GDPR Policy
Introduction
Trophy Store ("we", "us", "our") is committed to protecting and respecting your privacy. This GDPR Policy explains how we collect, use, and protect personal data under the Data Protection Act 2018.
This policy applies to all personal data processed by Trophy Store, including data collected through our website, www.trophystore.co.uk, and other interactions with our customers and business partners.
Data We Collect
We may collect and process the following categories of personal data:
- Contact Information: Name, email address, phone number, postal address.
- Order Details: Details of products ordered, order history, payment information (we don’t handle or store any card information; it is all processed via a third-party payment provider who are fully PCI DSS compliant).
- Account Information: Username, password, and other information provided when setting up an account on our website.
- Communication Data: Any correspondence between you and us, including enquiries and feedback.
- Technical Data: IP address, browser type, operating system, and other information collected through cookies and similar technologies when you visit our website.
- Marketing Preferences: Preferences in receiving marketing communications from us.
Purpose of Data Processing
We collect and process personal data for the following purposes:
- Order Fulfilment: To process and deliver your orders, including managing payments, fees, and charges.
- Customer Service: To respond to your enquiries, provide customer support, and manage returns and refunds.
- Account Management: To manage your account, including updating account details and handling password recovery.
- Marketing: To provide you with information about our products, services, promotions, and events that may interest you, subject to your consent.
- Website Functionality: To maintain and improve our website’s functionality, security, and performance.
- Legal Compliance: To comply with legal obligations, such as tax and accounting requirements.
Legal Basis for Processing
We process your personal data based on one or more of the following legal grounds:
- Contractual Necessity: Processing is necessary to perform a contract with you, such as fulfilling an order.
- Legitimate Interests: Processing is necessary for our legitimate interests, such as improving our services, provided that these interests do not override your rights.
- Consent: Where required by law, we will obtain your consent before processing your personal data for specific purposes, such as marketing communications.
- Legal Obligation: Processing is necessary to comply with legal obligations to which we are subject.
Data Sharing
We may share your personal data with:
- Service Providers: Third-party service providers who assist us in delivering our services, such as payment processors, delivery companies, IT service providers, and marketing agencies. These providers are contractually obligated to protect your data and use it only for the services they provide to us.
- Legal Authorities: Law enforcement, regulatory, or governmental bodies if required by law or to protect our legal rights.
- Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our business, your personal data may be transferred to the acquiring entity.
International Data Transfers
If your personal data is transferred outside the European Economic Area (EEA), we will ensure that appropriate safeguards are in place to protect your data, in accordance with GDPR requirements.
Data Retention
We will retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including for legal, accounting, or reporting requirements. We will regularly review our retention periods to ensure they are legally compliant and justified.
Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption, access controls, and secure data storage.
Your Rights
Under GDPR, you have the following rights regarding your personal data:
- Access: Request access to your personal data and receive a copy of the information we hold about you.
- Rectification: Request correction of inaccurate or incomplete personal data.
- Erasure: Request the deletion of your personal data, subject to certain conditions.
- Restriction: Request the restriction of processing your personal data in certain circumstances.
- Data Portability: Request the transfer of your personal data to another organisation.
- Objection: Object to the processing of your personal data for direct marketing purposes or based on legitimate interests.
- Withdraw Consent: Withdraw consent at any time when processing is based on your consent.
To exercise any of these rights, please contact us at
info@trophystore.co.uk.
Data Breach Notification
In the event of a data breach, we will notify the Information Commissioner's Office (ICO) and any affected data subjects within 72 hours, in accordance with GDPR requirements.
Cookies and Tracking Technologies
Our website uses cookies and similar tracking technologies to enhance your browsing experience and analyse website traffic. For more details, please refer to our Cookie Policy.
Changes to This Policy
We may update this GDPR Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. Any changes will be posted on this page, and where appropriate, we will notify you of any significant changes.
Contact Us
If you have any questions or concerns about this GDPR Policy or our data practices, please contact us at:
TrophyStore.co.uk Ltd
Infinity House
Lovell
Tamworth
Staffordshire
B79 7TA
United Kingdom
Phone: 0345 319 1111
Email: info@trophystore.co.uk