Admin Dashboard
GotGotNeed CollectiblesGotGotNeedCollectibles← Back to Store

Legal

Privacy Policy

Last updated: 4 June 2026

1. Who we are

This Privacy Policy applies to GotGotNeedCollectibles, a UK-based collectibles and memorabilia business (“we”, “us”, “our”). We are the data controller for the personal data described in this policy.

GotGotNeedCollectibles

United Kingdom

info@gotgotneedcollectibles.co.uk

This policy should be read alongside our Cookie Policy, which explains how we use cookies and local storage on this website.

2. What personal data we collect

Depending on how you interact with us, we may collect the following categories of personal data:

When you place an order

NameYour full name for delivery and correspondence.
Delivery addressThe address we ship your order to.
Email addressTo send your order confirmation and shipping updates.
Phone numberIn case we need to contact you about your order.
Order historyThe items you have purchased, quantities, and amounts paid.

When you create an account

Email addressUsed as your login identifier.
PasswordStored securely as a one-way hash — we cannot read your password.

When you sign up to our mailing list

Email addressTo send you news, new arrivals, and offers. You can unsubscribe at any time.

When you contact us

Email addressTo respond to your enquiry.
Message contentThe contents of your email, which may include personal details you choose to share.

We do not collect payment card details directly. All payment processing is handled by Stripe — see section 5 for details.

3. Why we use your data and our lawful basis

Under UK GDPR we must have a lawful basis for processing your personal data:

PurposeLawful basis
Processing and fulfilling your orderContract — necessary to perform the contract with you (Article 6(1)(b)).
Sending order confirmations and shipping updatesContract — necessary to keep you informed about the contract (Article 6(1)(b)).
Maintaining financial and transaction recordsLegal obligation — required by HMRC to retain financial records for six years (Article 6(1)(c)).
Sending marketing emails (mailing list)Consent — only with your opt-in. Withdraw at any time by clicking unsubscribe (Article 6(1)(a)).
Responding to your enquiriesLegitimate interests — it is in both our and your interests to respond to communications you initiate (Article 6(1)(f)).
Preventing fraud and maintaining website securityLegitimate interests — protecting our business and customers from fraudulent activity (Article 6(1)(f)).
Improving our websiteLegitimate interests — we will seek consent before using any analytics tools that track individuals.

4. How long we keep your data

Order and financial records6 years from the end of the tax year in which the transaction occurred, as required by HMRC.
Customer account dataFor as long as your account remains active, or until you request deletion.
Email correspondenceUp to 2 years, or until the matter is resolved.
Mailing listUntil you unsubscribe or ask us to remove you.

5. Who we share your data with

We do not sell your personal data. We share it only with the third-party service providers listed below:

Supabase

Database, authentication, and file storage

Our website database and customer account system is hosted by Supabase. Your account credentials, order data, and related records are stored on Supabase's infrastructure.

Privacy policy: supabase.com/privacy

Stripe

Payment processing

All payment card transactions are handled directly by Stripe. We never see or store your card number, CVV, or full payment details.

Privacy policy: stripe.com/gb/privacy

Vercel

Website hosting

Our website is hosted on Vercel's infrastructure. Vercel may process request logs as part of normal web hosting operations.

Privacy policy: vercel.com/legal/privacy-policy

We may also share your delivery name and address with shipping providers to fulfil your order. We may disclose data to law enforcement if required by law.

6. International transfers

Some service providers are based outside the UK. Where data is transferred outside the UK, we ensure appropriate safeguards are in place under UK GDPR:

  • Supabase — uses AWS infrastructure. Data may be stored in the EU or US with standard contractual clauses.
  • Stripe — headquartered in the United States. Uses standard contractual clauses.
  • Vercel — headquartered in the United States. Uses standard contractual clauses.

7. Your rights

Under UK GDPR you have the following rights. Contact us at info@gotgotneedcollectibles.co.uk. We will respond within one month.

Right of accessYou can request a copy of the personal data we hold about you.
Right to rectificationYou can ask us to correct inaccurate or incomplete data.
Right to erasureYou can ask us to delete your data where there is no compelling reason to continue holding it. Note we may be required by law to retain certain records.
Right to restrictionYou can ask us to restrict how we use your data in certain circumstances.
Right to portabilityWhere we process your data by automated means, you can ask for it in a machine-readable format.
Right to objectYou can object to processing based on legitimate interests, and you have an absolute right to object to direct marketing at any time.
Right to withdraw consentWhere we rely on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.

8. Marketing communications

We will only send marketing emails if you have explicitly opted in. Every email includes an unsubscribe link. We will never pass your email address to third parties for marketing purposes.

9. Children's privacy

Our website is not directed at children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

10. The Information Commissioner's Office (ICO)

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the ICO.

Information Commissioner's Office

Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Helpline: 0303 123 1113

ico.org.uk

11. Changes to this policy

We may update this policy from time to time. When we make material changes we will update the “Last updated” date at the top of this page.

12. Contact us

GotGotNeedCollectibles

info@gotgotneedcollectibles.co.ukgotgotneedcollectibles.co.uk

This Privacy Policy was prepared in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.