Privacy Policy

Privacy Policy

We are Thorntons Limited (“Thorntons”), and our registered Head Office is 889 Greenford Road, Greenford, England UB6 0HE and we are the Data Controller of the personal information (also known as and often referred to in this Policy as ‘Personal Data’) that you provide us with. We take our obligations as a Data Controller very seriously. Should you wish to find out more on how we collect, use and store your data, please contact us at Data.PrivacyUK@ferrero.com and below you can find out more about how we look after your personal data.

All our contact details can be found on our Sites. Follow this link to our contact details.

Thorntons has appointed a Data Protection Officer (DPO) who can be contacted at the following e-mail address Data.PrivacyUK@ferrero.com.

This Privacy Policy (“Privacy Policy”) discloses our practices with respect to the collection, processing and storage of information through the Thorntons UK Sites (thorntons.com (‘the Site’)) and our use of the personal information collected. This Privacy Policy applies solely to information collected through the Sites and does not apply to information collected through any other sources, including, without limitation, Facebook, Twitter, YouTube, Google and other third party and social media Sites.

In general, any information and data which you provide, or which is otherwise gathered by us in the context of the Sites, will be used by Thorntons in compliance with the UK GDPR. This means, in particular, that any Personal Data processing carried out by Thorntons will respect the principles of lawfulness, fairness, transparency, purpose limitation, storage limitation, data minimisation, accuracy, integrity and confidentiality, in accordance with the UK GDPR.


Thorntons does not knowingly collect any personal data from children under the age of 18. Thorntons takes children's privacy seriously. As such, we would recommend that a parent or guardian assist and guide any child under the age of 18 who may intend to browse the Sites or access the services provided by Thorntons. Children under the age of age 18 should not use the Sites or our services. In the event that Thorntons learns that it has inadvertently collected Personal Data from a child under the age of 18, Thorntons will promptly delete such information.

Collection of personal data

We collect, process and store certain information about you (such as, information which may identify you in some way; such as your name, address, telephone number, email address, screen name and/or financial information) through the Sites, only when you voluntarily submit it. We may request that you submit your personal information in certain instances, such as when you purchase products and services offered by us on this Site, submit comments or questions, request information, participate in a promotion, contest or sweepstakes or utilise other features or functions of this Site.

Certain pages of the Sites may allow you to create login credentials by typing in your username/ID or email address and password and other information; Payment method requiring login via PayPal.

We may also collect Personal Data by the use of cookies and other similar technologies. For more information about the use of cookies on the Sites please visit our Cookie Policy.

Processing activities

The processing of data shall be made by such procedures, technical and electronic means, which are suitable to protect the confidentiality and security of data and consists of collection, recording, organisation, storage, consultation, elaboration, alteration, selection, retrieval, alignment, use, combination, block, communication, dissemination, erasure, and destruction of data, including a combination of two or more of such activities.

Use of your personal data

When you provide your personal data on the Sites, we will limit the use of your personal data for the purpose(s) for which it was originally collected, in accordance with the terms of this Privacy Policy. We may use and store your information for the following reasons:

  • You have permitted its use by providing us with your consent
  • It is necessary for the performance of a contract, to which, you are a party
  • It is required for us to comply with a legal obligation
  • It is necessary for our legitimate interests.

Performance of a contract to which you are a party:

  • To finalise purchase orders and deliver products bought on the Site;
  • To provide answers or services you request, including allowing the creation of an account, to receive information from Thorntons; to verify your identity and assist you, in case you lose or forget your login/password details for any of Thornton’s registration services;
  • To allow you to create and maintain a registered user profile, to process transactions and enrolments you request, to contact you when necessary and respond to your requests and enquiries, including emails;
  • To process card payments and to provide any other services which you may request;
  • To send you newsletters you have subscribed to as a service (containing only informative content);

It is not mandatory for you to give Thorntons your personal data for these purposes; therefore, if you do not provide such data, Thorntons will not be able to provide any services to you.

Permitted use through your consent:

  • For marketing, promotional and publicity purposes, including to carry out direct marketing, as well as to carry out studies, research, market statistics or surveys, via e-mail, SMS, push notifications, pop-up banners, instant messaging, phone calls by an operator, Thorntons’ official social media pages, regarding Thorntons’ products and services (“Marketing”).
  • Processing for these purposes is based on your consent. It is never mandatory for you to give consent to Thorntons for the use of your Personal Data for these purposes, and you will suffer no consequence if you choose not to give it (aside from not being able to receive further marketing communications from Thorntons).
  • To send you offers, promotions or other information about our goods and services. Any consent given may also be withdrawn at a later stage.
  • For future marketing, promotional and publicity purposes, by sending you direct e-mail marketing communication regarding products and services provided by Thorntons which are identical or similar to those you have previously requested through the use of the Sites. Processing for these purposes is based on your consent.

You can always opt-out of these communications, by clicking on the “Unsubscribe” link provided at the bottom of all such communications.

Processing for this purpose is based on your consent, collected by means of the cookie pop-up banner and/or a specific tick box. It is never mandatory for you to give consent to Thorntons for use of your personal data for this purpose, and you will suffer no consequence if you choose not to (aside from not being able to benefit from greater personalisation of your user experience regarding the Sites). Any consent given may also be withdrawn at a later stage, either by modifying your device settings or contacting Thorntons at the address mentioned above.

Legal Obligation

  • When you provide any personal information to Thorntons, we must process it in accordance with the applicable laws, which may include retaining and reporting your Personal Data to official authorities for compliance with tax, customs or other legal obligations. No consent is required for the processing of data for this purpose since such processing is necessary to comply with a legal obligation.
  • To prevent and detect any misuse of the Sites, or any fraudulent activities carried out through the Sites (“Misuse/Fraud”).

Processing for this purpose is necessary to pursue Thorntons’ legitimate interests in preventing and detecting fraudulent activities or misuse of the Sites (for potentially criminal purposes).

Legitimate Interest:

  • To analyse and improve our service provision, enhance the Sites, evaluate the effectiveness of Thorntons’ marketing activities and services, perform statistical and demographics analyses on Thorntons’ corporate clients and registered users (“Analytics”). Anonymous information is collected in order to understand behaviour on the Sites and identify issues or possible improvements. These include page browsing behaviour of subsets of traffic such as heatmaps, input form analysis, as well as aggregated collection of data including page visits, volumetric and insight such as time spent on page, site navigation and performance.
  • Thorntons use age verification services to ensure that the sale of hampers and giftsets containing alcoholic products are to those over the age of 18. Where this cannot be proven your order may be rejected, or you may be requested to supply additional information when contacted by our Customer Service team.
  • To respond to your questions and comments; to provide you with access to certain areas and features on a Site; and to communicate with you about your activities on a Site.
  • To investigate suspected fraud, harassment, physical threats, or other violations of any law, rule or regulation, the rules or policies of a Site, or the rights of third parties; or to investigate any suspected conduct which we deem improper.

Processing for this purpose is necessary to pursue Thorntons legitimate interests in the development and administration of the Sites and to improve the services provided on the Sites.

Users shall not be required to provide Personal Data to browse public pages of the Sites. The provision of Personal Data for the purposes mentioned above is optional, however, failure to provide required data (indicated as such in the registration form, as applicable) may prevent users from completing registration or availing of related services.

We will not provide any of your personal data to any third parties without your specific consent.

Sharing of Information

Thorntons do not share, your personal information with independent companies for their own use. Personal data that you provide to us in the course of using our Sites’ features or requesting a product or service through this Sites, may be gathered and stored in one or more of our corporate databases.

These Sites may share your personal information with subcontractors (e.g. cloud service providers). Subcontractors are restricted from using this data in any other way other than to provide these services to Thorntons and they may not share this data.

Site metrics for this site may be shared with other Thorntons Sites, subsidiaries or affiliates. The information shared will be anonymised data and will not include any of your personal data. Your personal information may be disclosed, in close relation to the purposes specified above, only to:

  • subjects necessary for order fulfilment, delivering packages, sending postal mail and e-mail, removing repetitive information from customer lists, analysing data and providing marketing assistance, processing credit card payments, and providing customer service, which typically process personal data on behalf of Thorntons as data processors;
  • persons authorised by Thorntons to process personal data, that are committed to/ or under an appropriate statutory obligation of confidentiality (Thorntons employees);
  • law enforcement agencies and public authorities when so required by the applicable law or in good faith; and
  • third-party commercial partners for their own purposes only in compliance with appropriate legal grounds.

Thorntons will disclose your personal information, without notice, only if required to do so by law or in good faith if such action is necessary to: (a) conform to the edicts of the law or comply with a legal process served on Thorntons; (b) protect and defend the rights or property of Thorntons and this site; or, (c) act under exigent circumstances to protect the personal safety of users of Thorntons, its Sites, or the public.

Data Transfers

We may transfer your personal data that we collect from you to third party data processors located in countries within the European Economic Area (“EEA”) or to members of our group of companies in connection with the above purposes.

When transferring personal data outside the UK and/or EEA, we will ensure that such transfers are made in compliance with all applicable data protection laws.

Managing Your Personal Information

You have the ultimate control over the personal data that we collect and use. You can always choose not to provide certain data, but please keep in mind that you may not be able to use some of the features offered by the Site(s) unless you provide us with the required personal data (e.g., we will not be able to fulfil your order without certain personal data such as name, address etc.).

If you wish to verify, update, cancel or correct any of your personal data collected through the Site, contact us by post, email or phone.

Your Rights

As a data subject, you are entitled to exercise the following rights, at any time:

  • The right to be informed in relation to any changes made to the processing activities detailed in this Policy;
  • The right of access to a copy of all the personal data that is held by Thorntons UK Ltd and any of its subsidiaries;
  • The right to rectification of any inaccurate information;
  • The right to erasure (or the “right to be forgotten”) of any personal data that is held by Thorntons UK Ltd and any of its subsidiaries.
  • The right to restrict the processing of your personal data as detailed in the Privacy Policy above;
  • The right to data portability;
  • The right to object to the processing of your personal data as specified in this Policy;
  • Right to object in relation to automated decision making and profiling.

Please note that most of the personal data you provide to Thorntons can be changed at any time, including your e-mail preferences, by accessing, where applicable, your user profile created on the Sites.

At any time, you shall be entitled to exercise the rights established by the law in force, by contacting us at Data.PrivacyUK@ferrero.com.


Thorntons will keep your Personal Data only for as long as necessary, according to the principal reason for which it was originally collected:

  • Personal data processed for Service Provision will be kept by Thorntons for the period deemed strictly necessary to fulfil such purposes. Information will, however, be kept for longer if we need it to address any claims regarding the services or to protect Thorntons’ interests related to potential liability related to the Service Provision.
  • Personal data processed for Marketing and Profiling will be kept by Thorntons from the moment you give consent until the latter is withdrawn
  • Once you have objected, Personal Data will no longer be used for these purposes, although it may still be kept by Thorntons, in particular as may be necessary to protect Thorntons’ interests related to potential liability related to this processing
  • Personal data processed for Compliance will be kept by Thorntons for the period required by the specific legal obligations for which the Personal Data was processed.
  • Personal data processed for preventing Misuse/Fraud and Analytics will be kept by Thorntons for as long as deemed strictly necessary to fulfil the purposes for which it was collected.

After such periods, all data shall be deleted or anonymised, except that data we are required by law to keep for a longer period.

Links to other sites

The Site may contain links to other Sites that are not owned, operated, or maintained by Thorntons. When you leave the Site, you should note and read the terms and conditions and privacy policies of each and every Sites that you visit. You should also independently assess the authenticity of any Sites which appears or claims that it is one of our Sites (including those linked to through an email). Despite any links that might exist on the Site, unless expressly stated otherwise, we do not control, recommend, or endorse and are not affiliated with these Sites or their content, products, services, or privacy policies. Downloading material from certain Sites may risk infringing intellectual property rights or introducing viruses into your computer system.

Security practices

The security of your personal data I is very important to us. We have put in place appropriate technical and organisational, measures to safeguard the information we collect. However, due to the inherent open nature of the Internet, we cannot guarantee that communications between you and us or information stored on the Sites or our servers will be completely free from unauthorised access by third parties, such as hackers.

So that we maintain the integrity, security and confidentiality of your personal data, we have ensured that we have put in place the relevant and appropriate technical and organisational measures. This includes end-to-end encryption and access control that restrict and manage the way in which your personal data is stored and handled, while also ensuring physical security of where the data is located.

Changes and updates to our privacy policy

Thorntons reserves the right to partly or fully amend this Privacy Policy, or simply to update its content, e.g., as a result of changes in applicable law. Thorntons will inform you of such changes as soon as they are introduced, and they will be binding as soon as they are published on the Sites. Thorntons therefore invites you to regularly visit this Privacy Policy in order to acquaint yourself with the latest, updated version of the Privacy Policy, so that you may remain constantly informed on how Thorntons collects and uses Personal Data.

Contact Information

Should you have any questions or comments regarding the Sites, you may contact us by mail at the address of Thorntons Ltd or at the following email address Data.PrivacyUK@ferrero.com

You have a right to lodge a complaint with a local data protection authority if you feel we have not complied with the relevant and applicable data protection laws. Please see below the details for the relevant Regulatory bodies in the UK and Ireland:


Data Protection Commissioner
Canal House
Station Road
Co. Laois
Lo-Call: 1890 25 22 31
Tel. +353 57 868 4800
Fax +353 57 868 4757
Email: info@dataprotection.ie
Sites: http://www.dataprotection.ie/


The Information Commissioner’s Office
Water Lane, Wycliffe House
Wilmslow – Cheshire SK9 5AF
Tel. +44 1625 545 745
Email: international.teams@ico.org.uk
Sites: https://ico.org.uk