Privacy Policy – T2T SIMPLE LTD

Your privacy is not just a legal obligation for us – it is a fundamental part of how we do business at T2T SIMPLE LTD. When you visit our website, t2tsimple.com , or make a purchase from us, you trust us with certain personal information. We take that trust extremely seriously. This Privacy Policy explains what information we collect, why we collect it, how we use it, who we share it with, and what rights you have over your own data.

Please read this policy carefully. By accessing or using our Site, or by providing us with your personal information, you acknowledge that you have read and understood this Privacy Policy and agree to its terms. If you do not agree, please do not use our Site or provide us with your information.

We are committed to complying with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) , the EU GDPR (for our European customers), and the California Consumer Privacy Act (CCPA) for residents of California, USA. We also follow general privacy best practices for all our customers worldwide.

Our registered office is at: 27 Old Gloucester Street, LONDON WC1N 3AX, UNITED KINGDOM. You can contact us regarding privacy matters via email at marga.trading.amz@gmail.com or by phone at Phone: +84 0585824143.

1. Who We Are and Our Role as Data Controller

T2T SIMPLE LTD (referred to as “we”, “us”, “our”, or the “Company”) is the data controller for the personal information you provide to us through our website, email communications, phone calls, and order processing. This means we are responsible for deciding how and why your personal information is processed, and we are accountable to you and to data protection authorities for complying with applicable privacy laws.

Our contact details for privacy inquiries:

Email: marga.trading.amz@gmail.com (please put “Privacy” in the subject line)
Phone: Phone: +84 0585824143
Postal address: 27 Old Gloucester Street, LONDON WC1N 3AX, UNITED KINGDOM

We do not have a designated Data Protection Officer (DPO) because we are a small business and not required to appoint one under UK GDPR. However, our management team oversees data protection compliance. If you have any privacy concerns, please contact us directly.

2. What Personal Information We Collect

“Personal information” is any information that can identify you as an individual, either on its own or combined with other information. We collect only the information necessary to provide our products and services, improve your experience, and comply with legal obligations.

Categories of Personal Information We Collect

Category	Examples	Do We Collect?
Identity Data	Full name, username (if you create an account), title (Mr/Ms etc.)	✅ Yes
Contact Data	Billing address, shipping address, email address, phone number	✅ Yes
Financial Data	Credit/debit card number, expiration date, CVV, payment method details	❌ No – processed directly by Stripe (we never see or store full card details)
Transaction Data	Products purchased, order date, order value, shipping status, return history	✅ Yes
Technical Data	IP address, browser type and version, time zone setting, browser plug-in types, operating system, device identifiers	✅ Yes (via cookies and server logs)
Profile Data	Your username and password (hashed), purchase history, preferences, feedback, survey responses	✅ Yes (if you create an account or provide feedback)
Usage Data	Information about how you use our website – pages viewed, links clicked, time spent, navigation paths	✅ Yes (via analytics tools)
Marketing & Communications Data	Your preferences for receiving marketing emails from us, your communication preferences, records of consent	✅ Yes (if you subscribe to our newsletter or opt in)
Customer Support Data	Records of your emails, phone calls, chat messages (if any), including any information you voluntarily provide when seeking help	✅ Yes

Sensitive Personal Information

We do not collect any “special categories” of personal information under GDPR (e.g., race, ethnicity, political opinions, religious beliefs, health data, biometric data, sexual orientation). Please do not provide such information to us voluntarily.

Information from Children

Our website and products are intended for adults over the age of 18. We do not knowingly collect personal information from anyone under 16. If we discover that we have inadvertently collected information from a child under 16, we will delete it immediately. Please contact us if you believe a child has provided us with personal information.

3. How We Collect Your Information

We collect personal information through the following methods:

Direct Interactions

You provide us with your information when you:

Create an account on our website.
Place an order (checkout process).
Subscribe to our email newsletter.
Request customer support (email, phone, or contact form).
Leave a product review or comment on our Site.
Participate in a survey, contest, or promotion.
Provide feedback or submit a complaint.

Automated Technologies (Cookies & Logs)

As you browse our Site, we automatically collect Technical Data and Usage Data using cookies, server logs, and similar tracking technologies. This includes your IP address, browser type, referring/exit pages, and clickstream data. See Section 6 (Cookies) for more details.

Third Parties (Limited)

We may receive your personal information from:

Stripe (payment processor) – Stripe provides us with transaction confirmation and the last 4 digits of your card, but never your full card number or CVV.
Shipping carriers (USPS, UPS, FedEx, DHL) – They provide us with delivery status updates and, in some cases, your phone number or email for delivery notifications (if you provided it to them directly).
Social media platforms – If you interact with our social media pages (Instagram, Facebook, Pinterest), we may see public information such as your username and comments. We do not collect private messages unless you send us a message and we need to respond.

We do not buy or rent personal information from data brokers.

4. Why We Collect Your Information (Legal Bases)

Under data protection laws, we must have a valid “legal basis” to process your personal information. For each use of your data, we rely on one of the following bases:

A. Performance of a Contract (Article 6(1)(b) GDPR)

We need your information to fulfill our contract with you – i.e., to process and deliver your order, handle returns, and provide customer service. Without this information, we cannot sell you products.

Examples: Collecting your name, address, email, phone number, and payment details (via Stripe) to ship your order and send order confirmations.

B. Legitimate Interests (Article 6(1)(f) GDPR)

We may process your information where it is necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms. Our legitimate interests include:

Improving our website, products, and customer experience.
Preventing fraud and securing our website.
Direct marketing (sending promotional emails to existing customers who have not opted out).
Analyzing usage data to understand customer preferences.
Responding to customer inquiries and resolving disputes.

You have the right to object to processing based on legitimate interests (see Section 11).

C. Consent (Article 6(1)(a) GDPR)

For certain activities, we ask for your explicit consent. You can withdraw your consent at any time.

Examples: Sending marketing emails to new subscribers (you must opt in); placing non-essential cookies on your device (cookie banner consent).

D. Legal Obligations (Article 6(1)(c) GDPR)

We may need to process your information to comply with laws and regulations, such as tax laws (retaining order records for a certain period), responding to lawful requests from law enforcement, or complying with court orders.

5. How We Use Your Information

Below is a table summarizing how we use your personal information, the legal bases we rely on, and our legitimate interests (where applicable).

Purpose	Type of Data Used	Legal Basis
Processing and fulfilling orders – including payment authorization (via Stripe), packing, shipping, sending order confirmations, shipping confirmations, and delivery updates.	Identity, Contact, Transaction	Performance of a contract
Managing returns, refunds, and exchanges – verifying eligibility, processing refunds via Stripe, communicating about return status.	Identity, Contact, Transaction	Performance of a contract
Customer support – answering your emails and phone calls, resolving issues, providing product information.	Identity, Contact, Transaction, Customer Support	Legitimate interests (to provide good customer service) and Performance of a contract
Sending marketing emails – newsletters, promotions, new product announcements (only if you have opted in or are an existing customer who has not opted out).	Identity, Contact, Marketing & Comms	Consent (for new subscribers); Legitimate interests (for existing customers who made a purchase)
Improving our website and products – analyzing usage data, testing different layouts, tracking conversion rates.	Technical, Usage	Legitimate interests (to improve our business and customer experience)
Fraud prevention and security – monitoring transactions for suspicious activity, using Stripe Radar, blocking malicious IP addresses.	Identity, Contact, Technical, Transaction	Legitimate interests (to protect our business and customers from fraud)
Legal compliance – responding to court orders, tax audits, or regulatory requests.	Identity, Contact, Transaction	Legal obligation
Internal record keeping – maintaining order history for warranty claims, returns, and accounting.	Identity, Contact, Transaction	Legal obligation (tax) and Legitimate interests

Marketing Communications – Your Choices

We respect your inbox. You will only receive marketing emails from us if:

You explicitly opted in by checking a box during account creation or checkout, or by signing up for our newsletter separately; OR
You are an existing customer who made a purchase within the last 12 months (we may send you occasional promotional offers for similar products under the legitimate interest basis, but you can opt out at any time).

Every marketing email we send contains an unsubscribe link at the bottom. Clicking it will immediately remove you from our mailing list. You can also email us at marga.trading.amz@gmail.com with “Unsubscribe” in the subject line.

We do not sell or rent your email address to third parties for their own marketing.

6. Cookies and Tracking Technologies

What Are Cookies?

Cookies are small text files that are placed on your computer, smartphone, or other device when you visit a website. They help the website remember your actions and preferences (such as login, language, font size, and other display preferences) over a period of time, so you do not have to keep re-entering them whenever you come back to the site or browse from one page to another.

What Cookies Do We Use?

We use the following categories of cookies on t2tsimple.com :

Cookie Category	Purpose	Are They Essential?	Do We Need Consent?
Strictly Necessary Cookies	Enable core functionality such as security, shopping cart, and checkout. The site cannot function properly without these.	Yes	No – these are exempt from consent requirements.
Performance / Analytics Cookies	Collect anonymous information about how visitors use our site (e.g., which pages are visited most often, if they receive error messages). We use Google Analytics for this.	No	Yes – we ask for your consent via cookie banner.
Functionality Cookies	Remember choices you make (e.g., language preference, region) to provide enhanced, more personal features.	No	Yes
Targeting / Advertising Cookies	Used to deliver advertisements relevant to you and your interests. They also limit the number of times you see an ad and help measure campaign effectiveness. We do not currently run third-party ads, so we do not use targeting cookies.	No	Not applicable (we do not use them)

Specific Cookies We Use

session_id (Strictly necessary) – Unique token for your session, allowing our site to remember your cart and login state.
cart_currency (Strictly necessary) – Stores your preferred currency (USD).
secure_customer_sig (Strictly necessary) – Used for customer authentication if you have an account.
_ga (Analytics – Google Analytics) – Registers a unique ID to generate statistical data on how the visitor uses the website.
_gid (Analytics – Google Analytics) – Also used for analytics, expires after 24 hours.
cookie_consent (Functionality) – Remembers that you have accepted or declined non-essential cookies so we do not show the banner repeatedly.

Your Cookie Choices

When you first visit our website, a cookie banner will appear asking you to accept or decline non-essential cookies (analytics and functionality). You can:

Accept all – We will place analytics and functionality cookies.
Decline – We will only place strictly necessary cookies. Your experience may be slightly degraded (e.g., we will not remember your preferences, and we will not collect analytics to improve the site).
Change your mind later – You can adjust your cookie preferences at any time by clicking the “Cookie Settings” link in the footer of our website. You can also clear cookies via your browser settings.

Disabling Cookies in Your Browser

Most browsers allow you to block all cookies, including strictly necessary ones. However, if you block all cookies, our shopping cart and checkout will not work, and you will not be able to place an order. We recommend only blocking third-party or non-essential cookies.

Browser instructions:

Chrome: Settings → Privacy and security → Cookies and other site data.
Safari: Preferences → Privacy → Block all cookies.
Firefox: Options → Privacy & Security → Cookies and Site Data.
Edge: Settings → Cookies and site permissions → Manage and delete cookies.

Google Analytics

We use Google Analytics to understand how visitors interact with our site. Google Analytics uses its own cookies. The information collected (including your IP address) is transmitted to Google and stored on servers in the United States. Google uses this information to evaluate your use of the website, compile reports, and provide other services. Google may transfer this information to third parties where required by law.

You can opt out of Google Analytics entirely by installing the Google Analytics Opt-out Browser Add-on (available at https://tools.google.com/dlpage/gaoptout).

7. How We Share Your Information (Third Parties)

We never sell your personal information to anyone. We only share your data with third parties when necessary to provide our services, comply with the law, or protect our rights. Below are the categories of recipients.

Service Providers (Processors)

These are companies that process data on our behalf, under our instructions, and only for the purposes described in this policy.

Third Party	What They Do	What Data Do They Receive?	Location
Stripe, Inc.	Payment processing – authorizing and capturing payments, handling refunds, fraud detection.	Your name, email, billing address, encrypted card details (we do not see full card). Stripe acts as a data controller for certain payment data and a processor for others. See Stripe’s privacy policy.	USA / Global
USPS, UPS, FedEx, DHL (carriers)	Shipping and delivery – printing labels, tracking, delivery notifications.	Your name, shipping address, phone number (if provided), email address (for tracking updates).	USA / respective countries
Shopify (if we use Shopify as platform – we may not, but for completeness)	E-commerce platform hosting – storing order data, product catalogs, customer accounts.	Identity, Contact, Transaction, Technical data.	Global (servers in USA)
Google Analytics	Website analytics – tracking usage, generating reports.	IP address (anonymized), browser type, pages visited, time on site.	USA
Email marketing platform (e.g., Mailchimp, Klaviyo – if used)	Sending newsletters and promotional emails.	Email address, name, subscription preferences.	USA / EU
Customer support software (e.g., Zendesk, Gmail)	Managing support tickets and email correspondence.	Your email address, name, order number, and any content you send.	USA / Global

We contractually require all service providers to maintain the confidentiality of your data and to use it only for the purposes we specify.

Legal and Regulatory Authorities

We may disclose your personal information if required to do so by law, such as in response to a subpoena, court order, or government request (e.g., law enforcement, tax authorities). We may also disclose information to protect our rights, property, or safety, or that of our customers or others.

Business Transfers

If T2T SIMPLE LTD is involved in a merger, acquisition, asset sale, or bankruptcy, your personal information may be transferred as part of that transaction. We will notify you via email or a prominent notice on our website before your data becomes subject to a different privacy policy.

No Other Sharing

We do not share your data with advertisers, data brokers, or any other third parties not listed above. We do not sell your personal information.

8. International Data Transfers

Our company is based in the United Kingdom. However, we use service providers (such as Stripe, Google, and shipping carriers) that may store or process your data in countries outside the UK and the European Economic Area (EEA), including the United States.

When we transfer your personal information internationally, we ensure appropriate safeguards are in place, such as:

Standard Contractual Clauses (SCCs) approved by the European Commission, which contractually obligate the recipient to protect your data to EU standards.
UK Addendum to the SCCs for transfers from the UK.
For US-based recipients that are certified under the EU-US Data Privacy Framework (or its successor), we rely on that certification.

You have the right to request a copy of these safeguards by contacting us.

Risks of International Transfers

While we take all reasonable steps to protect your data, please be aware that some countries may have data protection laws that are less stringent than those in your home country. By using our website and providing your information, you acknowledge this risk. We do not transfer your data to countries without adequate safeguards unless permitted by law.

9. Data Retention – How Long We Keep Your Information

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including for legal, accounting, or reporting requirements.

Specific Retention Periods

Type of Data	Retention Period
Order records (name, address, purchase details)	7 years (to comply with UK tax laws and for warranty/return purposes)
Customer support emails	3 years after the last contact, then deleted
Account information (if you create an account)	Until you close your account, plus 2 years of inactivity, after which we may delete the account
Newsletter subscription data	Until you unsubscribe, plus 30 days to process the unsubscription
Analytics data (Google Analytics)	26 months (Google’s default retention for user-level data)
Cookies	Session cookies expire when you close your browser; persistent cookies expire according to their set duration (e.g., 30 days to 2 years)

After the retention period expires, we will delete or anonymize your data so that it can no longer be linked to you.

Data Anonymization

For analytics and statistical purposes, we may retain anonymized data indefinitely. Anonymized data is not personal information because it cannot be re-identified.

10. Data Security – How We Protect You

We take data security seriously and implement appropriate technical and organizational measures to protect your personal information against unauthorized access, accidental loss, alteration, or disclosure.

Technical Measures

Encryption: Our website uses TLS 1.3 (HTTPS) to encrypt data transmitted between your browser and our servers.
Secure payment processing: As described, Stripe handles all payment data; we never store full card numbers.
Firewalls and intrusion detection: Our hosting environment uses firewalls and monitoring to block malicious traffic.
Access controls: Only authorized employees (very few) have access to customer data, and only as needed (e.g., customer support team can see your order details). All access is logged.
Regular updates: We keep our software (e.g., e-commerce platform, plugins) patched and updated.

Organizational Measures

Employee training: Our staff is trained on data protection and privacy best practices.
Confidentiality agreements: All employees and contractors sign confidentiality agreements.
Incident response plan: We have a procedure for responding to data breaches, including notifying affected individuals and regulators as required by law.

Despite Our Efforts…

No method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. You also play a role by keeping your account password confidential and logging out after each session.

What to Do If You Suspect a Breach

If you believe your personal information with us has been compromised, please contact us immediately at marga.trading.amz@gmail.com (subject: “Security Breach”). We will investigate and take appropriate action.

11. Your Rights – Access, Correction, Deletion, Portability, Objection

Depending on where you live (especially if you are in the UK, EU, or California), you have certain rights regarding your personal information. We extend these rights to all our customers worldwide to the extent required by law.

Your Rights Under UK/EU GDPR

Right	What It Means	How to Exercise
Right to be informed	You have the right to know how we collect and use your data (this Privacy Policy fulfills that right).	Read this policy.
Right of access	You can request a copy of the personal information we hold about you (free of charge, but we may charge a reasonable fee for excessive requests).	Email us with “Subject Access Request” in the subject line. We will respond within 30 days.
Right to rectification	If your information is inaccurate or incomplete, you can ask us to correct it.	Email us with the correction.
Right to erasure (right to be forgotten)	You can ask us to delete your personal information in certain circumstances (e.g., if it is no longer needed for the original purpose, or if you withdraw consent and we have no other legal basis).	Email us with “Request for Erasure”. We will assess and comply unless we have a legal obligation to retain the data (e.g., tax records).
Right to restrict processing	You can ask us to temporarily stop processing your data (e.g., while you dispute its accuracy).	Email us with details.
Right to data portability	You can request a copy of your data in a structured, machine-readable format (e.g., CSV) and have it transferred to another controller.	Email us. This applies to data you provided based on consent or contract, not to data we process for legitimate interests.
Right to object	You can object to processing based on legitimate interests (including direct marketing). If you object to direct marketing, we will stop immediately.	Click unsubscribe in marketing emails or email us.
Rights related to automated decision-making	We do not use automated decision-making that produces legal or similarly significant effects (e.g., credit scoring).	Not applicable.

How to Exercise Your Rights

To exercise any of these rights, please contact us at:

Email: marga.trading.amz@gmail.com (with the appropriate subject line)
Phone: Phone: +84 0585824143 (for general inquiries, but written requests are preferred for documentation)

We may need to verify your identity before processing your request (e.g., asking for your order number, email address, and perhaps a copy of a government ID for sensitive requests). We will respond within 30 days (or up to 60 days for complex requests, with notice).

There is usually no fee, but we may charge a reasonable fee if your request is manifestly unfounded or excessive.

Your Right to Lodge a Complaint

If you are not satisfied with how we handle your personal information or a privacy request, you have the right to lodge a complaint with your local data protection authority.

UK residents: Information Commissioner’s Office (ICO) – www.ico.org.uk
EU residents (other than UK): Your local supervisory authority (e.g., CNIL in France, BfDI in Germany).
US residents (California): You also have rights under CCPA (see Section 12).

We would, however, appreciate the opportunity to resolve your concerns first. Please contact us before escalating.

12. California Privacy Rights (CCPA)

If you are a resident of California, USA, the California Consumer Privacy Act (CCPA) grants you additional rights regarding your personal information. This section applies to California consumers.

Right to Know

You have the right to request that we disclose:

The categories of personal information we have collected about you.
The categories of sources from which we collected the information.
The business or commercial purpose for collecting or selling (we do not sell) your information.
The categories of third parties with whom we share your information.
The specific pieces of personal information we hold about you (a data copy).

Right to Delete

You have the right to request that we delete your personal information, subject to certain exceptions (e.g., to complete a transaction, detect fraud, comply with legal obligations).

Right to Opt-Out of Sale

We do not sell your personal information to third parties. Therefore, there is nothing to opt out of. However, under CCPA, “sale” is broadly defined. We do not share your data for cross-context behavioral advertising (targeted ads), nor do we sell it for money or other value.

Right to Non-Discrimination

If you exercise your CCPA rights, we will not discriminate against you by denying services, charging different prices, or providing a lower quality of service.

How to Submit a CCPA Request

California residents can submit a “Request to Know” or “Request to Delete” by:

Emailing marga.trading.amz@gmail.com with “CCPA Request” in the subject line.
Calling Phone: +84 0585824143 (please leave a voicemail with your name, California address, and request).

We will verify your identity using the same methods as for GDPR requests (e.g., matching at least two data points you provide with our records). You may also designate an authorized agent to make a request on your behalf; the agent must provide written permission signed by you.

Shine the Light (California Civil Code Section 1798.83)

Under California’s “Shine the Light” law, residents may request information about our disclosure of personal information to third parties for their direct marketing purposes. We do not disclose personal information to third parties for their own direct marketing. Therefore, no further action is required.

13. Children’s Privacy

Our website and products are intended for adults aged 18 and older. We do not knowingly collect personal information from children under the age of 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at marga.trading.amz@gmail.com. We will take steps to delete that information promptly.

We do not use age verification tools beyond the standard checkout age affirmation (clicking “I am over 18”). If we become aware that a user under 16 has registered or placed an order, we will cancel the order and delete the associated data.

14. Third-Party Links on Our Site

Our website may contain links to third-party websites, such as Stripe’s payment page, carrier tracking pages, or social media platforms (Instagram, Facebook, Pinterest). Please note that these third-party sites have their own privacy policies, and we are not responsible for their practices. We encourage you to read the privacy policies of any third-party sites you visit.

When you click a link to a third-party site, you leave our website. Any information you provide on that site is subject to that site’s privacy policy, not this one.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or technology. The most current version will always be posted on this page, with the “Last updated” date at the bottom.

If we make material changes (e.g., changing how we share your data), we will notify you by:

Posting a prominent notice on our website for at least 30 days before the change takes effect.
Sending an email to the address associated with your account (if you have one) or to all newsletter subscribers.

We encourage you to review this policy periodically. Your continued use of our website after any changes constitutes your acceptance of the updated policy.

16. How to Contact Us About Privacy

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact us:

T2T SIMPLE LTD
27 Old Gloucester Street
LONDON WC1N 3AX
UNITED KINGDOM

Email (preferred for privacy matters): marga.trading.amz@gmail.com
(Please include “Privacy” in the subject line for faster routing.)

Phone: Phone: +84 0585824143
(For general questions; for written requests, email is better.)

Response time: We aim to respond to all privacy-related inquiries within 7 business days, and to formal data subject requests within 30 days.

Summary of Key Privacy Points

Aspect	Our Commitment
Data collection	Only what is necessary to process orders, improve our site, and comply with law.
Payment data	Never stored or seen by us – handled securely by Stripe.
Data sharing	Only with service providers (shipping, payment, analytics) – never sold.
Cookies	You control non-essential cookies via banner.
Your rights	Access, delete, correct, port, object – just ask.
Security	Encryption, access controls, regular audits.
Children	Do not knowingly collect data under 16.
Contact	marga.trading.amz@gmail.com or Phone: +84 0585824143

Final Assurance

At T2T SIMPLE LTD, we believe that privacy is a right, not a luxury. We are committed to being transparent and accountable. When you buy a wicker basket from us, you are not just getting a beautiful, affordable product – you are also dealing with a company that respects your personal information as much as you do.

Thank you for trusting us. If you ever feel uncertain about how your data is handled, please reach out. We are here to help.

The T2T SIMPLE LTD Team