nursery-aged girl peeking out of Outlast tunnel

Website privacy notice

Community Products (UK) Ltd.

  1. Introduction

    This Privacy Notice sets out how we, the Community Products group of companies (collectively “Community Products”, “we”, “us”, and “ours”) collect and use information about you or from which you can be identified (“ Personal Information ”) through (hereafter “our Website”), the internet, e-mail, text and other means of electronic communications.

    We have appointed a data privacy manager who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact the data privacy manager using the details set out below.

    Email: dataprivacy (at)

    Community Products (UK) Ltd
    Brightling Road
    East Sussex TN32 5DR

    Telephone: 01580 883 310

    You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK regulator for data protection issues ( We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

    Our Website is not intended for, nor do we knowingly collect personal data from children under 16. No one under age 16 may provide any Personal Information to our Website. If we learn that we have collected or received Personal Information from a child under 16 without verification of parental consent, we will delete that information with immediate effect. If you believe we might have any Personal Information from or about a child under 16, please contact us at dataprivacy (at) .


  2. Sources of personal data

    We use different methods to collect personal data from and about you including through:

    1. Direct interactions. You may give us your contact or identity by filling in forms or by corresponding with us by post, phone, blogs and email or otherwise.
    2. Automated technologies or interactions. As you interact with our website, we may automatically collect technical data about your equipment (such as your IP address, operating system and browser), browsing actions and patterns (such as traffic data, location data, logs, and other communication data and the resources that you access and use on our Website). We collect this personal data by using cookies and other similar technologies. We may also receive technical data about you if you visit other websites employing our cookies. For more information, see our cookie statement.
    3. Third party sources. We may receive personal data about you from analytics providers such as Google based outside the EU or the UK.


  3. Personal Information that we collect

    We may collect, use, store and transfer different kinds of personal data about you, which we have grouped together, as follows:

    1. Identity Data, which includes your first name, last name, title, date of birth and gender.
    2. Contact Data, which includes your billing address, delivery address, email address and telephone numbers.
    3. Technical Data, which includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you used to access this website.
    4. Profile Data, which includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses. All credit card processing is outsourced to CyberSource, a Visa payment solution. No credit card information is stored by us at any time. CyberSource’s privacy policy can be accessed here.
    5. Usage Data, which includes information about how you use our website, products and services.
    6. Marketing and Communications Data, which includes your preferences in receiving marketing from us and our third parties and your communication preferences.

    We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

    It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.


  4. Our use of your Personal Information

    Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.

    We will normally collect personal information from you only where we have your consent to do so, where we need the personal information to perform a contract with you (for example, when providing our products), or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to process personal information about you, or may need to process personal information in order to exercise, establish or defend legal claims.

    If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as the possible consequences, if any, if you do not provide your personal information).

    If you have questions about or need further information concerning the legal basis on which we collect and use your personal information (including any legitimate interests relied upon), please send an email to dataprivacy (at) . 


  5. Disclosures

    We may disclose your Personal Information:

    • To our subsidiaries and other entities associated with Community Products which provide us e.g. with administrative and IT resources.
    • To our business partners, such as contractors, service providers and other third parties we use to provide products to you, support our Website or to process data on our behalf. For example, we would disclose your shipping address to the shipping company that delivers products that you order.
    • To courts, government bodies and law enforcement agencies to comply with any court order, legal obligation or legal process, including to respond to any government or regulatory request.
    • To enforce or apply our Terms of Use and other agreements.
    • For any other purpose that you consent to or is obvious at the time when you provide information to us or prior to a disclosure being made.
    • If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Community Products, our visitors, or others.

    Some of the recipients of these disclosures may be located outside the UK or the European Economic Area. See below under 9 (International transfers of data).


  6. Security

    We employ reasonable security measures consistent with standard industry practice to protect against the loss, misuse, alteration, destruction of or unauthorized access to Personal Information. For instance, access to our databases containing Personal Information is restricted to authorized staff and access is audited for security purposes. Customer account information and activity is protected through the use of usernames and passwords. To protect your information, you should keep your username and password confidential.

    We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.


  7. Retention

    We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

    To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.


  8. Your rights

    The GDPR provides you with certain rights in relation to the processing of your personal data, including to:

    1. Request access to personal data about you (commonly known as a “data subject access request”).
    2. Request rectification , correction, or updating to any of the personal data that we hold about you.
    3. Request personal data provided by you to be transferred in machine-readable format (“data portability”), to the extent applicable in the business relationship context.
    4. Request erasure of personal data .
    5. Request the restriction of processing of your personal data .
    6. Object to the processing of your personal data in certain circumstances .
    7. Withdraw your consent where we may rely on your consent to process your personal data.

    These rights are not absolute and are subject to various conditions under:

    • applicable data protection and privacy legislation; and
    • the laws and regulations to which we are subject.

    To exercise any of these rights, please email us at dataprivacy (at)


  9. International transfers of data

    Many of our external third parties are based outside the UK or the European Economic Area (“EEA”) so their processing of your personal data will involve a transfer of data outside the UK or the EEA.
    If and when transferring your personal data into or out of the EEA (which consists of EU member states and Iceland, Lichtenstein and Norway), we will only do so using one of the following safeguards:

    1. The transfer is from the UK to the EEA.
    2. the transfer is to a non-EEA country which has an adequacy decision by the  European Commission.
    3. the transfer is covered by a contractual agreement, which covers the  GDPR requirements relating to transfers to countries outside the EEA.
    4. the transfer is to an organisation which has Binding Corporate Rules approved by an EU data protection authority.


  10. Other Websites

    Our Website may contain links to other websites which are outside our control and are not covered by this Privacy Notice. If you access other sites using the links provided, the operators of these sites may collect information from you which will be used by them in accordance with their privacy policy, which may differ from ours.


  11. Changes to this Privacy Notice

    From time to time we may update this Privacy Notice. When we do, we will publish the changes on our Website. If you do not agree to these changes, please do not continue to use our Website. If material changes are made to this Privacy Notice, we will notify you by placing a prominent notice on our Website.