Privacy Policy

Privacy Policy

Privacy Policy Outline: Magic Memorabilia t/a Vaulted Memorabilia

1. Introduction & Data Controller

 Who you are: Magic Memorabilia, Unit c 271-273 Hight Street, Blackwood, Gwent

NP12 1AW

 The "Data Controller": Martin Price and Massimo Zerial

 Contact Details: vaultedmemorabilia5@gmail.com

2. The Data We Collect

 Identity Data: We collect Title, Name, email, mobile and address

 Contact Data: Billing Address and contact number

 Financial Data: Handled VIA stripe

 Transaction Data: Details about payments to and from you and details of products

purchased (crucial for authenticity records).

3. How We Use Your Data (Legal Basis)

Under UK law, you must have a "lawful basis" for every use.

 Contractual Necessity: We need your address to ship your product

 Legitimate Interest: To send you updates on your order or to prevent fraud.

 Consent: For sending marketing newsletters (this must be "opt-in").

 Legal Obligation: Keeping records for HMRC tax purposes.

4. Special Note: Provenance & Authenticity

 Record Keeping: We may retain records indefinitely to ensure they sale is protected

and authenticity assured

5. Third-Party Sharing

List the types of companies you share data with:

 Couriers: (e.g., Royal Mail, DPD, DHL) so they can deliver your items.

 Payment Providers: Stripe and Paypal

 Professional Advisors: Accountants and insurers.

 Authentication Services: If third-party experts need to verify an item you are

buying/selling.

6. International Transfers

 Since you are in the UK, if you use US-based tools (like Shopify, Mailchimp, or

Google Analytics), state that data may be transferred outside the UK and that you

ensure "standard contractual clauses" are in place to protect it.

7. Data Security

 SSL Encryption used


 Access is limited on a need to know basis and not shared with any person or

company outside the neccessary

8. Data Retention

 Data maybe retained indefinitely to ensure that line of ownership and authenticity is

maintained

9. Your Legal Rights

In the UK, users have the right to:

 Request a copy of their data (Subject Access Request).

 Request deletion of their data.

 Object to direct marketing.

 Complain to the ICO (Information Commissioner’s Office), though you should ask

them to contact you first.