Privacy Policy

How we gather, use and protect any information that you give to us when you use our website.

Updated July 2023

Under the GDPR regulations we have recently updated our privacy policy. We use Cookies on our website ("") to give you a better experince.



We take both privacy and personal data security seriously, so please take a moment to read through our Privacy Notice to ensure that you're comfortable. If at any time you are concerned or have questions about how we might be handling your data, please reach out to our Data Protection Officer at

Privacy Notice

ONCE UPON A DUA LTD (“ONCE UPON A DUA”, "OUaD", "onceuponadua", "We", “Us” and “Our”) remain fully committed to the protection of your privacy at all times. We are what is known as a 'data controller’. This means that we are responsible for deciding how we hold and use personal information about you. This Privacy Notice sets out how we gather, use and protect any information that you give to us when you use this website. We may make changes to this notice from time to time by updating this page, so please check back occasionally to ensure that you are happy. In dealing with your personal data, we will comply with relevant legislation in force in England and Wales. This notice is effective from 8th March 2022.

What personal information do we collect and how do we use it?

Depending on the type of contact we have with you (for example, whether you are registering with us, or you're just browsing) we might collect the following types of information:

  • Identification of your past and current visits by finding and using cookies residing on your machine.
  • Your name.
  • Your contact information including an email address.
  • Information obtained from your social media profiles registered with us.
  • Demographic information such as postcode, preferences and interests.
  • Other information relevant to customer surveys and/or offers.

In order to fulfil your order and any future customer service requests, we need to know certain personal data collected at the time of order. The information we hold will consist of but not be limited to the following: Title; Name; Address; Mailing Preference flags such as ‘Do not mail’; Products purchased from us in the past, including their cost; Telephone number, if offered to us. Email address; Where we believe you heard about us from. Credit card details are encrypted after data entry and are not stored on our systems after use. We do not collect any Special Category Data (sensitive data) such as race, religion, biometrics or health data. It is our policy that your information is private and confidential. Accordingly, the personal information you provide to us is stored in a secure location, and is accessible only by designated staff. We also collect data because it is necessary for the pursuit of our legitimate interests. Our legitimate interests are set out below:

  • Direct Marketing
  • Understanding our customers’ wishes and shopping preferences
  • Improving our service and our products
Data for those under 18 years of age
As part of our registration process we ask you to create a profile and as part of this you have the option to let us know the first name and date of birth of your child. We ask you to share this so that we can enhance the service that we offer through the website and our communications to you. This includes sending you relevant offers, discount codes, rewards and product suggestions. Sharing this information is completely optional, however some services may unfortunately not be available without this information.

If you apply and are chosen to take part in our "Parent Testing" scheme then we may use your child's first name and photographs of your child on our website and social feeds as set out in more detail in The Parent Test. We will only do this if you have specifically consented to it as part of your sign-up to the Parent Testing scheme.

When you share this information about your child with us, you represent to us that you are the carer of the child and have the authority to share this information. We will hold this information securely and may use it in our correspondence with you.

Why do we collect personal information?

We endeavour to keep the amount of personal information we request to a minimum at all times. Any data that's shared with us is used only to deliver an expected service. The specific situations in which we will process your personal information are listed below.

How we will use your personal information Reasons for using your personal information
Contact details to speak with you, to let you know when you order has been dispatched, for example.

We cannot process your order without knowing where to post your items and who to contact about the items.

The basis for this processing will be that it is necessary for the purpose of entering into a contract with your or fulfilling a contract which we have entered into.

Use your payment card details to charge you for your order.


Provide your details to a secure third-party payment provider. The third-party does not retain your card details after processing the transaction.

To take payment for your order.

The basis for this processing will be that it is necessary for the purpose of entering into a contract with your or fulfilling a contract which we have entered into.

We will use technical information about you and your computer or device for the purpose of maintaining and improving our website and the quality and efficiency of our services.

To achieve our aim of ensuring our website and services are operated as effectively as possible.

The basis for this processing will be that it is necessary for our legitimate interest in ensuring the quality and efficiency of our website services.

We will retain records and details of our transactions with you including orders, returns and refunds and related information.

To allow us to comply with our legal and regulatory obligations in relation to record keeping and accounting.

The basis for this processing will be that it is necessary to allow us to comply with legal obligations to which we are subject.

Using your contact details for electronic direct marketing purposes.

To allow us to comply with our legal and regulatory obligations in relation to record keeping and accounting.If you are not an existing customer, we will only carry out this processing if you have provided opt-in consent as set out in more detail below.

The basis for this processing will be that you have provided your specific consent to it.

If you are an existing customer, we may carry out this processing, but you will have the ability to opt out of this at any time (including when you create an account or otherwise sign up with us).

The basis for this processing will be that it is necessary for our legitimate interest in ensuring that you are aware of the full range of products and services which we offer.

Using your contact details for direct mailing marketing purposes. The basis for this processing will be that it is necessary for our legitimate interest in ensuring that you are aware of the full range of products and services which we offer.
For users of our Parent Testing scheme only: Your child's first name and photographs of your child. The basis for this processing will be that you have given specific consent to this on an opt-in basis as part of your sign-up to the Parent Testing scheme.

In respect of using your personal information for the purposes of direct marketing, or sharing your data with others, we will give you the choice of providing your consent. If you have opted in, you have the right to later withdraw your consent at any time.

Understanding the types of personal information we collect

Depending on the contact we have with you we may collect one or more of the following types of information:

  • Indirect Data (IP Addresses and Cookies)
  • Direct Data
  • Social Media Data
Indirect Information Gathering via the use of IP Addresses and Cookies

ONCE UPON A DUA may use your IP address to help diagnose problems with its server, and to administer the Site. Your IP address is used to help identify you and to gather broad demographic information. IP addresses are also used to provide an audit trail in the case of any attempted illegal or unauthorized use of the Site.

Our website also uses cookies, tracking pixels and related technologies. Cookies are small data files that are served by our platform and stored on your device. Our site uses cookies dropped by us or third parties for a variety of purposes including to operate and personalize the website. Also, cookies may also be used to track how you use the site to target ads to you on other websites.

There are four main types of cookies – here’s how and why we use them.

  1. Site functionality cookies – these cookies allow you to navigate the site and use our features, such as “Add to Cart”.
  2. Site analytics cookies – these cookies allow us to measure and analyse how our customers use the site, to improve both its functionality and your shopping experience.
  3. Customer preference cookies – when you are browsing or shopping on OUaD, these cookies will remember your preferences (like your language or location), so we can make your shopping experience as seamless as possible, and more personal to you.
  4. Targeting or advertising cookies – these cookies are used to deliver ads relevant to you. They also limit the number of times that you see an ad and help us measure the effectiveness of our marketing campaigns.

In no way does such a cookie give us access to your computer, or any information about you, other than the data you choose to share with us.

Note also that third party cookies might be downloaded onto your device as a result of your use of this website. For example if you were to send information from this website to your social media account, your account may require the use of such cookies to enable this transfer to take place. These cookies are not under our control and we disclaim any responsibility for the acts of third party cookies.

By using our site, you agree to us placing these sorts of cookies on your device and accessing them when you visit the site in the future. If you want to delete any cookies that are already on your computer, the “help” section in your browser should provide instructions on how to locate the file or directory that stores cookies. Further information about cookies can be found at Please note that by deleting or disabling future cookies, your user experience may be affected and you might not be able to take advantage of certain functions of our site.

Direct Information Gathering

Direct information gathering is done via registration records or direct contact via email or telephone or cookies. When you make a purchase, register with us, log in, or post comments on this website there is a minimum amount of information required for the website to function and to deliver the expected service. For example, for us to be able to create a customer account we require personal information as means of identification, e.g. an email address and password.

Some of the cookies we use are non-essential, but allow the website to be personalised to you, for example remembering your information when you come to login and thereby increase the efficiency of your next visit.

Social Media Data Gathering

Social media data gathering is done via technology we employ to help us identify when you may have encountered us through social media, or to send you targeted marketing messages relating to products we have to offer during your social media experience. The use of this technology does result in our holding your personal contact details and likes and dislikes. We do not categorise this information based on what the law describes as “sensitive personal data”. We do this automatically, however there is a facility for you to stop our processing of such data by managing your browser preferences. You can find out more about this via Your Online Choices ( - Your ad choices).

How do we use the personal information we collect?

We use the information we collect to understand your needs and provide you with a better service, in particular for the following reasons:

  • Internal record keeping.
  • We may use the information to improve our products and services.
  • To manage promotional offers available to you, offered by us.
  • Where you have opted in to this, we may periodically send promotional emails about new products, special offers or other information which we think you may find interesting, using the email address which you have provided.
  • Where you have opted into this, we may use your personal information to form a view of what products, offers and services may be of interest to you.
  • Where you have opted in to this, from time to time, we may also use your information to contact you for market research purposes. We may contact you by email, phone or mail.
  • We may use the information to customise the website according to your interests.
Other websites

Our website may contain links to enable you to visit other websites of interest easily. However, once you have used these links to leave our site, you should note that we do not have any control over that other website.

Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites, and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

Who do we share your personal information with?

We don't sell, distribute or lease your personal information to third parties unless we have your explicit permission or are required to by law. We may use your personal information to send you promotional information about third parties which we think you may find interesting, if you have consented to this.

We may also share your data with the following categories of third-parties (who may process your data on our behalf or as data controllers in their own right) in order to allow us to provide our services to you. This will include, but may not be limited to, the following:

  • Processors who we need to use in order to process and fulfil your orders such as payment services providers, warehouses, order packers and delivery companies;
  • Website hosting companies and other service providers who we need to use in order to run our business;
  • Credit reference agencies, law enforcement and fraud prevention agencies for the prevention and detection of fraud;
  • Other processors approved by you such as social media services (if you choose to link your accounts to us).
How you can control your personal information

You have control over the information we collect from you, either based on your web browser setting controlling the use of cookies, or by seeking permission from you.

Depending on your individual settings, many web browsers automatically accept some cookies, but you can modify your browser setting to decline cookies if you prefer. However, this may prevent you from taking full advantage of the website. You are able to control our processing of this data by using the facility at Your Online Choices

You may choose to restrict the collection, or use of your personal information in the following ways:

  • If you are asked to supply your personal information on this website, look for the box that you can click to indicate that you want the information to be used by us for direct marketing purposes.
  • If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to us or emailing us at
How do we keep your personal information secure?

We take personal data security seriously and have both physical, electronic and procedural safeguards in place to protect the confidentiality and security of any information transmitted to us.

To safeguard the information delivered to us electronically, our website uses Secure Sockets Layer (SSL). However, no data transmission over the Internet can be 100% secure. So whilst we will take all steps reasonably necessary to protect the security of your personal information, we cannot 100% guarantee it. Any information transmitted to our website is done at your own risk.

Credit Card Security

We take the credit card security of our customers’ data very seriously and this includes credit card information. On our website at checkout, you are taken to a secure page and should always see a closed padlock beside the URL address or at the top/bottom of your browser window. If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only for as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted. All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers. To learn more, you may also want to read Shopify’s Terms of Service or Privacy Statement.

How to request or change the personal information we have stored

You have the right to request details of personal information which we hold about you under the relevant Data Protection legislation in force at the time. In the first instance we will happily provide a copy of the personal information we hold free of charge. We will try to respond to your request within one month, although it might take us longer if your request is complex.

When requested, we will provide the following:

  • Confirm the personal data we hold about you
  • Provide any supporting materials required

If you believe that any information we are currently holding about you is incorrect or incomplete, please write to us as soon as possible. We will promptly correct any information found to be incorrect.

Under the Rights of Rectification and Erasure (the right to be forgotten), you may ask us at any time to remove information you think is inaccurate or no longer necessary.

If you would like a copy of the information held about you, or to correct any personal information held, please write to

How long do we keep personal information we have stored

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.

This means that we retain your data for 5 years from the last date on which you logged onto our website unless we believe it is necessary to apply a different retention period as set out below.

We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. If, for any reason, you cease to be a customer of the company, we will retain and securely destroy your personal information in accordance with applicable laws and regulations in accordance with the timescales above.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

How to refine or unsubscribe from communications

You can choose to refine, or opt out of receiving marketing communications from us. If you'd like to refine the communications you receive then you can set your preferences by logging into your account.

If you no longer want to hear from us, you can click the 'Unsubscribe' link at the bottom of any email, or login and set your preferences in your account.

Changes to Our Privacy Policy

If at any time we make a change to this policy, we will update this page to reflect such change. We may email you to notify you of changes but recommend you check this page periodically to ensure you remain happy with the latest version.

Questions, Comments and Getting in Touch

We welcome any questions or comments in relation to this privacy policy, and advise you to send any such communication to

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues ( We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.