This website uses cookies to enhance the user experience. By using Yoppie you are agreeing to our use of cookies.

Privacy Policy

Last updated 09th April 2024

Website Privacy Notice


Welcome to Yoppie’s privacy notice. Your privacy is important to us and we are committed to protecting your personal information.  

Please read this privacy notice carefully as it contains important information about how we collect, store and process your personal information, when you register on our website ( (the “Website”), buy products or digital services from us via the Website, or otherwise contact us.

It is important that you read this privacy notice carefully.

We collect, use and are responsible for certain personal information about you. Where we do so, we are subject to data protection laws which apply to the United Kingdom and we are responsible as ‘controller’ of that personal information for the purposes of those laws. 

Key terms

The following table sets out some key terms that are used throughout this privacy notice:

“We”, “us”, “our” or “Yoppie”

Phlo Technologies Ltd., a company incorporated in Scotland under company number SC496769 whose registered address is C/O Gillespie & Anderson, 147 Bath Street, Glasgow G2 4SN.

Personal information

Any information relating to an identified or identifiable individual

What are our contact details?

Our contact details are:

  • email address:; and
  • postal address: Phlo Technologies Ltd, 77 Renfrew Street, Glasgow, G2 3BZ, United Kingdom.

For more information about our privacy practises or this privacy notice, please contact us by email or by post using the above details.

What personal information does Yoppie collect about you?

If you contact us through our Website, register with us via our Website,  place an order for our products via our Website or receive digital services from us (such as attending an online webinar hosted by us,) we will need to collect certain personal information about you in order to process and respond to your query, to set up your account following registration and to process your order or deliver our digital services to you. In particular we collect:

  • Contact Data: billing address, delivery address, email address and telephone numbers;
  • Financial Data: bank account and payment card details, e.g. Paypal Account, debit card number, credit card number, expiration date, billing address. Please note that this billing information is collected and processed by our third-party payment vendors. We never store credit card details on our Website, your credit card details are stored securely with our payment providers. We use Stripe, PayPal and E-payment solutions;
  • Health Data: dates of Customer menstrual flows, re-occurring conditions, menstrual irregularities, symptoms associated with menstruation, contraception taken by customer and medication (if any) and lifestyle factors e.g. diet and exercise regime;
  • Identity Data: first name, last name, title, username or similar identifier, date of birth, gender and Health data;
  • Marketing and Communications Data: your preferences in receiving marketing from us and your communication preferences;
  • Profile Data: includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses;
  • Technical Data:  internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, time spent on particular pages, page views, operating system and platform and other technology on the devices you use to access this Website; and 
  • Transaction Data: details about payments to and from you and other details of products and digital services you have purchased from us.



Processing your special category data

Where we process information about you including your gender, biological sex and Health Data, this constitutes “special category data”. We must ensure we are permitted to collect and process such special category data in accordance with data protection laws, which means:

  • we must have your explicit consent;
  • the processing must be necessary to protect your (or someone else’s) vital interests where you are physically or legally incapable of giving consent; or
  • the processing is necessary to establish, exercise or defend legal claims.

If you request for us to provide our digital services to you or complete our online quiz to identify bespoke products most suitable to you, we will ask you for your consent to process the special category data. If you do not consent to provide this information, we will not collect it from you.

There may be circumstances where you disclose additional health information to us if you provide additional information in correspondence between us. Any additional personal information which is shared with us will not be shared by us and will be treated in confidence. 


Special category data will only be stored by us for as long as necessary for the purposes set out in this Privacy Policy.  We will not retain your special category data for longer than is necessary. If you require further information about the specific retention periods, please contact us.


How does Yoppie collect your personal information?

Most of the above personal information is collected directly from you. For example, when you:

  • visit our Website;
  • make a transaction with us;
  • engage with us on social media; or
  • communicate with us via email/surveys.

We also collect personal information from you indirectly via:

  • our Website (when accessed by you on your computer or other device); and
  • cookies and other tracking technologies such as Google Analytics, Hotjar, Klavivo and Unbounce. 

How and why Yoppie uses your personal information 

Under data protection law, we can only use your personal information if we have a proper reason for doing so, including:

  • to comply with our legal and regulatory obligations;
  • for the performance of our contract with you (e.g. where you have purchased products or digital services from us) or to take steps at your request before entering into a contract;
  • for our legitimate interests or those of a third party; or
  • where you have given consent.

A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.

The table below explains what we use your personal information for and our reasons for doing so. In some cases, we may use more than one legal basis for processing your personal information; this will depend on the specific purpose for which we are using your personal information. 

What we use your personal information for

Type of data

Legal basis for processing

To provide our goods and digital services to you 

  • Contact Data
  • Financial Data
  • Health Data
  • Identity Data
  • Transaction Data


Third-Party Links

Our Website and some emails from us, may include links to third-party websites, plug-ins and applications of interest. Clicking on those links or enabling those connections may allow third parties to collect or share personal information about you. We do not control these third-party websites and we do not accept any responsibility or liability for these policies, or for any personal information that may be collected through these websites or services. We encourage you to exercise caution and to read the privacy policies applicable to the website you visit.

Who does Yoppie collect Personal information from?

We collect Personal information from the following types of people to allow us to undertake our business:

  • customers and website users;
  • supplier contacts to support our services; and
  • employees, consultants, temporary workers and contractors.

Who we share your personal information with 

Your personal information may be shared with:

  • parties who process personal information on our behalf e.g. our suppliers.
  • social media platforms – e.g. if you choose to sign in into your account with us via your social media account. 
  • our third-party payment providers which include: 
  • Stripe, for processing payments in our online store. You can read more about how Stripe uses your Personal information at; and
  • PayPal, for processing payments in our online store. You can read more about how PayPal uses your Personal Information at; and
  • third parties such as our legal and professional advisors and insurers.

We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations. 

We may also need to share some personal information with other parties, such as potential buyers of some or all of our business or during a re-structuring. Usually, information will be anonymised but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.

Excluding the categories of third parties listed above, we will not share your personal information with any other third party.

How long do we keep your personal information for?

We will only retain your personal information  for as long as necessary to fulfil the purposes we collected it for. Thereafter, we will keep your personal information for as long as is necessary to:

  • respond to any requests, questions, complaints or claims made by you or on your behalf;
  • process your orders to deliver our products to you; and 
  • keep records required by law.

To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

We will not retain your personal information for longer than necessary for the purposes set out in this privacy notice. 

When it is no longer necessary to retain your personal information, we will delete or anonymise it.

Transferring your personal information out of the UK and EEA

Due to the global nature of our business and in order to deliver our products to you, it is sometimes necessary for us to share your personal information outside the UK, for example:

  • we share information with our IT service providers, whose servers may be located outside the UK/EEA, for the purposes of running our business effectively (this includes our email and document management systems e.g. Microsoft 365);
  • with our third party contractors such as delivery companies - in order to deliver our products to you; and 
  • if you are based outside of the UK.

Under data protection law, we can only transfer your personal information to a country or international organisation outside the UK where:

  • the UK government has decided the particular country or international organisation ensures an adequate level of protection of personal information (known as an ‘adequacy decision’); or
  • there are appropriate safeguards in place, together with enforceable rights and effective legal remedies for data subjects; or
  • a specific exception applies under data protection law.

We may transfer your personal information to certain countries, on the basis of an adequacy decision. These include: all European Union countries, plus Iceland, Liechtenstein and Norway (collectively known as the ‘EEA’); Gibraltar; and Andorra, Argentina, Canada, Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland and Uruguay.

The list of countries that benefit from adequacy decisions will change from time to time. We will always seek to rely on an adequacy decision, where one exists.

Other countries or international organisations we are likely to transfer personal information to do not have the benefit of an adequacy decision. This does not necessarily mean they provide poor protection for personal information, but we must look at alternative grounds for transferring the personal information, such as ensuring appropriate safeguards are in place, including using standard contractual clauses.

Where there is no adequacy decision, we may transfer your personal information to another country or international organisation if we are satisfied the transfer complies with data protection law, appropriate safeguards are in place, and enforceable rights and effective legal remedies are available for data subjects. The safeguards will usually include using legally-approved standard data protection contract clauses.

In the absence of an adequacy decision or appropriate safeguards, we may transfer personal information to a third country or international organisation where an exception applies under relevant data protection law, including:

  • you have explicitly consented to the proposed transfer after having been informed of the possible risks;
  • the transfer is necessary for the performance of a contract between us or to take pre-contract measures at your request;
  • the transfer is necessary for a contract in your interests, between us and another person; or
  • the transfer is necessary to establish, exercise or defend legal claims.

We may also transfer information for the purpose of our compelling legitimate interests, so long as those interests are not overridden by your interests, rights and freedoms. Specific conditions apply to such transfers and we will provide relevant information if and when we seek to transfer your personal information on this ground.


Yoppie is committed to keeping your personal information safe and secure from unauthorised access to or unauthorised alterations, disclosure or destruction of personal information that we hold. Our security measures include:

  • encryption of our services and data held by us;
  • reviewing our information collection, storage and processing practises, including physical security measures;
  • restricting access to Personal information to our employees, contractors and agents who need to know that information in order to process it for us and who are subject to contractual confidentiality and processing obligations. They may be disciplined or their contract terminated if they fail to meet these obligations; and
  • internal policies setting out our data security approach and training for employees.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Cookies and other tracking technologies

A cookie is a small text file which is placed onto your device (e.g. computer, smartphone or other electronic device) when you use our Website. We use cookies on our Website. These help us recognise you and your device and store some information about your preferences or past actions.

For further information on our use of cookies, please see our Cookie Policy.


We may use your personal information and would like to send you information about our products and services, competitions and special offers, which may be of interest to you. We may do this by post, email, telephone, text message (SMS) or push notification.

We have a legitimate interest in processing your personal information for promotional purposes (see above ‘How and why Yoppie uses your personal information’). This means we do not usually need your consent to send you marketing communications. However, where consent is needed, we will ask for this consent separately and clearly.

We will always treat your personal information with the utmost respect and never share it with other organisations outside of our company group for marketing purposes.

You have the right to “opt out” of receiving marketing communications at any time, and you can unsubscribe to marketing communications by contacting us at or using the ‘unsubscribe’ link in emails.

Your rights

In accordance with applicable UK Data Protection Laws, you have a number of rights when it comes to your Personal information.


The right to be provided with a copy of your personal information (the right of access).


The right to require us to correct any mistakes in your personal information.

To be forgotten

The right to require us to delete your personal information—in certain situations.

Restriction of processing

The right to require us to restrict processing of your personal information—in certain circumstances, e.g. if you contest the accuracy of the data.

Data portability

The right to receive the personal information you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations.

To object

The right to object:

—at any time to your personal information being processed for direct marketing (including profiling);

—in certain other situations to our continued processing of your personal information, e.g. processing carried out for the purpose of our legitimate interests.

Not to be subject to automated individual decision making

The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.

If you would like to exercise any of your rights, please:

  • send an email to;
  • let us have enough information to identify you;
  • let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill); and
  • let us know what right you want to exercise and the information to which your request relates.

How to complain

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues ( We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact our DPO in the first instance by email at

Changes to the privacy notice and keeping your data up to date

This version of our privacy notice was last updated on 09/04/2024. We may amend this privacy notice from time to time in order to reflect changes to our practices or for other operational, legal or regulatory reasons. Any such changes will be posted on this page and, where appropriate, notified to you by email. By accessing the Website or using our digital services after we make any changes to this privacy notice, you accept those changes.

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information required for us to deliver our products and digital services to you changes, during your relationship with us.

How to contact us

Please contact us by email or telephone if you have any questions about this privacy notice or the information we hold about you. Our contact details are set out at the start of this document.

Yoppie Cookie Policy

We use cookies. A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences. We use traffic cookies to identify which pages are being used. This helps us analyse data about our web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system. Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any other information about, other than the data you choose to share. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

We may use cookies, web beacons and similar technologies to collect information about the pages you view, the actions you take on our services and within our email content.