HomePrivacy Policy

Privacy Policy

Effective Date: 14/01/2026

1. Introduction

Tiny Company (“we”, “our”, or “us”) is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you interact with us, in compliance with the EU General Data Protection Regulation (GDPR) and applicable UK data protection laws, including the UK GDPR and the Data Protection Act 2018.

2. Data Controller

Tiny Company is the data controller responsible for your personal data.
For any questions or concerns regarding this policy or your data, please contact us exclusively via the “Contact Us” form on our website. We do not handle privacy inquiries through other channels.

3. Information We Collect

We may collect and process the following categories of personal data:

  • Contact Data: Name, email address, and any other information you voluntarily provide via our “Contact Us” form or other communications.
  • Technical Data: Internet protocol (IP) address, browser type, operating system, and information about your visit to our website (e.g., pages viewed), collected via cookies and similar technologies. Please see our separate Cookie Policy for details.
  • Usage Data: Information about how you use our website and services.

4. How We Use Your Information (Lawful Basis)

We will only use your personal data when the law allows us to. Our primary lawful bases are:

  • Performance of a Contract: To provide our services or take steps at your request before entering into a contract.
  • Legitimate Interests: To operate and improve our business, website security, and marketing, provided your interests and fundamental rights do not override those interests.
  • Legal Obligation: To comply with our legal and regulatory obligations.
  • Consent: Where we have obtained your explicit, informed consent for specific purposes (e.g., certain marketing communications). You may withdraw consent at any time.
Purpose / ActivityType of DataLawful Basis for Processing
Responding to your inquiries via the contact formContact DataLegitimate Interests / Performance of a Contract
Administering and protecting our websiteTechnical DataLegitimate Interests (for IT security and administration)
Complying with legal/regulatory requirementsAny relevant dataLegal Obligation
Sending marketing communications (where applicable)Contact DataConsent or Legitimate Interests (for existing customers)

5. Data Sharing and Transfers

  • We do not sell your personal data.
  • We may share your data with:
    • Service Providers: Trusted third parties who provide services on our behalf (e.g., website hosting, email delivery), under strict data processing agreements.
    • Legal Authorities: Where required by law or to protect our rights.
  • If we transfer data outside the UK or European Economic Area (EEA), we will ensure appropriate safeguards are in place, such as adequacy decisions or Standard Contractual Clauses.

6. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or alteration. However, no internet transmission is completely secure.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes we collected it for, including satisfying any legal, accounting, or reporting requirements. Specific retention periods are determined by the nature of the data and the purpose of processing.

8. Your Legal Rights

Under GDPR and UK data protection law, you have rights including:

  • Right of Access: Request a copy of your personal data.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure (“Right to be Forgotten”): Request deletion of your data under certain conditions.
  • Right to Restrict Processing: Request limitation of how we use your data.
  • Right to Data Portability: Receive your data in a structured, machine-readable format.
  • Right to Object: Object to processing based on legitimate interests.
  • Rights related to automated decision-making: Not to be subject to decisions based solely on automated processing.
    To exercise any of these rights, please use the “Contact Us” form on our website. We may need to verify your identity before responding.

9. Complaints

You have the right to lodge a complaint with a supervisory authority.

  • In the UK: The Information Commissioner’s Office (ICO) (www.ico.org.uk).
  • In the EU: The data protection authority in your member state.

10. Changes to This Policy

We may update this Privacy Policy periodically. The latest version will always be posted on our website with the updated “Last Updated” date.

Contact Us:
For all privacy-related matters, please use the dedicated “Contact Us” form on our website.