Privacy Policy

Last update 15/01/2026

1. Introduction

Tortuga Headwear Ltd (“we”, “us”, “our”) is committed to protecting your privacy and personal data.
This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit our website or purchase our products.

We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the EU GDPR, and applicable data protection laws.

2. Data Controller

The data controller responsible for your personal data is:

Tortuga Headwear Ltd
128 City Road
London, EC1V 2NX
United Kingdom

📧 info@tortugaislandheadwear.com

3. Personal Data We Collect

We may collect and process the following categories of personal data:

a) Information You Provide

• Name

• Billing and delivery address

• Email address

• Telephone number

• Order details and purchase history

b) Payment Information

Payments are processed securely by third-party payment providers (such as Stripe or PayPal).
We do not store full payment card details.

c) Automatically Collected Data

• IP address

• Browser type and version

• Device and operating system information

• Website usage and interaction data

This data is collected through cookies and similar technologies.

4. How We Use Your Personal Data

We use your personal data to:

• Process and fulfil orders

• Manage deliveries and returns

• Communicate with you about your purchases or enquiries

• Provide customer support

• Send marketing communications where you have given consent

• Improve website performance and user experience

• Prevent fraud and ensure website security

• Comply with legal and accounting obligations

5. Legal Bases for Processing

We process personal data on the following legal bases:

• Contractual necessity – to fulfil your order

• Legal obligation – tax, accounting, and regulatory compliance

• Legitimate interests – fraud prevention, service improvement, analytics

• Consent – marketing communications and non-essential cookies

You may withdraw consent at any time.

6. Data Sharing & Third Parties

We share personal data only where necessary, including with:

• Payment processors (e.g. Stripe, PayPal)

• Shipping and logistics partners

• Print-on-demand fulfilment partner (Printful) – for production, shipping, and returns of made-to-order products

• IT and website service providers (hosting, analytics, email systems)

• Legal or regulatory authorities, where required by law

All third parties act as data processors and are contractually required to protect your data.

We do not sell or trade your personal data.

7. International Data Transfers

Your personal data may be transferred outside the UK or European Economic Area (EEA).

Where this occurs, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs)

• Equivalent legal protections recognised under data protection law

8. Cookies & Tracking Technologies

We use cookies and similar technologies to:

• Ensure the website functions properly

• Analyse website traffic and performance

• Improve user experience

Cookie Consent

• Essential cookies are always enabled

• Non-essential cookies (analytics or marketing) are used only with your consent

• You can manage or withdraw your consent at any time via our cookie banner or settings

For more information, please see our Cookie Policy.

9. Data Retention

We retain personal data only for as long as necessary for the purposes described:

• Order and transaction data: up to 6–7 years (legal and tax obligations)

• Customer account data: for as long as the account remains active

• Marketing data: until consent is withdrawn

• Analytics data: typically 14–26 months

• Customer support communications: up to 24 months

When data is no longer required, it is securely deleted or anonymised.

10. Your Data Protection Rights

Under UK GDPR and EU GDPR, you have the right to:

• Access your personal data

• Rectify inaccurate or incomplete data

• Request erasure of your data

• Restrict or object to processing

• Data portability

• Withdraw consent at any time (where processing is based on consent)

• Lodge a complaint with a supervisory authority

Supervisory Authority

For UK users, the supervisory authority is:

Information Commissioner’s Office (ICO)
www.ico.org.uk

To exercise your rights, contact us at:
📧 info@tortugaislandheadwear.com

11. Children’s Privacy

Our website is not intended for children under the age of 16.
We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can remove it.

12. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

• SSL encryption

• Secure hosting infrastructure

• Restricted access to personal data

Despite these measures, no method of transmission over the internet is completely secure.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.
Any changes will be posted on this page with an updated effective date.

14. Contact Us

If you have any questions or concerns about this Privacy Policy or how we handle your data, please contact:

Tortuga Headwear Ltd
128 City Road
London, EC1V 2NX
United Kingdom

📧 info@tortugaislandheadwear.com