We take the privacy of our customers seriously, such that we commit to protecting your privacy and never lose sight of the fact that your personal information is ultimately yours. We mainly use your personal information to make things better and simpler for you and to provide you with the best user experience. We shall at all times strive to keep your personal information duly protected and safe, and advise you on why we collect personal information and the manner in which we use it. We shall always advise you on the choices or rights available at law, and will at all times respect your wishes.
This privacy policy (the “Policy”) sets the manner in which we shall handle and treat the Personal Data of customers, suppliers, website users, service providers, subscribers, business partners, and other third parties, pursuant to the EU General Data Protection (“GDPR”), the Maltese Data Protection Act (Chapter 586 of the laws of Malta) and any other national or EU legal instrument as applicable.
This Policy applies to all Personal Data which the Company Processes, regardless of the media on which that data is stored. In its capacity as a Data Controller, the Company aims to maintain correct and lawful treatment of Personal Data, thereby ensuring internal and external confidence in the Company, successful business operations, and customer loyalty.
This Policy provides details on whether your Personal Data is collected, processed, and retained by us and the manner in which this is done. Within this Policy, the following definitions shall have the same meaning as those contained in the General Data Protection Regulation (EU) 2016/679 (“GDPR”): “Data Subject”, “Data Controller, “Data Processor”, “Personal Data”, “Process” or “Processing”.
This Policy was last updated on the 23rd of November of the year 2023, and may be subject to further modification from time to time, depending on the circumstances, particularly where statutory obligations so require, or where the interest of our users’ security so requires. Any such changes will be posted here on our Privacy Policy page so that you are always kept informed of how and why we process your Personal Data.
It is therefore in your own interest to check this Privacy Policy page from time to time so as to keep abreast of changes.
Should you have any queries or concerns with respect to this Policy or the manner in which we handle your Personal Data, or otherwise wish to make a complaint or would like to access, correct, amend or delete any personal information we have about you, or if you require more information, you can contact us here at: https://toybox.mt/cotact-us/
INFORMATION WE GET FROM YOU
We collect Personal Data from you or about you as the Data Subject, when using our website, which Personal Data may include, but not be limited to your name, surname, address, and email-address.
You may also provide us with personal information in order to be able to complete a transaction, verify your credit card, place an order, register with us, in which cases it is implied that your consent to our collecting such information and using it for the specific reasons for which it has been provided.
Other information is collected as you interact with us, through our customer services team through online chats (where available). The Company also collects information about the way you access, view, share, contribute to and communicate with and through our services, for example when comments are posted via the Company’s social media channels.
We hold on to your Personal Data for as long as is necessary for us to be able to provide you with our services, or (should you contact us), for as long as is necessary in order to provide support related analysis.
We would also hold on to your Personal Data for as long as is necessary in order for us to meet our legal and/or regulatory requirements, in order to be able to resolve any disputes, to prevent any abuse and/or fraud, to be able to enforce our terms and conditions, or for information purposes as may be required, even after you may have closed your account with us, or you no longer require our services.
Should we ask you to provide us with your Personal Data for other reasons, such as for marketing purposes, we would either ask you directly for your expressed consent, or otherwise provide you with an option to say no to the processing of such Personal Data.
INFORMATION WE GET FROM YOUR DEVICE
When browsing our website, we also collect information from the devices you use to receive our services. This could include, but would not be limited to the following:
‘Cookies’ are small text files stored in your web browser that enable us to recognise your computer when you visit one of our websites. Cookies are essential to keep certain parts of our websites functioning correctly and securely. We also use them to make things quicker, easier, and more personal to you and to help us understand how our websites are used. They can also be used to present you with more tailored advertising content.
To do all of these things, cookies collect some Personal Data about you whenever you use our websites. You can choose whether to accept or reject some or all types of cookies and control this through your device’s browser settings. If you then continue to use our websites without adjusting your browser settings, we will use cookies as set out in the sections below, so to help you make an informed choice it’s important to know why we use the different types of cookies and what that means for your online experience. This section provides you with a summary of the main points and tells you how switching off the different types of cookie will affect your experience on our websites.
We use Targeting or Advertising Cookies to help us deliver advertisements relevant to you. These cookies also help us limit the number of times that our users see an advertisement, and help us measure the effectiveness of our advertisements and our overall marketing campaigns.
We use Analytical Cookies which collect information about how people use our websites and how the sites are performing, e.g. how many people visit, which pages are most popular and whether and where people see error messages. A few examples of the ways in which we use Analytical cookies:
Without these cookies you will still be able to use and enjoy all the online features of our websites. However, kindly note that by disabling or deleting cookies and their use, your user experience may be affected and you might not be able to take advantage of all our functions on our website.
All modern browsers allow you to see what cookies you have, and to clear them individually or in their entirety by changing your cookie settings. For further information on how to delete cookies, click “help” on your browser.
INFORMATION WE GET FROM EXTERNAL COMPANIES
Sometimes we need to undertake additional checks to verify information. To do this we use organisations and databases which collate information. We could also look at publicly available information to verify things, and at information available on social media platforms.
We only deal with reputable companies that take privacy as seriously as we do and have obtained your consent to share this data with us or companies in our sector for marketing, and you will always be able to opt out of receiving further marketing from us.
We could also possibly look at publicly available information about you. Although this information is public, we remain mindful of your privacy and use it only as and where necessary.
If you raise a query or a complaint with us through our portals, we will of course have a record of your user name and will use this to talk to you to resolve the matter you’ve raised and keep accurate records of how it was resolved.
We use information posted publicly on social media sites to help us understand how our customers interact with us. For example, we might look at which groups of customers are more likely to contact us via social media or to use social media to talk about our products and services. We do this in a way that does not identify individual customers.
We use the Personal Data we hold about you in a range of different ways, which fall into these broad categories:
We’re telling you this because data protection law gives you rights over your Personal Data, which differ according to which of these categories it falls into. This section explains more about each category, the rights it gives you, how to exercise them and what that means in practice.
PROVIDING OUR PRODUCTS AND SERVICES
There are certain things we have to do in order to be able to provide you with our products and services. As you would expect, we use your Personal Data to enable you to use our sites, to set up your account, respond to queries, contact you, and provide you with the best possible level of customer service. We use technical information about your device, such as operating system and location to present you with the correct version of our website or app and keep it functioning securely and correctly.
Like most organisations, to provide our products and services we share your information with external organisations working on our behalf. Such organisations include companies such as payment service providers, order packers, delivery companies, professional marketing agencies, advertising partners, website hosts, credit reference agencies, law enforcement and fraud prevention agencies, social media websites (should you decide to link your account to us), and other third parties who may be provided with anonymised information and analytics about our customers which would in no manner identify you. These third-party organisations will only use such Personal Data to the extent necessary to be able to perform the services required by us.
LEGAL AND REGULATORY REQUIREMENTS
We need to comply with a range of legal and regulatory requirements, some of which involve the use of Personal Data and/or set out timescales for which we need to keep that information.
We are also subject to laws and regulations relating to aspects of our business, such as payment processing or complaint handling and some of these too involve the use of, or set timescales for holding, your personal information.
RUNNING OUR BUSINESS EFFECTIVELY AND EFFICIENTLY
There are some things we do to help us operate as a commercial organisation. We have a legitimate interest in carrying out these activities, and where they involve using your Personal Data, we are careful to carry them out in a way that minimises any impact on your privacy. Data protection law gives you the ‘right of objection’ to the activities in this category if your right to privacy outweighs our legitimate business interest in doing them.
Business Insights
We carry out basic analytics to help us understand, how, when, where and why our customers use our services, and how our business is performing. This helps us monitor and plan everything from the effectiveness of our advertising through to ensuring we have enough staff available to handle queries at peak times. It also gives us a much clearer picture of our customers generally, the broad demographic groups they fit into (e.g. age group, gender, location, etc.) and the products and services they use, which in turn helps us to develop better and more relevant features, products, and services. We do this analysis in a way that does not identify individual customers, so there is no impact on the privacy of any one person.
Market Research
We will occasionally invite you to give feedback or to take part in customer surveys, questionnaires or focus groups. We will contact you online or via email, directly or through a third-party organisation acting on our behalf. Taking part in research is always voluntary, and where we use a third-party, we do not pass over any details (other than your contact details so they can send you the initial request or invitation) unless and until we have your consent to do so.
THINGS WE DO WITH YOUR CONSENT AND AGE OF CONSENT
By using our website, you confirm that you have at least attained the age of majority in your region, county, province, state, or country of residence, and you have given us your consent to allow any of your minor dependents to use this website and any other relative services or products we provide.
When your provide us with Personal Data for the purposes of using our website, or completing any transaction through our website, or to verify your credit card information, place an order, or register with us, we imply that you have given your consent to our collection such information and using for the specific reasons you for which you have given us such information only.
Marketing
With your permission, we may contact you to provide you with information about us, our services, products, and any other updates that may interest you. You may however, stop receiving any marketing information from us at any time. We will send you offers and information only if you have given your consent for us to do so, in which case we will contact you via email, post, SMS or online.
We never share your data with companies outside our group for them to use for their own marketing. From time to time, we may team up with a third party to bring you details of a product or service we think might interest you, but where we do this the contact will come from us – we will never pass your details to the third party without your prior consent.
Please be assured that we do not use any sensitive information we hold about you (for example, information about self-exclusion, health, or ethnicity) for marketing-related purposes.
Keeping it Relevant
We want to our products and services to be better for you, so we want to be able to tell you about products, services, and features that you will find exciting and relevant, and we tailor the offers and information we send to suit you. To do this, we look at what we know about you – such as your age, location and gender, your patterns, your social media usage and how you interact with us – and we use it to build up a picture of you that helps us decide what you’re most likely to want to hear about. We also combine this with information we’ve obtained from publicly or commercially available sources about the things people with similar characteristics to you (in terms of age, gender, location etc.) tend to be interested in so we can fine-tune the offers we present to you.
Putting you in Control
We firmly believe our customers prefer offers and information that are relevant to them and their interests over general adverts, so we tailor all our marketing using this picture we’ve built up of you. We think this makes our marketing better both for you and for us. However, data protection law gives you the right to opt out of having your personal data used to build up this type of picture and predict what you might be interested in, so you can opt out at any time.
Advertising on Social Media
If you have given your consent to marketing, we will work with social media companies such as Facebook and Twitter to provide you with information about our products and services via their platforms. If you do not wish to see these adverts, you can control this easily by disabling preference-based marketing in the privacy and ad settings on each individual platform.
Even if you have withdrawn your consent to personalised marketing by us, you might still see general adverts for our products and services on your social media feeds. These will not be specifically targeted to you, and again, you can control this via the privacy and ad settings on each platform.
Online Behavioural Advertising
We use cookies placed by third parties to collect personal information about your browsing activity, which is then grouped with data about what other people with similar interests and characteristics (in terms of age, gender, location etc.) are looking at. The combined information is used to show you online adverts based on those interests, either for our own products and services or those of a third party (this is known as ‘Online behavioural Advertising’).
If you wish to opt out of e-mail marketing only, you can also do this by clicking on the link at “unsubscribe” on any email we have sent you.
As our marketing campaigns are prepared well in advance, you are likely to continue to receive material for a short period of time after updating your preferences.
On occasion, you may provide us, usually indirectly, with sensitive information about yourself, such as your ethnicity or nationality. It is rare for us to ask you for this type of information directly, and we will only do so if we have a specific and valid legal reason, which we will explain clearly at the time. Where we do need to hold this type of sensitive information, we will do so only to comply with our legal or regulatory requirements and will not use or make it available for any other purpose.
COMPANIES THAT PROVIDE SERVICES ON OUR BEHALF
We share your personal information with external organisations that carry out a range of services on our behalf and thereby process data for us, based on our instructions, and in compliance with this policy and any other appropriate confidentiality and security measures. Both we and they are obliged to handle your information in accordance with data protection law.
The main functions that are or may be carried out, fully or in part, by third parties are listed below:
Please be aware that data sent through the internet may potentially, for reasons beyond our control that are solely of a technical nature, be transmitted across international borders even where sender and receiver of information are located in the same country.
Without prejudice to anything contained in this Policy, it is pertinent to point out that we are obliged to disclose personal data relating to you to any third party if such disclosure is necessary or we need to do so in instances where you violate our terms and conditions of service. Such disclosure can also be made in instances which inter alia include the following:
Some of the third-party providers we use could be based in, or carry out their activities in, countries outside the European Economic Area (EEA), which includes all the EU Member States, plus certain countries considered to offer a standard of data protection equivalent to that of Europe. Where this means Personal Data is transferred outside the EEA, we have to put in place additional legal protections on top of our standard checks and measures, to ensure it receives the same level of protection as it would within the EEA. Where necessary, we also put in place any additional contractual measures required at law in any of the countries in which we operate, except where they conflict with the General European Data Protection Regulation.
Apart from the functions set out above, we do not share your personal information with third parties except where we are compelled or permitted by law to do so. These circumstances are rare, but may require us to share information with the police or other law enforcement agencies, the courts, and statutory authorities (e.g. in connection with tax matters) in any of the countries in which we operate.
Where necessary to protect or defend our rights and interests, resolve disputes, or enforce our agreements, we will share personal data with our regulators, external legal advisors and debt recovery and tracing agencies, although again these circumstances are rare.
If ownership of all or part of our business changes or we undergo a reorganisation or restructure, we will transfer your personal information to the new owner or successor company so we or they can continue to provide the services you have requested.
Whenever we share Personal Data, and whatever the reason or circumstances, we will always do so legally and with due regard to your privacy. If we receive a request from law enforcement or other statutory bodies, we do not disclose personal information without a warrant, court order or other legally valid proof of authority.
We hold your personal information only as long as we have a valid legal reason to do so, which includes providing you with the services you have requested, meeting our legal and regulatory obligations, resolving disputes, and enforcing our agreements.
The length of time for which we keep different types of personal information can vary, depending on why we originally obtained them, the reason we process them and the legal requirements that apply to them. When setting our data retention and deletion timescales we take into account a range of factors including applicable regulations and standards relating to inter alia taxation, payment processing and complaint handling, the need to prevent or detect crime or other misuse of our services, and audit requirements. To fulfil our requirements, some of your personal data will need to be retained for a period of time after you cease to be a customer or user. When we no longer need it to fulfil the above requirements, we delete it securely. Where we wish to retain any information for analysis purposes, we first anonymise it to the standards approved by the Maltese Information and Data Protection Commissioner, (which, is our lead regulator on matters relating to Data protection) so that it can no longer be linked back to an individual. Please note that if you opt out of receiving marketing from us, we will still need to keep your contact details in order to suppress them from future marketing activity.
You, as a Data Subject, have the following rights in the sphere of data protection:
As a Data Subject you have the right to be informed about how your personal information and Personal Data is being used. We have identified the manner in which such will be used through this Policy. For more information, or should you have a specific query, you may contact us accordingly.
THE RIGHT TO OPT OUT OF HAVING YOUR INFORMATION USED FOR MARKETING
As a Data Subject you have the right to restricting processing. You can opt out of receiving marketing at any time. You also have the right to opt out of having your information used to create a ‘profile’ of you for marketing purposes.
We firmly believe that our customers prefer to receive offers and information that are relevant to them so we tailor all of our marketing to make it more interesting to our customers.
In instances where we are processing your Personal Data on the basis of your consent, as a Data Subject you always have the right to withdraw your consent at any time. The withdrawal of your consent shall not affect the lawfulness of processing we may have done based on the consent you gave us before you exercised your right of withdrawal. If you wish to exercise your right to withdraw consent kindly contact us.
You can update your personal details at any time via your account or by contacting us.
Please help us to help you by keeping your contact details up to date and letting us know if you spot any errors in the information we hold about you. We’ll update inaccuracies promptly, and within a month if you are requesting a more complex change. If we take the decision not to make a change you have requested, we will explain why and make a note on your account to show that you requested the change.
Data protection law gives you the right to object to the processing of your personal data. The manner in which we process your data is detailed in this Privacy Policy, in particular under the section entitled ‘Running our business effectively and efficiently’. In certain circumstances, as a company we may proceed with processing your Personal Data, even though you may have filed an objection thereto, if we believe we have a legitimate interest in such processing which overrides your legitimate interest. If you believe your privacy rights outweigh the legitimate interest we have as a business in processing your data you may exercise such right.
People sometimes refer to this as the ‘right to be forgotten’. Under data protection law, you have the right to request erasure of your personal data in the following circumstances:
We acknowledge the right to be forgotten and therefore ensure that no Personal Data that is processed while providing you with our services, or through our website, will be kept for longer than necessary for the purposes for which it is processed. Personal Data will only be kept for a period corresponding with our obligations of retention under the applicable laws.
If you still wish to exercise your right, you should contact us and we will respond to your request within a month. If we uphold your request and erase your data, we will also notify any third parties to which the data has been passed of same, where we are able to do so, and tell you who they are. If we do not uphold your request, we will tell you why.
If you would like a copy of the personal information, we hold about you, you should request it by contact us. We will ask you to complete and return a form, which is not compulsory but helps us to help you by providing the information you are looking for. Before we respond to your request, we will ask you for valid proof of identity and once we’ve received it we will provide our response within one month. If your request is unusually complex and likely to take longer than a month, we will let you know as soon as we can and tell you how long we think it will take.
We will fulfill requests wherever possible, but there are occasional situations in which local or European Union data protection law requires or permits us to withhold some information (such as where it would involve disclosing information about another person or information which is commercially sensitive), or permits us to make a small charge. If either of these applies, we will explain this to you.
The right to ‘data portability’ aims to enable consumers to re-use some of their personal information online by making it available in a commonly-used, machine-readable format that can be passed to and used by other organisations. This is a new initiative and it is not yet possible to ‘port’ data directly between providers in our industry. However, if you wish to exercise this right, you should contact us and we will provide you with the following information:
Before responding to your request, we will ask you to provide valid proof of identity, and we will provide our response within one month of receiving it.
If you believe your privacy rights have been infringed, or you disagree with a decision we have made about your privacy rights, you have the right to complain to the privacy regulator. As we are based in Malta, our principal data protection regulator is Malta’s Information and Data Protection Commissioner.
Our websites may from time to time contain links to both local and/or international third-party websites. Any such links are not an endorsement by us of any information and/or products and/or services such websites may contain or offer. These organisations and sites will have their own privacy policies which will not be the same as ours. Therefore, when accessing such sites, consult their privacy policy before providing them with any personal data. We cannot accept any responsibility for the content, use, availability, privacy practices or the content of any such third-party websites.
We take all reasonable efforts for the purpose of safeguarding the confidentiality of all Personal Data that we process and regularly review and enhances our technical, physical, and managerial procedures so as to ensure that your Personal Data is protected from:
To this end we take reasonable precautions and follow industry best practices, policies, and measures dedicated to the protection of the Personal Data processed by us and that data that we have under our control.
By its very nature however the internet is not a secure medium and data sent via this medium can potentially be subject to unauthorised acts by third parties beyond our control. There can be no absolute guarantee in relation to the privacy or confidentiality of any information passing through our website. We shall accept no responsibility or liability whatsoever for the security of your data while in transit through the internet.
On Orders Over €45
ToyBox is Malta’s ultimate online toy shop with over 5000 toys to choose from.
We are an online only store delivering all over Malta and Gozo
Check Out Now and use code TODAY5 and enjoy 5% OFF!