Privacy Policy

Welcome to Lola’s Rooms

We take the privacy of our customers seriously, such that we commit to protecting your privacy and never lose sight of the fact that your personal information is ultimately yours. We mainly use your personal information to make things better and simpler for you and to provide you with the best user experience. We shall at all times strive to keep your personal information duly protected and safe, and advise you on why we collect personal information and the manner in which we use it. We shall always advise you on the choices or rights available at law, and will at all times respect your wishes.


This privacy policy (the “Policy”) sets the manner in which we shall handle and treat the Personal Data of customers, suppliers, website users, service providers, subscribers, business partners, and other third parties, pursuant to the EU General Data Protection (“GDPR”), the Maltese Data Protection Act (Chapter 586 of the laws of Malta) and any other national or EU legal instrument as applicable. This Policy applies to all Personal Data which the Company Processes, regardless of the media on which that data is stored.

In its capacity as a Data Controller, the Company aims to maintain correct and lawful treatment of Personal Data, thereby ensuring internal and external confidence in the Company, successful business operations, and customer loyalty.

This Policy provides details on whether your Personal Data is collected, processed, and retained by us and the manner in which this is done.

Within this Policy, the following definitions shall have the same meaning as those contained in the General Data Protection Regulation (EU) 2016/679 (“GDPR”): “Data Subject”, “Data Controller, “Data Processor”, “Personal Data”, “Process” or “Processing”.


This Policy was last updated on the 23rd of May of the year 2020, and may be subject to further modification from time to time, depending on the circumstances, particularly where statutory obligations so require, or where the interest of our users’ security so requires. Any such changes will be posted here on our Privacy Policy page so that you are always kept informed of how and why we process your Personal Data.

It is therefore in your own interest to check this Privacy Policy page from time to time so as to keep abreast of changes.



Should you have any queries or concerns with respect to this Policy or the manner in which we handle your Personal Data, or otherwise wish to make a complaint or would like to access, correct, amend or delete any personal information we have about you, or if you require more information, you can contact us here at:



We collect Personal Data from you or about you as the Data Subject, when using our website, which Personal Data may include, but not be limited to your name, surname, address, and email-address.

You may also provide us with personal information in order to be able to complete a transaction, verify your credit card, place an order, register with us, in which cases it is implied that your consent to our collecting such information and using it for the specific reasons for which it has been provided.

Other information is collected as you interact with us, through our customer services team through online chats (where available). Timeless Toys Ltd.  also collects information about the way you access, view, share, contribute to and communicate with and through our services.

We hold on to your Personal Data for as long as is necessary for us to be able to provide you with our services.

We would also hold on to your Personal Data for as long as is necessary in order for us to meet our legal and/or regulatory requirements, in order to be able to resolve any disputes, to prevent any abuse and/or fraud, to be able to enforce our terms and conditions, or for information purposes as may be required.

Should we ask you to provide us with your Personal Data for other reasons, such as for marketing purposes, we would ask you directly for your expressed consent.


When browsing our website, we also collect information from the devices you use to receive our services. This could include, but would not be limited to the following:

  • Your IP address (a number that identifies a specific device on the internet and is required for your device to communicate with websites);
  • Hardware model
  • Operating system and version
  • Software
  • Preferred language
  • Serial numbers
  • Device motion information
  • Mobile network information
  • Location data.



‘Cookies’ are small text files stored in your web browser that enable us to recognise your computer when you visit one of our websites. Cookies are essential to keep certain parts of our websites functioning correctly and securely. We also use them to make things quicker, easier, and more personal to you and to help us understand how our websites are used. They can also be used to present you with more tailored advertising content.

To do all of these things, cookies collect some Personal Data about you whenever you use our websites. You can choose whether to accept or reject some or all types of cookies and control this through your device’s browser settings. If you then continue to use our websites without adjusting your browser settings, we will use cookies as set out in the sections below, so to help you make an informed choice it’s important to know why we use the different types of cookies and what that means for your online experience. This section provides you with a summary of the main points and tells you how switching off the different types of cookie will affect your experience on our websites.

Types of cookies

We use Targeting or Advertising Cookies to help us deliver advertisements relevant to you. These cookies also help us limit the number of times that our users see an advertisement, and help us measure the effectiveness of our advertisements and our overall marketing campaigns.

We use Analytical Cookies which collect information about how people use our websites and how the sites are performing, e.g. how many people visit, which pages are most popular and whether and where people see error messages. A few examples of the ways in which we use Analytical cookies:

  • to identify trends about how people, use our website;
  • to help us keep our content relevant and up to date;
  • to count the number of times a page or email has been viewed and allow us to measure the effectiveness of our content and communication; and
  • to improve the functioning of our applications and websites.

Without these cookies you will still be able to use and enjoy all the online features of our websites. However, kindly note that by disabling or deleting cookies and their use, your user experience may be affected and you might not be able to take advantage of all our functions on our website.

Controlling your cookies

All modern browsers allow you to see what cookies you have, and to clear them individually or in their entirety by changing your cookie settings. For further information on how to delete cookies, click “help” on your browser.



Sometimes we need to undertake additional checks to verify information. To do this we use organisations and databases which collate information. We could also look at publicly available information to verify things, and at information available on social media platforms.

We only deal with reputable companies that take privacy as seriously as we do and have obtained your consent to share this data with us or companies in our sector for marketing, and you will always be able to opt out of receiving further marketing from us.



We could also possibly look at publicly available information about you. Although this information is public, we remain mindful of your privacy and use it only as and where necessary.


If you raise a query or a complaint with us through our portals, we will of course have a record of your user name and will use this to talk to you to resolve the matter you’ve raised and keep accurate records of how it was resolved.

We use information posted publicly on social media sites to help us understand how our customers interact with us. For example, we might look at which groups of customers are more likely to contact us via social media or to use social media to talk about our products and services. We do this in a way that does not identify individual customers.


We use the Personal Data we hold about you in a range of different ways, which fall into these broad categories:

  • Things we need to do in order to provide you with the products or services you’ve requested;
  • Things we need to do to meet legal or regulatory obligations;
  • Things that enable us to run our business effectively and efficiently; and
  • Things we do with your consent for marketing purposes.

Data Protection law gives you rights over your Personal Data, which differ according to which of these categories it falls into. This section explains more about each category, the rights it gives you, how to exercise them and what that means in practice.


There are certain things we have to do in order to be able to provide you with our products and services. As you would expect, we use your Personal Data to enable you to use our sites, to set up your account, respond to queries, contact you, and provide you with the best possible level of customer service. We use technical information about your device, such as operating system and location to present you with the correct version of our website keep it functioning securely and correctly.

Like most organisations, to provide our products and services we share your information with external organisations working on our behalf.  Such organisations include companies such as payment service providers, order packers, delivery companies, professional marketing agencies, advertising partners, website hosts, credit reference agencies, law enforcement and fraud prevention agencies, social media websites and other third parties who may be provided with anonymised information and analytics about our customers which would in no manner identify you. These third-party organisations will only use such Personal Data to the extent necessary to be able to perform the services required by us.


We need to comply with a range of legal and regulatory requirements, some of which involve the use of Personal Data and/or set out timescales for which we need to keep that information.

We are also subject to laws and regulations relating to aspects of our business, such as payment processing or complaint handling and some of these too involve the use of, or set timescales for holding, your personal information.


By using our website, you confirm that you have at least attained the age of majority in your region, county, province, state, or country of residence, and you have given us your consent to allow any of your minor dependents to use this website and any other relative services or products we provide.

When your provide us with Personal Data for the purposes of using our website, or completing any transaction through our website, or to verify your credit card information, place an order, or register with us, we imply that you have given your consent to our collection such information and using for the specific reasons you for which you have given us such information only.



With your permission, we may contact you to provide you with information about us, our services, products, and any other updates that may interest you. You may however, stop receiving any marketing information from us at any time. We will send you offers and information only if you have given your consent for us to do so, in which case we will contact you via email, post, SMS or online.

We never share your data with companies outside our group for them to use for their own marketing. From time to time, we may team up with a third party to bring you details of a product or service we think might interest you, but where we do this the contact will come from us – we will never pass your details to the third party without your prior consent.

Please be assured that we do not use any sensitive information we hold about you (for example, information about self-exclusion, health, or ethnicity) for marketing-related purposes.



Online Behavioural Advertising

We use cookies placed by third parties to collect personal information about your browsing activity, which is then grouped with data about what other people with similar interests and characteristics (in terms of age, gender, location etc.) are looking at. The combined information is used to show you online adverts based on those interests, either for our own products and services or those of a third party (this is known as ‘Online behavioural Advertising’).


On occasion, you may provide us, usually indirectly, with sensitive information about yourself, such as your ethnicity or nationality. It is rare for us to ask you for this type of information directly, and we will only do so if we have a specific and valid legal reason, which we will explain clearly at the time. Where we do need to hold this type of sensitive information, we will do so only to comply with our legal or regulatory requirements and will not use or make it available for any other purpose.



We share your personal information with external organisations that carry out a range of services on our behalf and thereby process data for us, based on our instructions, and in compliance with this policy and any other appropriate confidentiality and security measures. Both we and they are obliged to handle your information in accordance with data protection law.

The main functions that are or may be carried out, fully or in part, by third parties are listed below:

  • Account set-up and registration
  • Management and execution of marketing campaigns
  • Printing
  • Customer services
  • Payment processing and verification
  • Checks to detect unfair use of our products and services
  • Web hosting, online content services and data storage
  • Management of competitions, contests and offers
  • Data analytics and data cleansing
  • Market research and collecting or analysing customer feedback
  • IT services and support
  • Audit, Legal- & Compliance- related services

Please be aware that data sent through the internet may potentially, for reasons beyond our control that are solely of a technical nature, be transmitted across international borders even where sender and receiver of information are located in the same country.

Without prejudice to anything contained in this Policy, it is pertinent to point out that we are obliged to disclose personal data relating to you to any third party if such disclosure is necessary or we need to do so in instances where you violate our terms and conditions of service. Such disclosure can also be made in instances which inter alia include the following:

  • for the purpose of preventing, detecting, or suppressing fraud or any other criminal offence;
  • where it is necessary as a matter of national or public security;
  • to protect and defend our rights and property or that of users of our website;
  • to protect against abuse, misuse, or unauthorised use of our website;
  • to protect the personal safety or property of users of our website;
  • for any purpose that may be necessary for the performance of any agreement you may have entered into with us; or
  • as may be allowed or required by or under any law.


Some of the third-party providers we use could be based in, or carry out their activities in, countries outside the European Economic Area (EEA), which includes all the EU Member States, plus certain countries considered to offer a standard of data protection equivalent to that of Europe. Where this means Personal Data is transferred outside the EEA, we have to put in place additional legal protections on top of our standard checks and measures, to ensure it receives the same level of protection as it would within the EEA. Where necessary, we also put in place any additional contractual measures required at law in any of the countries in which we operate, except where they conflict with the General European Data Protection Regulation.



We hold your personal information only as long as we have a valid legal reason to do so, which includes providing you with the services you have requested, meeting our legal and regulatory obligations, resolving disputes, and enforcing our agreements.

The length of time for which we keep different types of personal information can vary, depending on why we originally obtained them, the reason we process them and the legal requirements that apply to them. When setting our data retention and deletion timescales we take into account a range of factors including applicable regulations and standards relating to inter alia taxation, payment processing and complaint handling,


You, as a Data Subject, have the following rights in the sphere of data protection:

  • Right to information
  • Right to restriction of processing
  • Right to withdraw consent
  • Right to rectification
  • Right to object
  • Right to Erasure/ Right to be forgotten
  • Right to access
  • Right to data portability
  • Right to lodge a complaint with a supervisory authority



As a Data Subject you have the right to be informed about how your personal information and Personal Data is being used. We have identified the manner in which such will be used through this Policy. For more information, or should you have a specific query, you may contact us accordingly.


As a Data Subject you have the right to restricting processing. You also have the right to opt out of having your information used to create a ‘profile’ of you for marketing purposes.

We firmly believe that our customers prefer to receive offers and information that are relevant to them so we tailor all of our marketing to make it more interesting to our customers.


In instances where we are processing your Personal Data on the basis of your consent, as a Data Subject you always have the right to withdraw your consent at any time. The withdrawal of your consent shall not affect the lawfulness of processing we may have done based on the consent you gave us before you exercised your right of withdrawal. If you wish to exercise your right to withdraw consent kindly contact us.



Data protection law gives you the right to object to the processing of your personal data. The manner in which we process your data is detailed in this Privacy Policy, in particular under the section entitled ‘Running our business effectively and efficiently’. In certain circumstances, as a company we may proceed with processing your Personal Data, even though you may have filed an objection thereto, if we believe we have a legitimate interest in such processing which overrides your legitimate interest. If you believe your privacy rights outweigh the legitimate interest we have as a business in processing your data you may exercise such right.



If you would like a copy of the personal information, we hold about you, you should request it by contact us. We will ask you to complete and return a form, which is not compulsory but helps us to help you by providing the information you are looking for. Before we respond to your request, we will ask you for valid proof of identity and once we’ve received it we will provide our response within one month. If your request is unusually complex and likely to take longer than a month, we will let you know as soon as we can and tell you how long we think it will take.

We will fulfill requests wherever possible, but there are occasional situations in which local or European Union data protection law requires or permits us to withhold some information (such as where it would involve disclosing information about another person or information which is commercially sensitive), or permits us to make a small charge. If either of these applies, we will explain this to you.



The right to ‘data portability’ aims to enable consumers to re-use some of their personal information online by making it available in a commonly-used, machine-readable format that can be passed to and used by other organisations. This is a new initiative and it is not yet possible to ‘port’ data directly between providers in our industry. However, if you wish to exercise this right, you should contact us and we will provide you with the following information:

  • the personal and contact details held in your online account;
  • your order history; and
  • a list of payments made.

Before responding to your request, we will ask you to provide valid proof of identity, and we will provide our response within one month of receiving it.



If you believe your privacy rights have been infringed, or you disagree with a decision we have made about your privacy rights, you have the right to complain to the privacy regulator. As we are based in Malta, our principal data protection regulator is Malta’s Information and Data Protection Commissioner.



Our websites may from time to time contain links to both local and/or international third-party websites. Any such links are not an endorsement by us of any information and/or products and/or services such websites may contain or offer. These organisations and sites will have their own privacy policies which will not be the same as ours. Therefore, when accessing such sites, consult their privacy policy before providing them with any personal data. We cannot accept any responsibility for the content, use, availability, privacy practices or the content of any such third-party websites.



We take all reasonable efforts for the purpose of safeguarding the confidentiality of all Personal Data that we process and regularly review and enhances our technical, physical, and managerial procedures so as to ensure that your Personal Data is protected from:

  • unauthorised access;
  • improper use or disclosure;
  • unauthorised modification or alteration; and
  • unlawful destruction or accidental loss.

To this end we take reasonable precautions and follow industry best practices, policies, and measures dedicated to the protection of the Personal Data processed by us and that data that we have under our control.

By its very nature however the internet is not a secure medium and data sent via this medium can potentially be subject to unauthorised acts by third parties beyond our control. There can be no absolute guarantee in relation to the privacy or confidentiality of any information passing through our website. We shall accept no responsibility or liability whatsoever for the security of your data while in transit through the internet.