top of page


At Brick Borrow we understand that privacy is extremely important and we do all we can to esure your data is secure.

To work the way we do, Brick Borrow has to remember some of your personal information to provide you with the best possible service.

You've shared this information with us so we can share our Brick Borrow LEGO® library with you. Without this we wouldn't know where to send your sets and what sets you like best!

Your personal information is in safe hands, but we have to remember it for ourselves all the same.

What Is Covered In This Policy?

This policy describes how Brick Borrow ("we", "us", "Brick Borrow") will make use of your personal data when you use and interact with our website at ("Site"_). We are the data controller for the purposes of European data protection laws.

It also describes your data protection rights, including a right to object to some of the processing which we carry out and where we rely on consent, a right to withdraw your consent. More information about your rights, and how to exercise them, is set out in the “What rights do I have?” section.

We may also provide you with additional information when we collect personal data where we feel it would be helpful to provide relevant and timely information.

What Information Do We Need To Collect?

We collect and process personal data about you when you interact with us and our Site, and when you join our Brick Borrow subscription service. This includes:

  • your name and contact information;

  • username and password and subscription package;

  • your date of birth;

  • your payment and delivery details, including billing and delivery addresses, transaction history and credit card details, where you buy our Brick Borrow subscription service;

  • your interactions with customer services; and

  • your marketing preferences, including any consents you have given us.

We also automatically collect the following information:

  • technical information, including your device’s IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system, unique device identifiers and advertising identifiers; and

  • information about your visit, including the URL clickstream to, through and from our Site (including date and time); products you viewed or searched for, the content (and any ads) that you view or interact with, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.

Some of this information is collected using cookies and related technologies, and often provided by third party providers such as Google Analytics. To learn more, please see our Cookies Policy.

To the extent permitted by applicable law, we may receive additional information about you, such as demographic data or fraud detection information, from third party service providers and/or partners, and combine it with information we have about you in order to improve the service and marketing that you receive from Brick Borrow.

How Do We Use This Information, And What Is The Legal Basis For This Use?

We process this personal data for the following purposes:

  • arranging the delivery or other provision of products, prizes or services and providing customer services;

  • to fulfil a contract, or take steps linked to a contract: this is relevant where you sign up to our toy subscription service or enter a competition we run. This includes:

  • taking payments;

  • communicating with you; 


As required by us to conduct our business and pursue our legitimate interests, in particular to:

  • provide products and services you have requested, and respond to any comments or complaints you may send us;

  • monitor use of our Site and online services, and to, improve and protect our products, content, services and Site, both online and offline and your experiences with us including via research and demographic studies; analytics and data cleansing and measuring the effectiveness of our advertising campaigns;

  • personalise our Site, recommend products or services for you or to provide targeted communications and advertising both on our Site and other selected partner websites, or via loyalty and other customer programmes;

  • if you provide a credit or debit card as payment, we also use a third party (currently Stripe) to check the validity of the sort code, account number and card number you submit in order to prevent fraud;

  • monitor customer accounts to prevent, investigate and/or report fraud, terrorism, misrepresentation, security incidents or crime, in accordance with applicable law;

  • investigate any complaints received from you or from others, about our Site or our products or services; and

  • use your personal data in connection with legal claims, compliance, regulatory and investigative purposes as necessary (including disclosure of such information in connection with legal process or litigation) or to enforce or apply our Terms of Use, Subscription Terms or any other agreements; or to protect the rights, property, or safety of Whirli, our customers, or others and for our internal record keeping and reporting purposes.

Where you give us consent:

  • we will send you direct marketing by email in relation to our relevant products and services;

  • we place cookies and use similar technologies in accordance with our Cookies Policy and the information provided to you when those technologies are used; or

  • on other occasions where we ask you for consent, we will use the data for the purpose which we explain at that time.

For purposes which are required by law:

  • in response to requests by government or law enforcement authorities conducting an investigation; or

  • to investigate issues of product liability.

Withdrawing Consent Or Otherwise Objecting To Direct Marketing

Wherever we rely on your consent, you will always be able to withdraw that consent, although we may have other legal grounds for processing your personal data for other purposes, such as those set out above. In some cases, we are able to send you direct marketing without your consent, where we rely on our legitimate interests. You have an absolute right to opt-out of direct marketing, or profiling we carry out for direct marketing, at any time. You can do this by following the instructions in the communication where this is an electronic message, or by changing your communication preferences in your account or by contacting us using the details set out below.

Who Will We Share This Information With, Where And When?

We will share your personal data with:

  • authorised supply, delivery and fulfilment companies to process and complete your subscription such as Royal Mail Click & Drop:

  • banks and our payment services provider (Stripe) for the purpose of transaction processing;

  • legal advisors, accountants, auditors and other professional advisors;

  • third parties, where we have your permission to do so (e.g. social networks providers). Your personal data will become subject to the privacy policies of those third parties when your personal data is shared with them;

  • government authorities, court, regulatory authority and/or law enforcement officials if required for the purposes above, if mandated by law or if required for the legal protection of our legitimate interests in compliance with applicable laws. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction;

  • third party service providers, who will process it on our behalf for the purposes identified above. In particular, we use third party technology and platform providers for website hosting, maintenance, call centre operation and email service delivery.


We are committed to ensuring that your personal data is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online. We use ‘https’ technology to secure access to all areas of our Site. Access to your data is password-protected, and sensitive data such as payment card information is held securely by our 3rd party payment providers and tokenized to ensure it is protected. We ensure that our systems are regularly monitored for possible vulnerabilities and attacks.

Links To Other Websites

Our Site may contain links to other websites of interest. However, once you have used these links to leave our Site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy notice. You should exercise caution and look at the privacy statement applicable to the website in question.

What Rights Do I Have?


In addition to rights to withdraw your consent or object to direct marketing (as outlined above, you have the right to ask us for a copy of your personal data; to correct, delete or restrict (stop any active) processing of your personal data; and to obtain the personal data you provide to us for a contract or with your consent in a structured, machine readable format, and to ask us to share (port) this data to another controller.

In addition, you can object to the processing of your personal data in some circumstances (in particular, where we don’t have to process the data to meet a contractual or other legal requirement, or where we are using the data for direct marketing).

These rights may be limited, for example if fulfilling your request would reveal personal data about another person, where they would infringe the rights of a third party (including our rights) or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping. Relevant exemptions are included in both the GDPR and in the Data Protection Act 2018. We will inform you of relevant exemptions we rely upon when responding to any request you make.

To exercise any of these rights, or to obtain other information, such as a copy of a legitimate interests balancing test, you can get in touch with using the details set out below. You can also deactivate your account and request that we delete your personal data through the account management portal or getting in touch with us. If you have unresolved concerns, you have the right to complain to an EU data protection authority where you live, work or where you believe a breach may have occurred. This will be the Information Commissioner’s Office in the UK.

In order to provide our subscription service, you must provide us with your name, address, email address user name and password and billing details. If this information is not provided, then we cannot provide the subscription service. All other provision of your information is optional. A failure to provide this information may mean that other functionalities and services are available such as our product recommendations.

How Do I Get In Touch With You?

We hope that we can satisfy queries you may have about the way we process your personal data. If you have any concerns about how we process your personal data, or would like to opt out of direct marketing, you can get in touch at

How Long Will You Retain My Information?

Where we process registration data, we do this for as long as you are an active user of our Site and subscription services and for 3 years after this (unless you choose to fully erase your data once you stop using our subscription service).

Where we process personal data for marketing purposes or with your consent, we process the data until you ask us to stop and for a short period after this (to allow us to implement your requests). We also keep a record of the fact that you have asked us not to send you direct marketing or to process your data indefinitely so that we can respect your request in future.


Where we process personal data in connection with performing a contract or for a competition, we keep the data for 6 years from your last interaction with us.

Cookie Policy

Our Site uses cookies or similar technologies. Cookies are text files containing small amounts of information which are downloaded to your device when you visit a site. Cookies are then sent back to the originating site on each subsequent visit, or to another site that recognises that cookie. You can find more information about cookies at:

Our Site uses the following types of cookies:

  • Strictly Necessary Cookies: These cookies are essential in order to enable you to move around the Web Site and use its features, such as accessing secure areas of the Site or keeping selected toys in your shopping cart. Without these cookies, services like enabling appropriate content based your type of device cannot be provided.

  • Performance Cookies: These cookies collect information about how visitors use the Site, for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies don’t collect information that identifies a visitor. The information these cookies collect is aggregated and used to improve how the Site works.

  • Functionality Cookies: These cookies allow the Site to remember choices you make (such as your language or the region you are in) and provide enhanced, more personal features. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customise. They may also be used to provide services you have asked for such as watching a video or commenting on a blog. These cookies cannot track your browsing activity on other websites.

  • Social Media Cookies: These cookies are used when you share information using a social media sharing button on the Site. The social network will record that you have done this. This information may be linked to targeting/advertising activities.

  • Targeting/Advertising Cookies: These cookies are used to deliver adverts more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaigns. They are usually placed by advertising networks with our permission. They remember that you have visited a website and this information is shared with other organisations such as advertisers.

In order to place cookies on your device, we require your consent, which we will obtain when you first visit our Site. If you don’t want to allow cookies at all, or only want to allow the use of certain cookies, refer to your browser settings. You can also use your browser settings to withdraw your consent to our use of cookies at any time and delete cookies that have already been set. You should consult with your browser's provider/manufacturer if you have any questions regarding disabling cookies. Note that by rejecting or disabling certain categories of cookies, you may be prevented from accessing some features of our Site or certain content or functionality may not be available.

To opt out of Google Analytics, please visit:

If you'd like to opt out of third party cookies relating to behavioural advertising, please go to . Opting out does not mean you will no longer receive online advertising. It does mean that the company or companies from which you opted out will no longer deliver ads tailored to your web preferences and usage patterns.

Brick Borrow Privacy and Cookie Policy

bottom of page