Privacy Policy - Topaz Cards Ltd

Last updated: 2025-10-08

Who We Are

Topaz Cards Ltd ("we", "us", "our") operates the website topaz-cards.co.uk. This privacy policy explains how we collect, use, and protect your personal information.

Company Details:

• Company Name: Topaz Cards Ltd
• Company Number: 16751520
• Registered in: England and Wales
• Contact Email: info@topaz-cards.co.uk
• ICO Registration Number: ZC004648

What Information We Collect

We collect the following personal information when you place an order:

Information You Provide:

• Name - For order processing and delivery
• Email address - For order confirmations and communication
• Delivery address - For shipping your order
• Billing address - For payment processing
• Phone number (optional) - For delivery updates

Information Collected Automatically:

• IP address - For fraud prevention
• Browser type and version - For website functionality
• Purchase history - For customer service and order tracking
• Cookies - See our Cookie Policy below

Payment Information:

We do NOT store your payment card details. All payment processing is handled securely by Squarespace Payments (powered by Stripe). They collect and process your payment information according to their privacy policy.

How We Use Your Information

We use your personal information to:

1. Process and fulfill your orders - Deliver products you purchase
2. Communicate with you - Send order confirmations, shipping updates, and respond to inquiries
3. Prevent fraud - Verify orders and prevent fraudulent transactions (via automated checks through Squarespace Payments/Stripe)
4. Comply with legal obligations - Tax, accounting, and legal requirements
5. Improve our service - Understand customer preferences and improve our website
6. Marketing communications - Send you promotional emails about new products and offers (only with your consent)

Marketing Communications

We may send you marketing emails about:

• New product arrivals
• Special offers and promotions
• Trading card game news and updates

You can opt out at any time by:

• Clicking the "unsubscribe" link in any marketing email
• Emailing us at info@topaz-cards.co.uk

We will never sell your email address to third parties or send you spam. Order confirmations and shipping updates are not considered marketing and will still be sent even if you unsubscribe from marketing emails.

Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

• Contract performance - Processing orders you place with us
• Legal obligation - Complying with tax and accounting laws
• Legitimate interests - Fraud prevention and business operations

How We Share Your Information

We share your information only with:

Service Providers:

• Squarespace/Stripe - Payment processing and website hosting
• Squarespace Analytics - Website traffic analysis
• Royal Mail - Shipping and delivery
• ProtonMail - Email communications

We do NOT:

• Sell your personal data to third parties
• Share your data for marketing purposes without consent

Data Storage & International Transfers

Your personal data is stored with the following service providers:

• Email data - Stored with ProtonMail (Switzerland-based, GDPR-compliant)
• Order and customer data - Stored with Squarespace (US-based with EU/UK data protection safeguards)
• Payment data - Processed by Stripe (US-based, PCI-DSS compliant, with EU/UK safeguards)

While some service providers are based outside the UK/EU, they are required to maintain GDPR-equivalent data protection standards through:

• Standard Contractual Clauses (SCCs)
• EU-US Data Privacy Framework participation
• UK adequacy regulations

We ensure all international data transfers comply with UK GDPR requirements.

How Long We Keep Your Information

We retain your personal data for:

• Order information - 7 years (UK tax and accounting requirements)
• Communication records - 2 years after last contact
• Marketing consent - Until you withdraw consent

You can request deletion of your data at any time (subject to legal retention requirements).

Your Rights (GDPR/UK Data Protection)

You have the right to:

1. Access your data - Request a copy of personal information we hold
2. Correct your data - Update incorrect or incomplete information
3. Delete your data - Request deletion (subject to legal requirements)
4. Restrict processing - Limit how we use your data
5. Data portability - Receive your data in a portable format
6. Object to processing - Object to certain uses of your data
7. Withdraw consent - For marketing communications

How to Exercise Your Rights:

To access, correct, or delete your data: Email us at info@topaz-cards.co.uk

To unsubscribe from marketing emails:

• Click the "unsubscribe" link at the bottom of any marketing email
• Or email us at info@topaz-cards.co.uk with "Unsubscribe" in the subject line

We will respond to your request within 30 days.

Cookies

We use cookies to:

• Keep you logged in during checkout
• Remember items in your shopping cart
• Analyze website traffic (if using analytics)

You can disable cookies in your browser settings, but this may affect website functionality.

Cookie types we use:

• Essential cookies - Required for checkout and payment
• Analytics cookies - To understand how visitors use our site (if applicable)

We do not use advertising or tracking cookies.

Security

We take reasonable measures to protect your personal information:

• Secure website - HTTPS encryption for all pages
• Secure payment processing - PCI-DSS compliant via Stripe
• Access controls - Limited access to personal data
• Regular backups - To prevent data loss

However, no internet transmission is 100% secure. Please use caution when sharing personal information online.

Children's Privacy

Our products are not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

Age Guidance & Parental Supervision

While trading card games are enjoyed by collectors of all ages, we recommend:

• Children under 13 - Purchases should be made by a parent or guardian
• High-value items - Parental supervision recommended for purchases over £50
• Age-rated products - Some products may have age ratings; parental discretion is advised

Parents and guardians are responsible for monitoring and approving purchases made by minors using shared devices or payment methods.

Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of our website after changes constitutes acceptance of the updated policy.

Contact Us

For questions about this privacy policy or to exercise your data rights:

Email: info@topaz-cards.co.uk

Data Protection Officer: Mike (mike@topaz-cards.co.uk)

Complaints

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with:

Information Commissioner's Office (ICO)

• Website: https://ico.org.uk/make-a-complaint/
• Phone: 0303 123 1113