Privacy Policy

Cottage Box Privacy Policy


This privacy notice describes how Cottage Box Ltd (“We”) collect and use the personal information of our customers in accordance with the General Data Protection Regulation (GDPR) and other relevant legislation.

To give you the best possible experience we need to gather data. We want to be transparent about why we need the personal details we request when you engage with us and how we will use them.

We will protect the privacy and security of your personal information and will always take all reasonable steps within our power to keep your information safe.

Please read this policy carefully, along with our Terms and Conditions and any other documents referred to within this notice to understand how we collect, why we use, and how we store your personal information.

By providing us with your personal information, you consent to the collection and use of any information you provide in accordance with this privacy policy.


Data protection principles

We comply with the principles of data protection law. This says that the personal information we hold about you must be:

Used lawfully, fairly and in a transparent way.

Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.

Relevant to the purposes we have told you about and limited only to those purposes.

Accurate and kept up to date.

Kept only as long as necessary for the purposes we have told you about.

Kept securely.

For the purpose of the General Data Protection Regulations (GDPR) the data controller is Cottage Box Ltd.


What personal data we may collect about you

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). There are “special categories” of more sensitive personal data which require a higher level of protection.

We collect information every time you interact with us. The information we may collect from these interactions may include, but is not limited to:


Information you give to us

By filling in forms on our site ( or sites we control

By corresponding with us by phone, email, in person or otherwise

By placing orders on our site

By responding to one of our mailings

The information we collect may include: Your name, address, email address, telephone number, shopping preferences including products, dietary (vegetarian, vegan)

Information we collect when you interact with our site or app

By filling in forms on our site ( or sites we control

By corresponding with us by phone, email, in person or otherwise

By placing orders on our site

By responding to one of our mailings

When you participate in social media functions (e.g. comment, share or review stories, products or blogs).


When you report a problem with our site or app

The information we collect may include: Your internet protocol (IP) address, browser type and version details, time zone settings, browser plug-in types and version, your operating system and platform, the pages you visit, for how long and the actions you perform, page response times, your browser cookies (see how we use cookies), your shopping preferences and other areas of interest to you.


Information we receive from other sources

If you consent to hear from Cottage Box on other sites

The information we collect may include: Your name, address, email address, telephone number,


Legal basis we rely on to collect information

The law on data protection sets out a number of different reasons for which a company may collect and process your personal data, including:

To fulfil a service: We use your information to execute contracts or services that you have entered into. This includes communications relating to your order, deliveries and payments via phone, email and SMS (for example to let you know if a delivery is delayed or payment has failed).

When you consent: We may use your personal information and order history to tell you about relevant products, events, competitions and news. For example, when you sign up to a newsletter or tell us you want to hear from us by completing your preferences. You can ask us to stop sending you marketing messages by contacting us at any time. If you change your mind you can update your choices at any time by logging into your account or contacting us.

If we have legitimate interest: The GDPR defines legitimate interest as a reasonable business or commercial interest for processing your personal information. For example, sending a direct mail when a product you previously ordered is back in season, improving the service we provide or to follow our ethical and environmental ethos.


How we use your information

By understanding our customers, trends and behaviours, we can provide better and more relevant service.

If you wish to change how we use your data, you’ll find details in the ‘What are my rights?’ section below. Remember, if you choose not to share your personal data with us, or refuse certain contact permissions, we might not be able to provide some services you have asked for.


What we use your data for and the legal basis which applies


To process your orders and services requested from us

To respond to your queries, complaints, or refund requests

To keep a record of your relationship with us and your information up to date

To process payments

To let you know when you have an unconfirmed order in your basket.

To let you know about changes to your order or deliveries

To let you know about changes to our service

Legitimate interest

To protect our website and our customers (eg to investigate phishing or fraudulent activity)

To exclude you from online advertising and avoid unnecessary spend on marketing

To develop and improve our systems (eg pages you visit to investigate any problems you encounter with our site)

To send you requests for feedback via surveys to help improve our service

To build a picture of who are current customers are and what they like, to inform our business decisions

To ensure the content on our site or app is presented effectively for your device and is secure

To measure and understand advertising effectiveness through research and analysis


Where we keep your information

The data that we collect from you is stored within the European Economic Area (“EEA”). We take all reasonable steps necessary to ensure that your data is treated securely and in accordance with this privacy policy.

All transactions and communication between your browser and our website are encrypted using the Transport Layer Security (TLS) protocol which is standard in modern web browsers.

From time to time, our website may contain links to third party websites. If you follow a link to any of these websites, please note that they will have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.


How long we keep your data for

We will hold your personal information on our system for as long as is necessary for the processing of our contractual obligations with you and for occasional marketing related purposes.


Your rights and how to activate your rights

To ask us not to process your data for marketing purposes, to ask us to erase all the personal information we hold about you, to request access to all the information we hold about you;


The GDPR requires us to act upon the request within one month of receipt.

This policy was last updated on 5th April 2021.

Any changes we may make to our privacy policy in the future will be posted on this page.  Please check back frequently to see any updates or changes to our privacy policy.