Last updated: 22 May 2026
This Privacy Policy explains how Cozy Onesies (“we”, “us”, “our”) collects, uses, stores and protects your personal information when you visit or make a purchase from cozyonesies.com (the “Site”). We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).
1. Who we are (Data Controller)
Cozy Onesies (operating as an individual sole trader)
Address: 275 New North Road, Islington Suite 1019, London N1 7AA, United Kingdom
Email: [email protected]
Phone: +44 7362 027629
For any privacy-related questions or requests, please contact us at the email above.
2. Information we collect
We collect the following categories of personal data:
Information you provide directly:
- Full name
- Billing and shipping address
- Email address
- Phone number
- Payment information (processed securely by Stripe or PayPal — we do not store full card details)
- Account login details, if you create an account
- Order history and preferences
- Communications you send us (support emails, contact form submissions)
- Product reviews and feedback
Information collected automatically:
- IP address
- Browser type and version
- Device information and operating system
- Pages visited, time spent, referring URLs
- Cookies and similar tracking technologies (see our Cookie Policy)
3. How we use your information (and our legal basis)
We process your personal data for the following purposes:
| Purpose | Legal Basis |
|---|---|
| Process and fulfil your orders | Performance of a contract |
| Send order confirmations and shipping updates | Performance of a contract |
| Handle returns, refunds and customer support | Performance of a contract |
| Send marketing emails and newsletters | Consent (you can withdraw at any time) |
| Send post-purchase review requests via CusRev | Consent (checkbox at checkout) |
| Prevent fraud and ensure site security | Legitimate interest |
| Analyse site usage to improve our services | Consent (analytics cookies) |
| Comply with legal and tax obligations | Legal obligation |
4. Sharing your information
We share your personal data only with the following categories of third parties, and only as necessary:
- Payment processors: Stripe and PayPal — to process payments securely
- Shipping carriers: to deliver your order (name, address, phone, email)
- Suppliers and fulfilment partners: including our warehouse in China, who receive shipping details to fulfil orders
- Email and marketing platforms: Mailchimp or similar (only if you subscribe)
- Review platform: CusRev — to send review requests if you have opted in
- Analytics providers: Google Analytics, Google Tag Manager, Meta (Facebook) Pixel, and similar
- Hosting and infrastructure providers
- Government authorities or law enforcement: when legally required
We do not sell your personal data to third parties.
5. International data transfers
Because we ship internationally and use a warehouse in China, some of your data (name, shipping address, phone, email, order details) will be transferred outside the United Kingdom and European Economic Area, including to China and the United States. Where we transfer data outside the UK/EEA, we rely on appropriate safeguards such as Standard Contractual Clauses or the UK International Data Transfer Agreement, or transfer only the minimum data necessary to fulfil your order.
6. How long we keep your data
We keep your personal data only as long as necessary for the purposes described above:
- Order and transaction records: 6 years after your last purchase, as required by UK tax and accounting law (HMRC).
- Account information: until you delete your account or request deletion.
- Marketing consent records: until you unsubscribe or withdraw consent.
- Customer support communications: up to 3 years after the issue is resolved.
- Website analytics data: retention period set by Google Analytics (typically up to 14 months).
After these periods, we delete or anonymise your data.
7. Your rights under UK GDPR
You have the following rights regarding your personal data:
- Right of access — request a copy of the data we hold about you
- Right to rectification — correct inaccurate or incomplete data
- Right to erasure (“right to be forgotten”) — request deletion of your data
- Right to restrict processing — limit how we use your data
- Right to data portability — receive your data in a portable format
- Right to object — to processing based on legitimate interests or direct marketing
- Right to withdraw consent — at any time, where processing is based on consent
- Right to lodge a complaint with the UK Information Commissioner’s Office (ICO) at ico.org.uk
To exercise any of these rights, email us at [email protected]. We will respond within one month.
8. Cookies and tracking
We use cookies and similar technologies including Google Analytics, Google Tag Manager and advertising pixels (such as the Meta/Facebook Pixel). For full details and to manage your preferences, see our Cookie Policy.
9. Security
We take appropriate technical and organisational measures to protect your data, including SSL/TLS encryption, secure payment processing via PCI-compliant providers (Stripe, PayPal), and restricted access to personal data. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.
10. Children’s privacy
Our Site is not directed to children under 18. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us with personal data, please contact us and we will delete it.
11. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. The “Last updated” date at the top will reflect any changes. For significant changes, we will notify you by email or a notice on the Site.
12. Contact
For any privacy-related questions or to exercise your rights:
Cozy Onesies
Email: [email protected]
Phone: +44 7362 027629
Address: 275 New North Road, Islington Suite 1019, London N1 7AA, United Kingdom