— The small print —

Privacy policy.

How we handle your data. Plain English. No surprises.

Last updated: June 2026. This policy explains what we collect, why, how long we keep it, and what your rights are under UK GDPR.

1. Who we are

This site is operated by Dirty Cow Chocolate Ltd, a company registered in England and Wales. When this policy uses “we”, “us” or “Dirty Cow”, it means that company.

We are the data controller for the personal information you give us through this website. For anything privacy-related, write to eatme@dirtycowchocolate.com.

2. What we collect

We collect the information you actively give us when you place an order, sign up to our newsletter, or send us a message:

  • Your name and delivery address (to post the order)
  • Your email address (to confirm the order and, if you opted in, send the newsletter)
  • Your phone number (optional, used by the courier if there’s a delivery issue)
  • Order history (so we can answer support questions about past orders)
  • Any messages you send via the contact form or by email

We do not see, store, or process your card details. Payments are handled by our payment provider (Stripe) who you can read about at stripe.com/gb/privacy.

We also collect a small amount of technical data automatically when you visit:

  • Your IP address, browser type and the pages you viewed (used to fix bugs and measure traffic)
  • Cookie data (see Section 5)

3. Why we collect it & the legal basis

Each piece of data has a specific job:

  • Contract — name, address, phone, order data. We need this to fulfil your order. Without it we can’t send you chocolate.
  • Consent — newsletter sign-up. You opt in, you can opt out from any email or by writing to us. We never assume.
  • Legitimate interest — analytics, fraud prevention, responding to your messages. Low-risk processing that helps us run the shop sensibly.
  • Legal obligation — keeping order records for HMRC (six years).

4. Who we share it with

Only the suppliers that need to see it to do their job. We never sell your data and we never share it for marketing purposes.

  • Royal Mail / DPD — for delivery (name, address, phone, order number)
  • Stripe — for card payments (handled directly by Stripe; we never see card data)
  • Mailchimp — for the newsletter, if you opted in (email + first name)
  • Google Analytics — aggregated, anonymised traffic data only
  • Our hosting provider — to keep the site running

All of these are bound by data-processing agreements with us, and all are GDPR-compliant. If we ever change provider we’ll update this list.

5. Cookies

We use three kinds of cookies:

  • Essential — remember what’s in your bag, keep you logged in if you’re a trade account. The site doesn’t work without these. No consent required under UK rules.
  • Analytics — Google Analytics, anonymised, aggregated. Helps us see which pages people use and which we should improve. You can opt out at first visit and any time after via your browser settings.
  • Marketing — we don’t use any. No ad-tracking, no remarketing pixels, no third-party trackers.

6. How long we keep it

  • Order records — 6 years (HMRC requirement)
  • Newsletter list — until you unsubscribe
  • Customer-service messages — 2 years from the last reply
  • Analytics data — 26 months (Google Analytics default)

7. Your rights

Under UK GDPR you can:

  • Ask what data we hold about you (subject access request)
  • Ask us to correct any of it
  • Ask us to delete it (subject to our legal obligations — e.g. we have to keep order records for HMRC)
  • Ask us to stop processing it for marketing
  • Ask for a copy in a portable format
  • Withdraw consent at any time for anything you opted into

Email eatme@dirtycowchocolate.com and we’ll respond within 30 days. If you’re not happy with how we’ve handled your request, you can complain to the Information Commissioner’s Office at ico.org.uk.

8. Children

We sell alcohol (our cream liqueur range is 17% ABV). We do not knowingly sell to under-18s and we do not knowingly collect data from under-18s. If we discover we’ve done so we’ll delete it.

9. Changes to this policy

If we make a material change we’ll email everyone on the newsletter list and update the “Last updated” date at the top. Smaller wording tweaks won’t trigger an email.

10. Contact

Dirty Cow Chocolate Ltd
Email: eatme@dirtycowchocolate.com
Registered office: to be added when this policy is finalised

Reviewed: June 2026. Get this checked by a lawyer before you go live, especially the registered-office line and the supplier list.