Privacy Policy

This privacy policy sets out how Kapow Toys uses and protects any information that you give Kapow Toys when you use this website. Kapow Toys is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement. Kapow Toys may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes.

What we collect

We may collect the following information:

  • name
  • contact information including email address
  • demographic information such as postcode, preferences and interests
  • other information relevant to customer surveys and/or offers

For the exhaustive list of cookies we collect see the List of cookies we collect section.

What we do with the information we gather

We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:

  • Delivery of your orders.
  • Internal record keeping.
  • We may use the information to improve our products and services.
  • We may periodically send promotional emails about new products, special offers or other information which we think you may find interesting using the email address which you have provided.
  • From time to time, we may also use your information to contact you for market research purposes. We may contact you by email, phone or mail. We may use the information to customise the website according to your interests. For example If you buy lots of action men we may recommend other action men to you.


We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

Controlling your personal information

You may choose to restrict the collection or use of your personal information in the following ways:

  • if you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to us or using the contact form, or unsubscribing by clicking the link in the email.
  • You can unsubscribe from newsletter emails at any time, just login to your account and untick newsletter subscriptions. You can also unsubscribe by clicking the ‘unsubscribe’ link at the bottom of an email.
  • Once you are logged into your account you can also change your delivery addresses, password and see your past orders.

We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. We may use your personal information to send you promotional information about third parties which we think you may find interesting if you tell us that you wish this to happen.

You may request details of personal information which we hold about you. If you would like a copy of the information held on you please write to 21 Bertie Ward Way, Dereham, Norfolk, NR19 1TE.

If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible, at the above address. We will promptly correct any information found to be incorrect.

We are willing to delete your account as well just email us from your accounts email address, though we will be sorry to see you go.


A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

List of cookies we collect

The table below lists the cookies we set and what information they store.


These do things like keep your chosen items in your basket if you remove these one then the shop won’t work as expected.

COOKIE name Example Description Expires
dismissed CookieNotice Thu, 21 Jun 2018 10:11:10 GMT this records that you dismissed the cookies notice so we do not keep waving it at you. 365 days
currency £ stores the currency you want to see the prices in like GBP, EUR 30 days
woocommerce _cart _hash 91fe8b 6ccdb4 cc612a c85090 be000b fd helps shop determine when cart contents/data changes. end of session
woocommerce _items _in _cart 1 Helps shop determine when cart contents/data changes. end of session
wp _woocommerce _session _xyz 30c1eb dc5d0f 6a9504 2a98… contains a unique code for each customer so that we know where to find the cart data in the database for each customer. 2 days
woocommerce _recently _viewed ? powers the recently viewed products. end of session
Checkout pages
amazon-pay-abtesting-new-widgets true/false amazon payments sometimes set this we think they are testing how effective changes to their checkout button are until end of session
apay-session-set hash amazon payments until end of session
mintboxNotGuaranteed true/false you have seen notice on checkout about mint box not being guaranteed until end of session
iWillHaveToWaitForDeliveryForLastItem true/false you have seen notice on checkout about waiting for last item on mixed preorders until end of session

Sale Attribution

COOKIE name Example Description Expires
sbjs_ various these are session cookies that track how you entered the site so we can say that visitors from X website bought things. For example we can see that your order originated from google or facebook. They don’t track across other sites. until end of session


We are currently using googles recaptcha solution to try and reduce spammy sign ups and registrations.

They seem to set a cookie to enable that. It is slightly annoying identifying traffic lights and fire hydrants but hopefully is less intrusive than invisible options.

COOKIE Example Description Expires
NID 204= RopWvRORC9Lokf6OK78X8Pmj7w2IZm_LHSHVi7Jq5NnUxNJNsgmE55y -9F0Zm9cdq1s1ysOuHzx_ELQ5_jVjIIEnHwOomf0 -cs4SXKjGXNVF9vN1a_NKqngpv6QjwFj2hXaqOligFBCw5xVBHG7o -KrZ1V0wy9Vke2tT_Vctouk Aims to identify robots end of session


Cookies from google so we can see how many people visited the site and what pages were most viewed etc. The content will look something like the example but varies over time and from person to person. You can find out more about google analytics privacy and security policy. If you want to disable these you best off adding a plugin to your browser that will allow you to block analytics across all websites.

COOKIE name Example Description Expires
__utma 242838720. 438841714. 1488095643. 1488095763. 1488095643.1 Used to distinguish users and sessions. The cookie is created when the javascript library executes and no existing __utma cookies exists. The cookie is updated every time data is sent to Google Analytics. 2 years
__utmb 242139789. 6.10. 1455093246 Used to determine new sessions/visits. The cookie is created when the javascript library executes and no existing __utmb cookies exists. The cookie is updated every time data is sent to Google Analytics. 30 mins
__utmc 2423398520 Set for interoperability with urchin.js. Historically, this cookie operated in conjunction with the __utmb cookie to determine whether the user was in a new session/visit. End of Session
__utmz 242138520. 1453095643.1.1 .utmcsr=(direct) |utmccn=(direct) |utmcmd=(none) Stores the traffic source or campaign that explains how the user reached your site. The cookie is created when the javascript library executes and is updated every time data is sent to Google Analytics. 6 months
__utmv Used to store visitor-level custom variable data. This cookie is created when a developer uses the _setCustomVar method with a visitor level custom variable. This cookie was also used for the deprecated _setVar method. The cookie is updated every time data is sent to Google Analytics. 2 years
__utmt 1 Used to throttle request rate. (presumably so we don’t bring down googles servers 🙂 ) 10 minutes


Every ‘X’ pages you may see a request to something like this isn’t sinister we use them to sample real time loading speeds as experienced by users around the world. So we can see if someone using a mobile phone to browse the site from Mongolia is getting an acceptable experience in terms of speed and then do something to sort that.


We might use Criteo sometimes. They show adverts on other sites to people who drive through the site but don’t buy anything. So you might see an advert that says “Buy shiny Red Transformer at Kapow Toys” on other peoples websites. It seems like they don’t honor ‘do not track’ on other peoples websites, but if you enable tracking protection that blocks them. They collect what products you look at and then aim to show you relevant adverts, then they track if you buy stuff from clicking on one of their adverts.

They record the items looked at, the items placed in basket, the items bought, the order id when the purchase goes through and a hashed version of the users email like ‘b3abe68fecb51895a373f9714eb43b3c’ so they can try and match up with emails address on Facebook and show that person adverts.

Criteo seem to set cookies from the domain names and It looks like criteo are causing a bunch of requests to be sent to advertising networks e.g., I’m guessing so they can identify who to show adverts to, those don’t seem to be setting cookies.

COOKIE name Example Description Expires
cto_lwid 85b1451e- f287- 479b-8d95- 9cf9e3d09822 Retargetting End of session
tk 201810051051 Retargetting End of session
uid 5cfeedb4- 8af2- 4834- bfd6- 02c063943ddc Retargetting End of session

Do not track

We will honor your do not track requests if you have that set in your browser, if you have that set you just should just get functional cookies like what language, currency and those that enable you to login and buy stuff.