Duffy’s Collectables (“we,” “our,” “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect your personal data when you use our online store in accordance with the UK GDPR and the Data Protection Act 2018.

We may collect the following types of personal data when you interact with our website:

• Identity Data: Name, username, title.

• Contact Data: Email address, billing/shipping address, phone number.

• Financial Data: Payment card details (processed securely via our payment providers, not stored by us).

• Transaction Data: Details of your orders, payment history, and customer service interactions.

• Technical Data: IP address, browser type, device details, and cookies.

• Usage Data: How you use our website, products, and services.

• Marketing Preferences: Your communication and subscription choices.

We will only use your personal data when legally allowed. Typically, we use it to:

• Process and deliver your orders.

• Communicate with you about your purchases, inquiries, or account.

• Send promotional offers (only if you’ve opted in).

• Improve our website, products, and services.

• Meet legal, regulatory, and tax obligations.

We rely on the following lawful grounds to process your data:

• Contractual Obligation – to fulfill your orders.

• Legal Obligation – to comply with UK laws.

• Legitimate Interests – to improve our services and protect our business.

• Consent – where you have given explicit consent (e.g., marketing emails).

We never sell your data. We may share it with:

• Service Providers – such as payment processors, couriers, IT support, and marketing platforms.

• Legal Authorities – when required by law or regulation.

All third parties must respect the security of your data and process it lawfully.

If we transfer your data outside the UK (e.g., cloud hosting or service providers), we ensure it is protected with appropriate safeguards such as Standard Contractual Clauses.

We use technical and organisational measures to protect your personal data against loss, misuse, or unauthorised access.

We retain your personal data only as long as necessary to fulfill the purposes we collected it for, including legal and tax requirements.

Under UK GDPR, you have the right to:

• Access the personal data we hold about you.

• Request corrections or updates.

• Request deletion of your data (“right to be forgotten”).

• Restrict or object to processing.

• Withdraw consent for marketing at any time.

• Data portability (receive your data in a machine-readable format).

To exercise your rights, contact us using the details below.

We use cookies to improve your browsing experience, personalise content, and analyse traffic. You can manage or disable cookies through your browser settings.

Our website is not intended for children under 13, and we do not knowingly collect their personal data.

We may update this Privacy Policy from time to time. Updates will be posted here with a new effective date.

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

Duffy’s Collectables
Email: admin@duffyscollectables.co.uk