TeaTapee.com Privacy Policy: Your Personal Data and Rights Explained

Effective Date: September 4, 2025

TeaTapee.com (“we,” “us,” or “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our products, or otherwise interact with us. It also describes your privacy rights and how applicable laws protect you.

1. Information We Collect

We may collect, use, store, and transfer the following categories of personal data:

1.1 Identity Data
First name, last name.

1.2 Contact Data
Email address, shipping address, billing address, phone number.

1.3 Transaction Data
Order details, payment method (tokenized by our payment processor), products purchased, transaction dates.

1.4 Technical Data
IP address, browser type and version, time zone, approximate location, operating system, device identifiers.

1.5 Usage Data
Pages visited, links clicked, time spent on pages, search terms, interaction with features.

1.6 Marketing & Communications Data
Preferences for receiving marketing communications, communication history.

1.7 Third‑Party Data
Information from social media platforms when you log in via OAuth, and limited information from our payment processors for transaction verification and fraud prevention.

2. How We Use Your Information

We use your personal data for the purposes and on the legal bases set out below:

  • To process and deliver your orders (including managing payments, fees, charges, and sending order confirmations and invoices).
    Legal basis (EEA/UK): performance of a contract with you; compliance with legal obligations (e.g., tax/accounting).
  • To create and maintain your TeaTapee.com account and provide customer support.
    Legal basis: performance of a contract; our legitimate interests in operating our services and responding to enquiries.
  • To improve and personalize our website, products, and services, and to conduct analytics.
    Legal basis: our legitimate interests in understanding how our services are used and improving them.
  • To send marketing communications, newsletters, and promotional offers (only if you have opted in where required by law). You can opt out at any time by using the unsubscribe link in our emails or by contacting us.
    Legal basis: your consent; our legitimate interests where consent is not required under local law.
  • To maintain the security of our website and services, detect and prevent fraud and abuse, and protect our rights and the rights of others.
    Legal basis: our legitimate interests in securing our systems and preventing fraud; compliance with legal obligations.
  • To comply with legal and regulatory obligations, respond to lawful requests from authorities, and enforce our Terms of Service.

3. Payment Security

We maintain high standards to help secure your payment data:

3.1 Encryption in Transit
All communications between your browser and our servers use TLS 1.3 encryption. Every page where you enter sensitive data enforces HTTPS.

3.2 Encryption at Rest
Where stored, sensitive information is encrypted using strong industry‑standard algorithms such as AES‑256.

3.3 Tokenization
Raw credit‑ or debit‑card numbers are not stored on our systems. Our Payment Service Provider (PSP) converts card data into unique tokens immediately upon entry.

3.4 PCI DSS Compliance
Our PSP is certified under the Payment Card Industry Data Security Standard (PCI DSS). We follow PCI DSS requirements that apply to merchants and undergo regular security assessments, vulnerability scans, and other risk‑based checks.

3.5 Fraud Detection & Monitoring
Real‑time transaction monitoring by our PSP uses automated rule‑based systems and other tools to help identify and block suspicious activity.

4. Data Security Measures

We implement technical and organizational measures designed to protect your data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access, including:

  • Firewalls and intrusion detection/prevention systems.
  • Role‑based access controls and multi‑factor authentication for employees.
  • Secure software development practices, regular code reviews, vulnerability scanning, and patch management.
  • Documented incident response procedures to quickly address any suspected breach.

5. Cookies & Tracking Technologies

We use cookies and similar technologies to enhance your experience and to understand how our website is used:

  • Essential Cookies: Required for core site functionality (e.g., cart, checkout, account login).
  • Performance/Analytics Cookies: Collect aggregated, anonymized usage statistics to help us improve the site.
  • Marketing Cookies: May be used to deliver more relevant content or advertising based on your interests, where permitted by law.

You can manage cookie preferences through your browser settings. Where required by law (for example, in the EEA/UK), we will request your consent for non‑essential cookies via a cookie banner or preferences tool, and you can withdraw your consent at any time through that tool.

6. Data Retention

We retain personal data only as long as necessary for the purposes for which it was collected, including to satisfy legal, accounting, or reporting obligations.

For example:

  • Order and transaction records are typically retained for up to 7 years to comply with tax and accounting requirements.
  • Marketing data is retained while you remain subscribed and for a short period thereafter to document your preferences.

When personal data is no longer needed, we will either delete it or irreversibly anonymize it in a secure manner.

7. International Data Transfers

Your data may be processed or stored outside your home country, including in countries that may have different data‑protection standards than your own. When we transfer personal data from the EEA/UK or other regions with data‑transfer restrictions, we use appropriate safeguards, such as Standard Contractual Clauses (SCCs) or other mechanisms approved by relevant authorities, to ensure an adequate level of protection.

Depending on where you live and applicable law (for example, the EU/UK GDPR, Australian Privacy Principles, or similar laws), you may have some or all of the following rights:

  • To access and receive a copy of your personal data.
  • To correct inaccurate or incomplete data.
  • To request the erasure of your data (“right to be forgotten”) in certain circumstances.
  • To restrict or object to certain processing activities, including processing based on legitimate interests or for direct marketing.
  • To receive your data in a structured, commonly used, machine‑readable format and, where technically feasible, to request that we transmit it to another controller (data portability).
  • To withdraw consent at any time where we rely on your consent (this will not affect the lawfulness of processing before withdrawal).

To exercise any of these rights, please contact us at atyourservice@teatapee.com. We may need to verify your identity before responding. You also have the right to lodge a complaint with your local data‑protection authority if you believe your rights have been infringed.

9. Third‑Party Links & Sharing

Our site may contain links to third‑party websites, plug‑ins, or applications. We have no control over their practices and are not responsible for their privacy policies or content. We encourage you to review any external site’s privacy policy before providing personal data.

We share personal data with trusted service providers who perform services on our behalf, such as:

  • Payment processors and fraud‑prevention providers
  • Website hosting and cloud infrastructure providers
  • Analytics and performance measurement services
  • Email and marketing automation platforms
  • Customer support tools

These third parties are given access only to the data they need to perform their services and are required to process personal data in accordance with applicable law and our instructions. We do not sell your personal information.

10. Children’s Privacy

Our services are not directed to individuals under 16 years of age (or the lower age permitted by local law). We do not knowingly collect personal data from children under this age. If we learn that we have inadvertently collected personal data from a child, we will delete that data promptly. If you believe a child has provided us with personal data, please contact us.

11. Changes to This Privacy Policy

We may update this policy from time to time to reflect operational, legal, or technical changes. When we make material changes, we will post the updated policy on this page with a revised “Effective Date” and, where appropriate, provide additional notice. We encourage you to review this policy periodically.

12. Contact Us

If you have questions, concerns, or wish to exercise your privacy rights, please contact:

Privacy Officer
TeaTapee.com
Email: atyourservice@teatapee.com

By using TeaTapee.com, you acknowledge that you have read and understood this Privacy Policy and agree to the collection and use of information as described here. Your privacy and data security are important to us.

Shopping Cart