are confident that data will be securely used and stored only for the purposes of fulfilling their service to us.

The General Data Protection Regulations has special rules for the transfer of personal data outside of the European Economic Area (EEA), in that such transfers should only take place where the EU Commission agrees the country concerned has adequate protection for the rights and freedoms of individuals or, if the data transfer is to the USA, where the company is a member of the EU-US Privacy Shield. Some of the companies we work with involve transfer of data outside the EEA: to Canada, a country with adequate protection status, and to the USA where the companies are members of the EU-US Privacy Shield.

Behavioural remarketing (re-targeting)
This type of marketing uses cookies to inform and serve adverts based on your past visits to a store (e.g. to show you an ad related to a product you’ve looked at on a website). At the current time we do not use this type of marketing but will likely do so in future and will update this policy at the time. This marketing would be undertaken, for example, using Facebook/Instagram, Pinterest and Google. You can opt out of interest-based ads with these companies and will find details on how to do this on their websites.


Every business is required to have and set out the lawful grounds on which the collection and sharing of personal data is based. Ours are as follows:

- Contract: The collecting of personal data is necessary for us to be able to fulfil the “contract” you request by creating an account or place an order, or "pre-contract" because you have asked for some information so that you may decide whether to place an order or register an account.

- Consent: For our marketing mailings (newsletter) we require your consent. You may withdraw your consent at any time (“unsubscribe” information is provided in every mailing). We do not currently send marketing mailings by post or text and if introduced would require your explicit consent to do so.

- Legitimate interests: We may use or share your data to pursue our legitimate interests in a way that might reasonably be expected as part of running a retail business, where your interests, rights and freedoms do not override these. For example, we use your personal and contact information to request a review of your purchase. We may use your purchase history or the information you provide (directly or through your usage of our website) to make relevant or personalised offers, or to target advertising on websites and social media. We may also aggregate usage and technical data to identify trends or analyse engagement with our website or marketing activities, and to review or improve our services. We may use your contact information to notify you of important changes to our business (where these are not marketing mailings), e.g. an update to this Privacy Policy.

- Legal compliance: We may use or share your data where we are required to comply with a legal or regulatory obligation, for example in providing information to the police or in keeping records for accounting and tax compliance.

We will keep your data only for as long as it is necessary to fulfil the means for which it was collected and to fulfil the necessary requirements of our business. In practice this means:

- data collected at the time of placing an order will be kept for 7 years, initially to fulfil the order and deal with any refunds, enquiries or product recalls relating to it, and beyond this for accounting and tax purposes. At this point, the record of your order will be deleted or anonymised (so that it can continue to be used for statistical analysis but not to identify you).

- if you have created an account this will remain active until such point as you ask us to delete it.

- emails sent to and from us are deleted after 1 year.

- if you have consented to receive our newsletter we will keep your name and email address on our distribution list for only as long as you wish to continue receiving mailings. When you unsubscribe your information will be deleted from our list. There is an unsubscribe link in every email we send.



You have a number of rights in relation to your personal data. More information on these can be found on the Information Commissioner’s Office (ICO) website. In brief, these are:

- The right to be informed: which we do by issuing this Privacy Policy and in presenting it at relevant points in your engagement with us, e.g. as you create an account or place an order.

- The right of access: you may request a copy of the data we hold about you and we will provide this free of charge within one month.

- The right to rectification: if you think there are inaccuracies in the data we hold or if it is incomplete or out-of-date and you would like it changed, you can log-in to your account and update the details or request that we do so.

- The right to erasure: otherwise known as the right to be “forgotten”, this means you can ask, in certain circumstances, to have your data deleted.

- The right to restrict processing: in certain circumstances you can request the restriction or suppression of your personal data which means we would be able to store it but not use it.

- The right to data portability: in certain circumstances you can request that we transmit your data to another data controller.

- The right to object: in certain circumstances you can object to the processing of your personal data for our legitimate interests. You have an absolute right to stop your data being used for direct marketing which you can do at any time by withdrawing your consent by using the unsubscribe link included in our emails, or by contacting us directly.

- Rights in relations to automated decision making and profiling: we don’t do this.

What cookies are…
Almost all websites use cookies in some way or another and they are incredibly useful, allowing websites to work in the way we have all come to expect, with personalisation and rich interactive functionality. Akin to a short term memory for the web, cookies are small text files which are stored on your computer, phone or tablet and enable a website to “remember” information about your browsing or shopping visits.

Why we use them…
Some cookies allow the basic functions of our website to perform, for example by setting the language and storing items in the shopping cart whilst you browse the site and complete your order. Others allow it to “remember” your preferences, registration details or cart contents for a future visits.

Why we allow other sites to place cookies…
Cookies are used to provide helpful tracking information such as the number of visitors to our site, what device and browser they are using, how they reached us (e.g. via a search engine, via an ad, via social media etc), the pages that have been visited, the average time spend on the website and so on. We monitor this information through Google Analytics. It is all anonymous so we know someone visited our site but not who.

Like many retailers, by tracking your browsing and actions on our website, cookies can also help us with marketing, for example, they would allow for you to be shown relevant adverts such as products you have shown an interest in or related items (known as behavioural marketing or re-targeting). We use Google and Facebook (including Instagram) for advertising and although currently do not cookie placement for re-targeting marketing we may do so in the future.

We use a third party, Yotpo, to request a review after a purchase has been made, and they have placed a cookie on our website to enable the flow of information required for this.

Don’t want cookies?
If you wish to disable cookies you can do so by changing the settings of your internet browser, but this will affect the functions and usability of our website and your experience of it.

Want more information about cookies?

You can find out more about cookies at

You can make choices about behavioural advertising on

Our website contains links to other websites. This Privacy Policy applies only to this website and so when you click a link to another website you may wish to read their Privacy Policy.


Whilst we retail products for children, our website is not intended to be used by children and we therefore do not knowingly collect any personally identifiable information from children. If you become aware that a child has provided us with personal data please contact us and we will remove it.


In order to prevent unauthorised access or disclosure of your personal information, we have in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.  

Our website is hosted on a secure server which uses 256-bit SSL encryption to protect the personal information you provide to register, log-in, order from or otherwise interact with the website. Data shared with third-party services is held in secure cloud-based environments. We do not hold any customer data on local PCs or local storage devices, and paper copies of records are securely stored. As stated above, all card transactions and payments are handled by PayPal's secure processing system and no card or bank details are received, collected or stored by Ginger & May. To be taken to PayPal's website for further information on their security please click here. 

Having said this, you will be aware that no data transmission over the internet or stored on servers is guaranteed to be totally secure or free from the risks of using the internet.

If you register with the website you are responsible for ensuring that your password and account remain confidential and we shall not be liable for any inconvenience or loss that arises as a result of your failure to do so. You can modify the details held on your account or subscribe/unsubscribe to the newsletter by going to My Account and following the relevant links. If you wish to have your account deleted from our database please contact us and we will do this for you without delay.


You can contact us by:

- using the contact us page on our website

- email to

- phone on 01929 792801

- writing to us at our correspondence address: Ginger & May, 2 The Longhouse, Peveril Road, Swanage, Dorset, BH19 2DQ.


If you have any concerns or complaints about the way we handle your data please contact us in the first instance with details to

If you are not satisfied with the outcome, you may wish to contact the Information Commission’s Office (ICO) online via


Last updated: 24 May 2018