Privacy policy


Last updated: 11th October 2025

Topshelf Buyz operates this store and website, including all related information, content, features, tools, products and services, in order to provide you, the customer, with a curated shopping experience (the "Services"). Topshelf Buyz is powered by Shopify, which enables us to provide the Services to you. This Privacy Policy describes how we collect, use, and disclose your personal information when you visit, use, or make a purchase or other transaction using the Services or otherwise communicate with us. If there is a conflict between our Terms of Service and this Privacy Policy, this Privacy Policy controls with respect to the collection, processing, and disclosure of your personal information.

Please read this Privacy Policy carefully. By using and accessing any of the Services, you acknowledge that you have read this Privacy Policy and understand the collection, use, and disclosure of your information as described in this Privacy Policy.

How We Use Your Personal Information and Our Legal Basis

Under UK data protection law, we must have a "legal basis" (a valid legal reason) for using your personal information. We use your data for the following purposes and rely on the following legal bases:

  • To Provide and Fulfil Our Services. We use your personal information to process your payments, fulfil your orders, arrange for shipping, facilitate returns, and manage your account.
    Legal Basis: Performance of a Contract.
  • Marketing and Advertising. We may use your personal information to send marketing communications by email or text message, and to show you online advertisements.
    Legal Basis: Your explicit Consent, which you can withdraw at any time. For some forms of marketing to existing customers, we may rely on our Legitimate Interests, provided your rights do not override these interests.
  • To Improve Our Services. We use information about how you interact with our website to improve the user experience and our product offerings.
    Legal Basis: Our Legitimate Interests.
  • Security and Fraud Prevention. We use your personal information to detect and prevent fraudulent, illegal, or malicious activity to protect our business and our customers.
    Legal Basis: Our Legitimate Interests.
  • Communicating with You. We use your personal information to provide you with customer support and maintain our business relationship with you.
    Legal Basis: Performance of a Contract and our Legitimate Interests.
  • Legal Compliance. We use your personal information to comply with applicable laws, respond to valid legal process, or enforce our terms and policies.
    Legal Basis: Compliance with a Legal Obligation.

How We Disclose Personal Information

In certain circumstances, we may disclose your personal information to third parties for legitimate purposes subject to this Privacy Policy. Such circumstances may include:

  • With vendors and service providers who perform services on our behalf (e.g., IT management, payment processing, data analytics, customer support, cloud storage, fulfilment and shipping).
  • With business and marketing partners only where we have your explicit consent to do so. Our business and marketing partners will use your information in accordance with their own privacy notices. You have the right to opt-out of this sharing by managing your cookie preferences or contacting us directly.
  • When you direct, request us or otherwise consent to our disclosure of certain information to third parties, such as to ship you products or through your use of social media widgets or login integrations.
  • With our affiliates or otherwise within our corporate group, in line with the purposes set out in this policy.
  • In connection with a business transaction such as a merger or bankruptcy, to comply with any applicable legal obligations (including to respond to subpoenas, search warrants and similar requests), to enforce any applicable terms of service or policies, and to protect or defend the Services, our rights, and the rights of our users or others.

Children's Data

The Services are not intended to be used by children. In the UK, this means individuals under the age of 13. We do not knowingly collect any personal information about children. If you are the parent or guardian of a child who has provided us with their personal information, you may contact us using the contact details set out below to request that it be deleted.

Security and Retention of Your Information

Please be aware that no security measures are perfect or impenetrable, and we cannot guarantee "perfect security." In addition, any information you send to us may not be secure while in transit. We recommend that you do not use unsecure channels to communicate sensitive or confidential information to us.

How long we retain your personal information depends on different factors. We retain it for as long as necessary to provide you with our Services, comply with legal obligations, resolve disputes and enforce our policies. For example, we typically retain account and transaction information for 6 years after your last transaction to comply with UK tax and company law requirements.

Your Rights and Choices

If you are a resident of the UK, you have the following rights in relation to your personal information under the UK GDPR. These rights are not absolute and may apply only in certain circumstances.

  • Right to Access. You have the right to request a copy of the personal information that we hold about you.
  • Right to Rectification. You have a right to request that we correct inaccurate personal information we maintain about you.
  • Right to Erasure (Right to be Forgotten). You have a right to request that we delete your personal information.
  • Right to Restrict Processing. You have the right to ask us to restrict our processing of your personal information.
  • Right of Portability. You have a right to receive a copy of your personal information in a structured, commonly used format, and to request that we transfer it to a third party.
  • Right to Object. You have the right to object to our processing of your personal information where we rely on "Legitimate Interests" as our legal basis.
  • Rights Related to Automated Decision-Making. You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects on you.
  • Right to Withdraw Consent. Where we rely on consent to process your personal information, you have the right to withdraw this consent at any time.

You may exercise any of these rights by contacting us using the contact details provided below.

Complaints

If you have complaints about how we process your personal information, please contact us first so we can try to resolve the issue. If you are not satisfied with our response, you have the right to lodge your complaint with the UK's data protection authority, the Information Commissioner's Office (ICO). You can find their contact details on their website at https://ico.org.uk.

Contact Us

Should you have any questions about our privacy practices or this Privacy Policy, or if you would like to exercise any of your rights, please contact us at:

Email: support@topshelfbuyz.com
Phone: +448007074211
Address: 26 Redbourne Road, Grimsby, Lincolnshire, DN33 1PE, United Kingdom

For the purpose of the UK GDPR and other applicable data protection laws, Topshelf Buyz is the data controller of your personal information