Free UK delivery on orders over £75 🌊

Privacy Policy

Last updated: 31 May 2026

This Privacy Policy explains how Goosebumps Co. (“we”, “us”, “our”) collects, uses, stores and shares personal information when you visit, browse or buy from goosebumpsco.com (the “Site”), or when you subscribe to our emails or otherwise interact with us. It is written in plain English wherever possible and is designed to be compliant with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who we are

Goosebumps Co. is a UK cold-water swimming apparel brand.

For any privacy-related questions or to exercise your rights under UK GDPR, contact us by email at press.goosebumpsco@gmail.com. We are the “data controller” of your personal information for the purposes of UK GDPR.

2. What information we collect

We collect different types of personal information depending on how you use the Site.

  • Information you give us directly: name, email address, postal address, phone number (if provided), order details, product reviews, and anything you include when you contact us.
  • Payment information: card details, billing address and transaction details. Payment information is collected and processed by our payment providers; we do not store full card numbers on our systems.
  • Account information: if you create a customer account, the email and password you use, and any preferences you save.
  • Browsing and device information: IP address, browser type, device identifiers, pages visited, items viewed or added to cart, referring website, and approximate location derived from your IP address. This is collected automatically through cookies and similar technologies.
  • Marketing preferences: whether you have signed up to our emails, your engagement with those emails (opens and clicks), and any unsubscribe requests.

3. How we use your information

We use your personal information for the following purposes:

  • To process and fulfil your orders, including arranging printing and shipping with our print-on-demand partner, sending you order confirmations and shipping updates, and handling returns or exchanges.
  • To provide customer service, including responding to your enquiries and resolving issues.
  • To send marketing communications where you have signed up to receive them, including our welcome series, occasional product launches, and other email content. You can unsubscribe at any time using the link in any email.
  • To improve the Site, including analysing browsing patterns, identifying problems and informing product decisions.
  • To run targeted advertising on platforms like Meta (Facebook and Instagram), Pinterest and TikTok, including by sharing limited information with these platforms to find similar audiences. You can opt out of targeted advertising via the privacy controls in each platform.
  • To prevent fraud and protect our business, including verifying identity, detecting suspicious activity and complying with our legal obligations.
  • To comply with our legal obligations, including retaining transaction records as required by UK tax and accounting law.

4. Lawful basis for processing

Under UK GDPR we must have a lawful basis for processing your personal information. We rely on the following:

  • Performance of a contract — when we process your order, deliver it and handle returns.
  • Legitimate interests — when we improve the Site, prevent fraud, run analytics, send transactional communications, and market to existing customers about similar products. We always balance our legitimate interests against your rights.
  • Consent — when you sign up to our email list, and when we use non-essential cookies (analytics, advertising). You can withdraw consent at any time.
  • Legal obligation — when we retain transaction records for tax or accounting purposes.

5. Who we share your information with

We only share your personal information with third parties where necessary to run the business or as required by law. The main third parties we work with are:

  • Shopify Inc. — our e-commerce platform. Shopify hosts the Site, processes payments and stores customer and order data on our behalf. Read Shopify’s privacy policy at shopify.com/legal/privacy.
  • Inkthreadable Ltd — our UK print-on-demand fulfilment partner. Order details and shipping addresses are shared with them so they can print and dispatch your order. Read their privacy policy at inkthreadable.co.uk/privacy.
  • Klaviyo Inc. — our email marketing platform. If you sign up to our emails, your name, email and engagement data are stored in Klaviyo. Read their privacy notice at klaviyo.com/legal/privacy.
  • Judge.me — our product reviews platform. If you leave a review, your name and review content are stored by Judge.me. Read their privacy policy at judge.me/policies/privacy.
  • Meta Platforms Inc. — we use the Meta Pixel and Conversions API on the Site to measure ad performance and run targeted advertising on Facebook and Instagram. Limited data about your activity is shared with Meta. Read Meta’s privacy policy at facebook.com/privacy/policy.
  • Pinterest Inc. — we use the Pinterest Tag and (in future) the Pinterest API to measure ad performance and run advertising. Read Pinterest’s privacy policy at policy.pinterest.com/privacy-policy.
  • TikTok Pte. Ltd. — we may use TikTok’s pixel and advertising tools. Read TikTok’s privacy policy at tiktok.com/legal/privacy-policy.
  • Royal Mail and other carriers — our delivery partners receive your name and shipping address to deliver your order.
  • Tax, accounting and legal advisors — where required to meet our legal obligations or defend our interests.

We do not sell your personal information.

6. International transfers

Some of the third parties we work with are based outside the United Kingdom, including in the United States and the European Union. When we transfer your personal information outside the UK, we rely on appropriate safeguards, such as the UK’s International Data Transfer Agreement, the European Commission’s Standard Contractual Clauses with the UK Addendum, or transfers to countries the UK has determined provide an adequate level of protection.

7. Cookies and similar technologies

We use cookies and similar technologies on the Site for the following purposes:

  • Strictly necessary cookies — required to operate the Site, such as keeping your cart contents and processing checkout. These cannot be switched off.
  • Functional cookies — remember your preferences and improve your experience.
  • Analytics cookies — help us understand how visitors use the Site, so we can improve it.
  • Advertising cookies — allow us and our advertising partners to show you relevant ads on other websites and measure ad performance.

You can manage cookies through your browser settings or through the cookie consent banner shown when you first visit the Site. Blocking analytics or advertising cookies will not affect your ability to use the Site, but may make some content less relevant to you.

8. How long we keep your information

We keep your personal information only for as long as we need it for the purposes set out in this policy:

  • Order and transaction records: at least 6 years from the date of the transaction, to comply with UK tax law.
  • Account information: for as long as your account is active, plus a reasonable period afterwards.
  • Email marketing data: until you unsubscribe or ask us to delete your data, whichever comes first.
  • Customer service correspondence: up to 3 years after the last contact, unless we need to retain it longer for legal reasons.
  • Browsing and analytics data: typically up to 26 months, in line with industry standards.

9. Your rights under UK GDPR

Under UK GDPR, you have the following rights in relation to your personal information:

  • Right of access: you can ask for a copy of the personal information we hold about you.
  • Right to rectification: you can ask us to correct inaccurate or incomplete information.
  • Right to erasure (also known as the right to be forgotten): you can ask us to delete your personal information in certain circumstances.
  • Right to restrict processing: you can ask us to limit how we use your information in certain circumstances.
  • Right to data portability: you can ask to receive your information in a structured, machine-readable format, or for us to transfer it to another organisation.
  • Right to object: you can object to processing based on legitimate interests, including direct marketing.
  • Right to withdraw consent: where we rely on consent, you can withdraw it at any time.
  • Rights related to automated decision-making: we do not currently make decisions about you based solely on automated processing.

To exercise any of these rights, email press.goosebumpsco@gmail.com. We will respond within one month of receiving your request. We may need to verify your identity before we act on the request.

10. Marketing communications

We send marketing emails only to people who have signed up to receive them, either by submitting an email signup form on the Site or by ticking the marketing consent box at checkout.

You can unsubscribe at any time by clicking the unsubscribe link at the bottom of any of our marketing emails, or by emailing us at press.goosebumpsco@gmail.com. We will action your request promptly. You will continue to receive transactional emails (order confirmations, shipping updates) even after you unsubscribe.

11. Children

The Site is not intended for children under 16. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, please contact us and we will delete it.

12. Security

We take appropriate technical and organisational measures to protect your personal information, including using secure (HTTPS) connections, encrypting card payments via our payment processors, and limiting access to your data within our business. However, no system is perfectly secure, and we cannot guarantee the absolute security of information transmitted over the internet.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to our practices or for legal, regulatory or operational reasons. The latest version will always be available at goosebumpsco.com/pages/privacy-policy, with the “last updated” date shown at the top. If we make significant changes, we will let you know by email or by a prominent notice on the Site.

14. Contact and complaints

For any questions about this Privacy Policy or how we handle your personal information, contact us at press.goosebumpsco@gmail.com.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s data protection regulator. ICO contact details are publicly available at ico.org.uk or by calling 0303 123 1113.

We’d always prefer to hear from you first, though — please email us before lodging a complaint, and we’ll do our best to put things right.