The Worm That Turned Logo

Our Data Protection and Privacy Policy

We treat all your Personal Information as confidential (although we reserve the right to disclose this information in the circumstances set out below). We will keep it on a secure server and we will fully comply with all applicable UK Data Protection and Consumer legislation.

What we collect

When you shop on this Website, we will ask you to input and will collect Personal Information from you such as your name, e-mail address, invoice address/delivery address, telephone number(s), product selections and if you select the account login option, a password. We may also collect information about where you are on the internet (eg the URL you may have been referred from, your IP address, your browser and device type, the country and where your router/internet service provider is located, the pages of our website that were viewed during your visit and any search terms that you entered on our website ("User Information"). We may collect this information even if you do not register with us.

You should be aware that this site is being monitored and may capture information about your visit that will help us improve the quality of our service.

How we use this information

We confirm that any Personal Information which you provide to us or which is available on public registers and any User Information from which we can identify you, is held in accordance with the registration we have with the Information Commissioner's Office. We use your information only for the following purposes:

Processing your orders;

For statistical purposes to improve this Website and the service to you;

To modify website content;

To administer this website;

To contact you about leaving a review on a product once your order has been completed;

If you consent, to notify you of products or special offers that may be of interest to you.

Data Transfers

We process our data within the European Economic Area ("EEA"). There may be instances where we transfer some of your data to suppliers within the EEA in order to deliver to you directly. Additionally, owing to the global nature of our business, the information that we collect from you may be transferred to locations outside the European Union for processing and storing, but only in connection with the services that we provide to you, such as international carriage. These countries may not have similar protections in place as the EEA regarding your data and its use as set out in this policy. By submitting your information you consent to such transfers outside the EEA. If we transfer your information outside of the EU in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Policy.


You agree that you do not object to us contacting you for any of the above purposes whether by telephone, e-mail or in writing and you confirm that you do not and will not consider any of the above as being a breach of any of your rights under the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 or any subsequent act with a similar intent. When you create an account while ordering online you will be given the option to receive information from The Worm that Turned about products, promotions or special offers which we feel may be of interest to you. You understand that you can unsubscribe from receiving such marketing information from us at any time but understand that we may need to contact you for reasons other than to provide information about our products.

When entering any of our competitions or prize draws, you provide your name, email address and mailing address. If you win, we will send the prize to the address entered and notify you by email. When you enter a contest or prize draw, you are also included in our newsletter list to receive notice of promotions, specials and new additions to the Website. You may unsubscribe from this news list by following the unsubscribe instructions in any email received.

Disclosure of Information

The relevant parts of Your Personal Information may be disclosed to reputable third parties who will help process your order. The Worm that Turned requires all such third parties to treat your personal information as fully confidential and to fully comply with all applicable UK Data Protection and Consumer legislation from time to time in place.

Third parties may use these details to enhance the delivery process. This may involve the further sharing of your relevant details with our third party agents, subcontractors, affiliates or other third party services, solely for the purpose of providing or improving the service.

We will only give your Personal Information to third party companies for mailing or marketing purposes if you have given us express permission to do so on the registration page. If you have a login account with us you can check and change your settings.

We will not release email addresses or phone numbers to third parties unless required to do so for delivery or review purposes as outlined above.

If we are requested by the police or any other regulatory or government authority investigating suspected illegal activities to provide your Personal Information and/or User Information you should be aware that we are entitled do so.

Please be aware that third-party vendors, including Google, may from time to time show you our adverts on selected sites across the Internet.


We have put in place various security procedures to protect your information. We consider the security of your personal data and the details of any transactions you make to be a matter of the highest priority. Only authorised employees can access your personal data. When you place an order with us, we use a secure server. Any data you provide to us is encrypted using a 'Secure Socket Layer' (SSL) session. SSL is an industry standard and is a widely used measure to guard against Internet messages being intercepted. You should be aware, however, that older browsers cannot use SSL. Please note that no payment card information is ever held on our servers in full. SagePay or other payment intermediaries such as PayPal hold all data relating to payment securely on their servers and access to the information controlled by those companies is restricted.

Retention and disposal of personal data

We review our retention periods for personal information on a regular basis. We are legally required to hold some types of information to fulfil our statutory obligations. We will hold your personal information on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract you hold with us.

Accessing information

You can access your online account using your username and password. You can also use this section to change or delete this information including any consent you have provided to receive marketing communications. We will not contact you for marketing purposes by email, phone or text message unless you have given your prior consent.

You can request further details of personal information that we hold about you, including on our databases, by contacting Requests must be made in writing and are free of charge. Proof of identification is required in order to protect your information. However, we reserve the right to charge a ‘reasonable fee’ when a request is manifestly unfounded or excessive, particularly if it is repetitive. We may also charge a reasonable fee to comply with requests for further copies of the same information. This fee will be based on the administrative cost of providing the information.

Where requests are manifestly unfounded or excessive, we can also refuse to respond. In such circumstances we will explain why to the individual, informing them of their right to complain to the supervisory authority and to a judicial remedy without undue delay and at the latest within one month.


Children are not eligible to use our services and we ask that persons under 16 do not enter any personal information with us. We have a system in place to ensure that we do not obtain the personal information of any persons under 16 knowingly or without the express permission of a parental guardian.

Links to other websites

Our website may contain links to other websites run by other organisations. This privacy policy applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our website.

In addition, if you linked to our website from a third party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the policy of that third party site.

Review of this policy

We keep this Policy under regular review. This Policy was last updated on 19th December 2017.