Privacy Policy

Last updated: 12/10/2025

1. Introduction

This Privacy Policy explains how B & J Crowther Ltd (“we”, “us”, or “our”) collects, uses, and protects your personal data when you visit our website http://www.tuffonhall.co.uk (the “Website”).

We are committed to safeguarding the privacy of our visitors and customers and to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data controller

The data controller for the purposes of this policy is:

B & J Crowther Ltd
Graves Hall, Graves Hall Road, Sible Hedingham, CO9 3LL
info@tuffonhall.co.uk

3. Personal data we collect

We may collect, store, and use the following categories of personal data:

  • Contact Data: name, email address, telephone number, and postal address.
  • Transaction Data: details of purchases and payments processed through our Website.
  • Marketing Data: your preferences for receiving marketing communications.
  • Technical Data: your IP address, browser type and version, time zone setting, and other technology on the devices you use to access the Website.
  • Usage Data: information about how you use our Website, including cookies and analytics data.

We do not intentionally collect any special category or sensitive personal data.

4. How we collect data

We collect data in the following ways:

From third parties: such as payment processors (Stripe, PayPal) and email marketing services (Mailchimp).

Directly from you: when you complete forms on our Website (e.g. contact forms, newsletter sign-ups, or checkout forms).

Automatically: via cookies and analytics tools when you use our Website.

5. Purposes and lawful bases for processing

We process personal data only where we have a lawful basis under UK data protection law. These include:

PurposeLawful basis
To process and fulfil orders, and manage paymentsPerformance of a contract
To respond to enquiries and provide customer supportLegitimate interests
To send marketing communications (if you have opted in)Consent
To administer and improve the Website (including analytics)Legitimate interests
To comply with legal and tax obligationsLegal obligation

You may withdraw your consent at any time by contacting us using the details below or using the unsubscribe link in our marketing emails.

6. Disclosure of personal data

We may share your personal data with the following categories of recipients:

  • Service providers acting as processors, including:
    • Mailchimp (email marketing)
    • WooCommerce (e-commerce platform)
    • Stripe and PayPal (payment processing)
    • Google Analytics and Meta (website analytics and advertising)
  • Professional advisers, including accountants, auditors, and legal consultants.
  • Authorities, where required by law or to protect our legal rights.

All third parties are required to protect your personal data and process it in accordance with applicable law.

7. International transfers

Some of our service providers (such as WordPress, WooCommerce, Mailchimp and Meta) may transfer personal data outside the UK.

8. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying legal, accounting, or reporting requirements.

In general:

  • Contact and transaction data are retained for six years after your last interaction for tax and record-keeping purposes.
  • Marketing data are retained until you withdraw consent.

9. Data security

We implement appropriate technical and organisational measures to prevent personal data from being accidentally lost, used, or accessed in an unauthorised way.

Our Website is built on the WordPress platform and uses WooCommerce for e-commerce functionality. These systems may process limited personal data (such as customer details and order information) to enable secure transactions and account management.

All data transferred through our Website is encrypted via SSL (Secure Socket Layer) technology, and stored within secure servers managed by our hosting provider.

Access to personal data is restricted to those employees, contractors, and service providers who require it for legitimate business purposes. They are subject to confidentiality obligations and must process data in accordance with this Privacy Policy and applicable data protection laws.

10. Your rights

Under data protection law, you have the following rights:

  • The right to access a copy of your personal data.
  • The right to rectification of inaccurate data.
  • The right to erasure (“right to be forgotten”).
  • The right to restrict processing.
  • The right to object to processing (including direct marketing).
  • The right to data portability.

To exercise any of these rights, please contact us using the details below.

11. Cookies

Our Website uses cookies and similar technologies to enhance user experience and analyse traffic.

You can control cookie preferences through your browser settings or via our cookie consent banner.

12. Marketing communications

If you subscribe to our newsletter or marketing emails, we may use Mailchimp to deliver communications.

You can unsubscribe at any time by clicking the link in any email or by contacting us directly.

13. Changes to this policy

We may update this Privacy Policy from time to time by posting a new version on our Website.

Please check this page occasionally to ensure you are happy with any changes.

14. Contact us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact:

B & J Crowther Ltd
Graves Hall, Graves Hall Road, Sible Hedingham, CO9 3LL
info@tuffonhall.co.uk