StemToysOnline.com
Operated by Twin Isles Export Ltd.
Effective Date: 15/02/2026
1. Introduction
This Privacy Policy explains how Twin Isles Export Ltd., trading as StemToysOnline.com (“Company”, “we”, “us”, “our”), collects, uses, processes, and protects personal data in accordance with:
- General Data Protection Regulation (EU) 2016/679 (“GDPR”)
- Data Protection Act 2018 (Ireland)
- ePrivacy Regulations
- Applicable EU consumer and eCommerce laws
Company Details:
Twin Isles Export Ltd.
Company Number: 804995
VAT Number: IE4548222NH
Registered Address: 6 Fern Road, Sandyford, Dublin D18 FP98, Ireland
Email: hello@stemtoysonline.com
2. Data Controller
For the purposes of GDPR, Twin Isles Export Ltd. is the Data Controller of personal data collected through StemToysOnline.com.
3. Personal Data We Collect
We may collect and process the following categories of personal data:
3.1 Information You Provide Directly
- Full name
- Billing and shipping address
- Email address
- Telephone number
- Payment details (processed securely via Stripe and PayPal)
- Account login details (if account created)
- Communications submitted through contact forms
3.2 Automatically Collected Data
- IP address
- Browser type and device information
- Website usage data
- Cookies and tracking technologies
3.3 Marketing & Analytics Data
- Google Analytics data
- Google Ads conversion tracking
- Google Merchant Center interaction data
- Hostinger Reach mailing subscription data
4. Legal Basis for Processing
We process personal data under the following lawful bases:
- Contractual Necessity – to process orders and deliver goods
- Legal Obligation – accounting, VAT compliance
- Legitimate Interest – fraud prevention, website security
- Consent – email marketing and non-essential cookies
5. Use of Personal Data
We use personal data to:
- Process and fulfil orders
- Deliver purchased goods
- Provide customer support
- Prevent fraud and misuse
- Improve website performance
- Conduct marketing (where consent is provided)
- Comply with legal obligations
We do not sell personal data to third parties.
6. Payment Processing
All payments are securely processed via:
- Stripe (PCI-DSS compliant)
- PayPal
- WooCommerce secure checkout system
We do not store full card details on our servers.
7. Data Sharing
We may share personal data with:
- Payment processors (Stripe, PayPal)
- Shipping providers
- Google Analytics and Google Ads
- Hostinger Reach (email marketing)
- Accountants and legal advisors
- Law enforcement where required
All third parties process data under contractual safeguards compliant with GDPR.
8. International Data Transfers
Some service providers (e.g., Google, Stripe) may process data outside the EU. Where this occurs, transfers are safeguarded by:
- EU Standard Contractual Clauses
- Adequacy Decisions
- GDPR-compliant safeguards
9. Data Retention
We retain personal data:
- For as long as necessary to fulfil orders
- For 6 years for accounting/tax compliance
- Until consent withdrawal (marketing)
10. Your Rights Under GDPR
You have the right to:
- Access your personal data
- Rectify inaccurate data
- Erase data (“Right to be Forgotten”)
- Restrict processing
- Data portability
- Object to processing
- Withdraw consent at any time
Complaints may be made to:
Data Protection Commission (Ireland)
www.dataprotection.ie
11. Children’s Privacy
Our products are intended for children aged 1+ to 9+; however, purchases must be made by adults. We do not knowingly collect data from children under 16.
12. Security Measures
We implement:
- SSL encryption
- Secure WordPress & WooCommerce infrastructure
- Access controls
- Firewall and hosting security (Hostinger)
13. Updates
We reserve the right to amend this Privacy Policy at any time. Updates will be posted on this page.