As you probably know by now, ethical business practices are at the heart of everything we do at ToyDrop. So is transparency.

That’s why we’ve written this page in plain English, offering a clear, transparent and easily digestible view of our policies that cover data privacy and protection. Consider it our promise to customers, suppliers and the community in general. Enjoy! 


  • CONTACT DETAILS: When you subscribe to our mailing list, we’ll ask for some standard contact details, like your name and email address. This is so we can keep you updated with products, services and news we think you might like.
  • CORRESPONDENCE: If you get in touch with us with any suggestions, enquiries or complaints, we’ll keep it on file to refer to in the future. We’re still a fledgling start-up so your thoughts could really help us improve things for everyone involved.
  • We also generate log files from various servers: this will include an IP address assigned to you or, more likely, the location you’re viewing the site from.
  • Our website also uses cookies to tell you apart from other visitors and give you a better service (unless you’ve disabled them in your browser settings). These cookies also help us to improve the ToyDrop offering.
  • These cookies don’t hold any personal information at all and are just used for improving the experience for you guys. It’s worth noting, however, that they’re not all created by us. You can read more about these third parties below:
    • GOOGLE ANALYTICS: This tool is provided by Google and collects information about how (anonymous) people use our sight. Data such as how many visitors we’ve had, what country they’re in, the page they came from and the pages they’ve viewed help us to improve the site. It’s quite interesting really so if you fancy reading up on it, Google have more details about how it works here.
    • TECHNICAL DATA: We’ll also use this kind of anonymous data to help tighten security if necessary or, more likely, work out which products are most popular and whether particular events are increasing traffic. This can help us plan our sales strategy slightly better. Legally (and we hope you’ll agree) this is a legitimate thing for a business to do.    



  • To be honest, we’re too small to have anything more than one laptop, one iPad and an iPhone. They’re all password (and in the case of the iPad & iPhone, fingerprint) protected.
  • The laptop runs ClamXAV, a trusted anti-virus and malware scanner, which is constantly running in the background.
  • As a one-(wo)man band, only me, the founder, has access to this hardware.
  • All our online software and web tools are password protected.



  • All of the data mentioned above is held throughout our relationship with you, plus seven years (unless you tell us otherwise) or as long as we are legally obliged to do so.



  • In short, yes. Some of them are even based outside the EU. They all have adequate agreements with the EU to protect your data though, and you can read more about them all here:
    • WORDPRESS: Like many of your favourite websites, ToyDrop runs on the WordPress platform, which holds all your data securely for us. As an American company, it means your data will be transferred to the United States through their Privacy Shield  You can read their privacy policy here.
    • MAILCHIMP: We keep all the email addresses in our mailing list safe in Mailchimp, a service provider who take privacy very seriously. You can read their policy here.
    • VIRGIN MEDIA: Our broadband provider, may also see your email address if you contact us. We doubt you’ll ever need to send anything super classified but if you do, you can encrypt it, which will erase the content for anyone but us.
    • YOUR DATA AND THE EEA: We don’t plan on transferring or processing your data outside of Europe. If we ever need to – perhaps to a supplier further afield who will send a prize or product directly to you – we’ll ask you for consent.
    • The exception to this is when we leave the EEA for business or even a holiday. To keep ToyDrop going while we’re away, we’ll be checking in from time to time, answering emails and monitoring comments as best we can.



You have loads of rights in respect of our processing of your personal data. The relevant rights are:

  • Request a copy of your personal data and information about our processing of it
  • Request that we delete information on you if we do not need to hold it
  • Request that we correct any personal data that we hold on you
  • Request that we stop processing your data, although we can still hold it

If you want to exercise any of them, just get in touch.

You also have the right to lodge a complaint about our processing with a supervisory authority such as the UK’s Information Commissioner’s Office.



Of course. If you have any questions about your data or anything you can’t see here, just email me, Anna Whitaker, at