Privacy Policy

TCG Con is a trading name of Big Orbit Cards, henceforth referred to as TCG Con.

Looking after your personal information is very important to us. We want you to be confident that your personal data is held securely and that it is used solely for the purpose of providing an excellent shopping experience.

This policy has been written to help you understand how and why TCG Con collects personal information from you, who we share this information with and why; also what your rights are with regard to your personal data.

What information we collect

When you buy from us you are entering in to a contract. You will need to enter some personal details on the TCG Con website before ordering, and so that we can process your order we ask you to provide the following personal information:

 

  • Full name
  • Address
  • Email address
  • Confirmation that you are 16 or over

We collect the minimum amount of information to allow us to practically and legally process your order.

 

How we use your information

The General Data Protection Regulation (GDPR) states that we are only permitted to use and share your personal data where we have a proper reason to do so. The law says we must have one or more of the following reasons:

Contract fulfilment – your personal information is processed in order to complete a sale / order.

Legitimate interests – TCG Cons’ interest in managing our business to allow us to provide you with excellent service in a secure and responsible way.

Consent – you agree to us using your information in a certain way e.g. sending our newsletter.

Legal obligation – where there is statutory or other legal requirement to share the information e.g. when we have to share your information for law enforcement purposes.

The following list details various ways in which we may use your personal information, attributing the reason described above we rely on to do so in each case. Where legitimate interest is listed as a reason, we follow this with a description of what we believe these legitimate interests to be.

 

  • Account set-up – Legitimate interest: Necessary for creating order, as requested by customer.
  • Process your orders – Contract fulfillment.
  • Order status update notification – Legitimate interest: Required to provide quality customer service.
  • Account management – Legal obligation/Legitimate interest: Enable us to keep our records up to date.
  • Customer service – Legal obligation/Legitimate interest: Allowing efficient handling of customer contact.
  • Website personalisation and administration – Legitimate interest: Improving customer interaction with our site.
  • Event participation – Legitimate interest: Required to facilitate smooth running of events.
  • Marketing communication – Legitimate interests: Informing customers of products and promotions that attract and retain customers. Improving customer interaction with our site.
  • Customer satisfaction surveys/market research – Legitimate interest: Allows us to understand our customers and to develop the business in such a way that meets customer needs.
  • Demand forecasting, management information and research – Legitimate interest: We use aggregated data regarding shopping habits, products bought and sales volumes, to help us to respond to demand and to help us plan our range.
  • Aiding law enforcement agencies – Legal obligation/Legitimate interest: Providing information to law enforcement agencies on request.

 

Who we share your information with and why

We work with a number of trusted businesses in order to provide you the excellent service you expect from us. These include delivery companies, payment processing companies and marketing companies, details below:

Payment processing (Worldpay)

We pass your name and address information to our trusted third party payment processing provider, Worldpay, in order to securely take payments.

 

How long we keep your information

When we collect your personal information, the length of time we retain it for is determined by a number of factors, including the purpose for which we use that information and our obligations under the law.

We require your personal information for accountancy purposes and to allow us to support you as a customer. For these purposes, we retain personal information for at least 7 years. Exceptions to this are listed below:

  • We are required by law to hold your personal information for a longer or shorter period.
  • You exercise your right to have the information erased (where applicable) and we do not need to retain it for any permitted reason or where by law we are required to continue to hold it.

 

What are your rights

You are entitled to make the following requests of TCG Con; these are your Data Subject Rights. To exercise these rights please email dataprotection@bigorbitcards.co.uk or call 01386 513015 and ask to speak to the Data Officer.

  • Right of access: you may request access to the personal information we hold and information about how we process it
  • Right to rectification: your right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed
  • Right to erasure (also known as the Right to be Forgotten): your right to have your personal information erased
  • Right to restriction of processing: your right to restrict processing of your personal information
  • Right to data portability: your right to electronically move, copy or transfer your personal information in a standard form
  • Right to object: your right to object to processing of your personal information

You have the right to complain to a data protection regulator in Europe, generally in the country you work or live or where your legal rights have been infringed. In the United Kingdom this is the Information Commissioner’s Office (ICO) and their contact details are available on their website: www.ico.org.uk. We would ask that you contact us in the first instance and we will work to actively resolve any issues or concerns you might have.

Why we ask for confirmation of age

Under the General Data Protection Regulation (GDPR) – in the European Union a person may only provide consent for their data to be processed if they are aged sixteen years or older.

How do we protect your information?

We implement a variety of security measures to maintain the safety of your personal information when you place an order or enter, submit, or access your personal information.

We offer the use of a secure server. All supplied sensitive information is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our payment gateway providers’ database, only to be accessible by those authorized with special access rights to such systems, and are required to keep the information confidential.

Do we use cookies?

Yes. Cookies are small files that a site or its service provider transfers to your computers’ hard drive through your Web browser (if you allow) that enables the sites or service providers systems to recognize your browser and capture and remember certain information.

We use cookies to help us remember and process the items in your shopping cart, no personal information is stored in the cookies created when visiting our website.

Occasionally, at our discretion, we may include or offer third party products or services on our website. These third party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.

 

Changes to our privacy policy

If we decide to change our privacy policy, we will post those changes on this page, and/or update the Privacy Policy modification date below.

This policy was last modified on 22.05.2018