Effective Date: 12 Jan 2025
1. Introduction
Welcome to lordofthetimber.com (the “Site”), owned and operated by Lord of the Timber LLP. (collectively, “Lord of the Timber,” “Company,” “we,” “us,” or “our”). We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our Site, purchase our products, or otherwise interact with us (collectively, the “Services”).
This Policy is drafted in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and, where applicable, the EU GDPR.
2. Who We Are – Data Controller
For the purposes of data-protection law, Lord of the Timber Ltd. is the data controller. Our contact details are:
Lord of the Timber LLP.
Unit 9, Blythe House Farm, Lichfield Road, Hamstall Ridware, Rugeley, England, WS15 3QQ
Email: contact@lordofthetimber.com
Company Number: OC455273
If you have any questions about this Privacy Policy or our privacy practices, please contact our Data Protection Officer (DPO) at the email address above.
3. Personal Data We Collect
We may collect, use, store, and transfer different kinds of personal data about you, which we have grouped as follows:
| Category | Examples |
|---|---|
| Identity Data | first name, last name, username or similar identifier, title, date of birth |
| Contact Data | billing address, delivery address, email address, telephone number |
| Financial Data | partial payment‑card details (handled by payment processor), payment method |
| Transaction Data | details of products and services you have purchased from us, order numbers, fulfilment status |
| Technical Data | IP address, login data, browser type and version, time zone setting, operating system, device identifiers |
| Usage Data | information about how you use our Site and Services, including clickstreams |
| Marketing & Communications Data | your preferences in receiving marketing from us and your communication preferences |
We do not knowingly collect Special Categories of Personal Data (e.g., health information) or data about criminal convictions.
4. How We Collect Your Data
We use different methods to collect data, including:
- Direct interactions – You provide Identity, Contact, and Financial Data when you create an account, place an order, subscribe to newsletters, or correspond with us.
- Automated technologies – As you interact with our Site, we automatically collect Technical Data via cookies, server logs, and similar technologies. For details, see our Cookie Policy.
- Third parties – We receive personal data from:
- Payment processors (e.g., Stripe, PayPal) for Fraud Prevention and payment confirmation,
- Analytics providers (e.g., Google Analytics, WP Jetpack) for Site usage insights,
- Marketing platforms (e.g., Mailchimp) when you opt into marketing.
5. How We Use Your Data – Purposes & Legal Bases
We will only use your personal data when the law allows us to. Most commonly, we will use your data:
| Purpose | Type of Data | Legal Basis |
|---|---|---|
| Process and deliver your order | Identity, Contact, Financial, Transaction | Performance of a contract |
| Manage account & provide customer service | Identity, Contact, Transaction, Technical | Performance of a contract; legitimate interests |
| Fraud screening & security | Identity, Contact, Financial, Technical | Legitimate interests; compliance with a legal obligation |
| Marketing (email/newsletter) | Identity, Contact, Marketing & Communications | Consent (opt‑in); legitimate interests for existing customers (soft opt‑in) |
| Analytics & Site improvement | Technical, Usage | Consent (cookies); legitimate interests |
| Legal compliance & record‑keeping | All relevant categories | Compliance with a legal obligation |
Where we rely on consent, you have the right to withdraw it at any time.
6. Cookies & Similar Technologies
We use cookies and similar technologies to recognise your browser or device, improve the Site’s functionality, and analyse traffic. You can control cookies through your browser settings or via our cookie‑consent banner. For more information, refer to our Cookie Policy.
7. Sharing Your Data
We do not sell your personal data. We may share it:
- Service providers – Shipping couriers, payment processors, IT‑support providers, marketing‑email platforms, and website hosting partners who help us operate the Site and fulfil contracts.
- Professional advisers – Lawyers, bankers, auditors, and insurers.
- Authorities – HMRC, regulators, law‑enforcement bodies where required by law or to protect our rights.
- Corporate transactions – In connection with a merger, acquisition, or asset sale, subject to contractual confidentiality safeguards.
All third parties are required to respect the security of your personal data and to treat it in accordance with the law.
8. International Transfers
Our servers are located in the United Kingdom/EU. Some of our external service providers (e.g., Mailchimp, Google Analytics) are based outside the UK/EEA, so their processing of your personal data may involve a transfer to a third country. In such cases, we ensure a similar degree of protection by implementing one of the following safeguards:
- Adequacy Decision by the UK Government;
- UK/EU Standard Contractual Clauses;
- Binding Corporate Rules.
9. Data Security
We have put in place appropriate technical and organisational measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. These measures include SSL encryption, secure payment gateways, access controls, and regular WordPress & plugin updates.
10. Data Retention
We keep your personal data only for as long as necessary to fulfil the purposes we collected it for, including satisfying any legal, accounting, or reporting requirements. Generally:
| Data Type | Retention Period |
|---|---|
| Order information (invoices) | 6 years for tax records (UK) |
| Customer account data | active plus 2 years of inactivity |
| Marketing consent records | until you withdraw consent + 2 years |
| Cookie data | as set in our Cookie Policy (typically 30 days – 2 years) |
11. Your Rights
Under data‑protection law, you have rights including:
- Right of access – request copies of your personal data.
- Right to rectification – request correction of inaccurate data.
- Right to erasure – request deletion of your data (a.k.a. “right to be forgotten”) when no longer necessary.
- Right to restrict processing – request limitation of processing.
- Right to data portability – receive your data in a structured, commonly used format.
- Right to object – object to processing based on legitimate interests or direct marketing.
- Rights related to automated decision‑making – we do not engage in automated decisions that produce legal effects.
You can exercise these rights by emailing contact@lordofthetimber.com. We may need to verify your identity before fulfilling a request and will respond within one month.
You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) or your local supervisory authority.
12. Children’s Privacy
Our Site is not directed to children under 13. We do not knowingly collect personal data from children. If you believe we have collected a child’s data, please contact us so we can delete it.
13. Third‑Party Links
The Site may include links to third‑party websites, plug‑ins, and applications. Clicking those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third‑party websites and are not responsible for their privacy statements.
14. Changes to This Privacy Policy
We may update this Policy from time to time. Any changes will be posted on this page with an updated “Effective Date.” If the changes are material, we may provide additional notice (e.g., email notice).
15. Contact
If you have questions about this Privacy Policy or wish to exercise your data‑protection rights, please contact us at:
Email: contact@lordofthetimber.com
Post: Data Protection Officer, Lord of the Timber LLP., Unit 9, Blythe House Farm, Lichfield Road, Hamstall Ridware, Rugeley, England, WS15 3QQ
Last updated: 16 June 2025
Legal Disclaimer: This Privacy Policy is provided for general informational purposes and does not constitute legal advice. Data‑protection requirements vary by jurisdiction and your specific business practices; consult qualified counsel to ensure full compliance.