Privacy Policy
Last updated: 2025-01-15
1. Introduction
HuffCards (“we”, “our”, “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you visit our website (huffcards.co.uk) or purchase our products. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. Information We Collect
We may collect the following personal information: Name and contact details (email address, phone number, postal address) when you create an account or place an order; Payment information (processed securely by our payment provider — we do not store full card details); Order history and transaction records; Website usage data including IP address, browser type, and pages visited (via cookies and analytics); Communications you send to us via email or contact forms; Newsletter subscription preferences.
3. How We Use Your Information
We use your personal information for the following purposes: Processing and fulfilling your orders; Sending order confirmations, dispatch notifications, and delivery updates; Providing customer support and responding to enquiries; Sending marketing communications (only with your explicit consent); Improving our website, products, and services; Complying with legal obligations and preventing fraud; Analysing website usage to improve user experience.
4. Legal Basis for Processing
We process your personal data on the following legal bases: Contract — to fulfil our obligations when you place an order; Legitimate interests — to improve our services and prevent fraud; Consent — for marketing communications and non-essential cookies; Legal obligation — to comply with tax, accounting, and other legal requirements.
5. Data Sharing
We may share your personal information with: Delivery partners (Royal Mail, DPD, UPS) to fulfil your orders; Payment processors (Stripe, PayPal) to process your payments; Analytics providers (Google Analytics) to understand website usage; Marketing platforms (Mailchimp) if you subscribe to our newsletter. We will never sell your personal information to third parties. All our service providers are contractually obligated to protect your data.
6. Data Retention
We retain your personal information for as long as necessary to provide our services and comply with legal obligations. Order records are kept for 7 years for tax and accounting purposes. Account information is kept until you request deletion. Marketing preferences are retained until you unsubscribe. Website analytics data is anonymised after 26 months.
7. Your Rights
Under the UK GDPR, you have the following rights: Right of access — request a copy of your personal data; Right to rectification — request correction of inaccurate data; Right to erasure — request deletion of your data (“right to be forgotten”); Right to restrict processing — request limitation of how we use your data; Right to data portability — receive your data in a portable format; Right to object — object to processing based on legitimate interests; Right to withdraw consent — withdraw consent for marketing at any time. To exercise any of these rights, please contact us at privacy@huffcards.co.uk.
8. Cookies
Our website uses cookies to provide essential functionality, remember your preferences, and analyse website usage. Essential cookies are required for the website to function (e.g., shopping cart, authentication). Analytics cookies help us understand how visitors use our site. Marketing cookies are used to deliver relevant advertisements. You can manage your cookie preferences through your browser settings. For more details, please see our Cookie Policy.
9. Security
We take the security of your personal information seriously. We implement appropriate technical and organisational measures including: SSL/TLS encryption for all data in transit; Secure payment processing through PCI-DSS compliant providers; Regular security audits and updates; Access controls limiting who can view personal data; Secure data storage with encryption at rest.
10. Children’s Privacy
Our website is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@huffcards.co.uk and we will take steps to delete that information.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by email or by posting a notice on our website. We recommend reviewing this policy periodically. The “Last Updated” date at the top of this policy indicates when it was last revised.
12. Contact Us
If you have any questions about this Privacy Policy or how we handle your personal data, please contact our Data Protection Officer at: privacy@huffcards.co.uk or by post at HuffCards, Data Protection Officer, 42 Card Lane, Bristol, BS1 4QA, United Kingdom. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk if you are not satisfied with how we handle your data.