Privacy Policy 🔒

How we collect, use and protect your personal data.

1. Introduction

This Privacy Policy explains how TANTAN ENTERPRISES LIMITED ("we", "us", "our") collects, uses, stores and protects your personal data when you visit our website at tantan.uk or place an order with us. We are a United Kingdom-based company and we are committed to protecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. By using our website you acknowledge that you have read and understood this policy.

2. What Data We Collect

When you browse our website or place an order, we may collect the following personal data:

  • Full name — to identify you and personalise your experience.
  • Email address — to send order confirmations, dispatch updates and respond to enquiries.
  • Phone number — to contact you regarding your order or delivery if needed.
  • Delivery address — to ship your order to the correct location.
  • Payment information — card details and billing information processed securely by Stripe. We do not store your full card number on our servers.
  • Order history — details of products you have purchased, order totals and transaction references.
  • Device and browsing data — IP address, browser type, pages visited and referral source, collected via cookies and analytics.

3. How We Use Your Data

We use the personal data we collect for the following purposes:

  • Order processing — to process and fulfil your orders, including payment verification and fraud prevention.
  • Delivery — to arrange shipping and provide you with tracking information.
  • Communication — to send order confirmations, dispatch notifications, respond to your questions and provide customer support.
  • Improving our service — to analyse how our website is used so we can enhance the user experience, product range and overall service quality.
  • Legal compliance — to meet our legal and regulatory obligations, including tax and accounting requirements.

4. Legal Basis for Processing (GDPR)

Under the UK GDPR, we rely on the following lawful bases to process your personal data:

  • Contract performance — processing is necessary to fulfil the contract we have with you when you place an order (e.g. taking payment, arranging delivery).
  • Legitimate interests — we may process your data where it is in our legitimate business interests, such as improving our products and services, preventing fraud and ensuring website security.
  • Consent — where you have given clear consent for us to process your personal data for a specific purpose, such as subscribing to marketing communications. You may withdraw consent at any time by contacting us.
  • Legal obligation — we may process your data to comply with a legal obligation, such as keeping financial records for tax purposes.

5. Third-Party Services

We share your personal data with trusted third-party service providers who assist us in operating our business. These providers only process your data on our behalf and in accordance with our instructions:

  • Firebase / Google Cloud — we use Firebase (a Google Cloud service) to securely store order data, manage real-time database synchronisation and host backend functions. Google Cloud complies with GDPR and maintains robust data protection standards. For more information, see Google's privacy documentation.
  • Stripe — we use Stripe to process all payments securely. Stripe is PCI DSS Level 1 certified, the highest level of certification in the payments industry. Your card details are sent directly to Stripe and are never stored on our servers. For more information, see Stripe's privacy policy.
  • Royal Mail — we share your name and delivery address with Royal Mail to fulfil shipping. Royal Mail processes this data solely for the purpose of delivering your order. For more information, see Royal Mail's privacy notice.

We do not sell, rent or trade your personal data to any third parties for marketing purposes.

6. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:

  • Order data — we keep records of your orders for up to 6 years after the date of purchase to comply with UK tax and accounting regulations (HMRC requirements).
  • Account and contact data — retained for as long as you remain a customer or until you request deletion, whichever comes first.
  • Communication records — customer service correspondence is retained for up to 2 years to help resolve any ongoing or future queries.

Once the retention period expires, your data is securely deleted or anonymised.

7. Your Rights Under GDPR

Under the UK GDPR, you have the following rights regarding your personal data:

  • Right of access — you can request a copy of the personal data we hold about you.
  • Right to rectification — you can ask us to correct any inaccurate or incomplete data.
  • Right to erasure — you can request that we delete your personal data, subject to any legal obligations we may have to retain it.
  • Right to data portability — you can request your data in a structured, commonly used and machine-readable format.
  • Right to object — you can object to the processing of your data where we rely on legitimate interests as the legal basis.
  • Right to restrict processing — you can ask us to limit how we use your data in certain circumstances.
  • Right to withdraw consent — where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us using the details in Section 11 below. We will respond to your request within one month. If you are not satisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

8. Cookies

Our website uses cookies to enhance your browsing experience, remember your basket contents and analyse site traffic. Cookies are small text files placed on your device when you visit our site. We use both essential cookies (required for the website to function) and analytical cookies (to understand how visitors use the site). You can manage your cookie preferences through your browser settings at any time. For full details on the cookies we use and how to control them, please see our Cookie Policy.

9. Data Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, alteration, disclosure or destruction:

  • Encryption — all data transmitted between your browser and our website is encrypted using SSL/TLS (HTTPS).
  • Secure storage — order data is stored in Firebase/Google Cloud infrastructure, which provides enterprise-grade security including encryption at rest and in transit.
  • PCI compliance — all payment processing is handled by Stripe, which is PCI DSS Level 1 certified. Your card details never touch our servers.
  • Access controls — access to personal data is restricted to authorised personnel only, on a need-to-know basis.

While we strive to protect your personal data, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but we are committed to maintaining the highest standards practicable.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology or legal requirements. Any updates will be posted on this page with a revised "Last updated" date. We encourage you to review this page periodically to stay informed about how we protect your data. Where changes are significant, we will make reasonable efforts to notify you, for example by placing a notice on our website.

11. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data rights or need to raise a concern about how your personal data is being handled, please get in touch:

Last updated: 24 February 2026

Join our group Chat with us