Privacy policy

Cup of Cards – Privacy Policy

Last updated: 7 January 2026

Introduction
Cup of Cards (“we”, “our”, “us”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, share, and protect your personal information in accordance with the UK GDPR and the Data Protection Act 2018. By using our website (www.cupofcards.com), you consent to the practices described in this policy.

1. Contact Information

For questions, complaints, or to exercise your data rights, contact us at:
Email: business@cupofcards.com

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO): https://ico.org.uk/make-a-complaint

2. Personal Information We Collect

a. Device Information – Collected automatically via cookies, web beacons, analytics, and similar technologies. Includes: browser type, IP address, time zone, pages visited, and site interactions.

b. Order Information – Provided by you to process purchases:

  • Name

  • Billing & shipping address

  • Email address

  • Phone number

  • Payment information (processed securely via Shopify/PayPal)

c. Customer Support Information – Any information you provide when contacting us for support.

d. Marketing & Preferences – Consent-based information for receiving marketing communications.

3. How We Use Your Personal Information

We use your data for the following purposes:

  1. Order fulfilment: process payments, deliver products, send invoices, and provide order updates.

  2. Customer support: respond to queries or complaints.

  3. Marketing communications: only if you have consented; you can opt-out at any time.

  4. Fraud prevention & security: detect card tampering, suspicious activity, or misuse (see TOS for related order cancellation policy).

  5. Legal compliance: meet statutory obligations and cooperate with authorities where required.

4. Legal Basis for Processing

We rely on the following lawful bases under UK GDPR:

  • Contractual necessity – to fulfil your orders.

  • Legitimate interests – fraud prevention, order verification, security.

  • Legal obligations – comply with UK law.

  • Consent – for marketing communications.

5. Sharing Your Personal Information

We only share personal data with trusted service providers to perform our services:

  • Shopify – website hosting and e-commerce platform

  • PayPal – payment processing

  • Delivery providers – shipping your order

We may also disclose personal information where legally required (e.g., law enforcement, court orders).

6. International Data Transfers

Your data may be transferred outside the UK/EEA (e.g., to Shopify/PayPal in the US or Canada). These transfers are protected using UK GDPR-compliant mechanisms, such as standard contractual clauses or equivalent safeguards.

7. Retention of Personal Information

We retain personal data only as long as necessary:

  • Order-related information: 6 years after the transaction, to comply with UK tax law.

  • Marketing preferences: until you withdraw consent.

  • Support requests: 3 years after the last interaction.

8. Your Rights (UK GDPR)

You have the right to:

  • Access your personal information

  • Correct or update your personal information

  • Request deletion (“right to be forgotten”)

  • Object to processing for direct marketing

  • Request portability of your data

  • Withdraw consent for marketing at any time

To exercise these rights, contact us at business@cupofcards.com.

9. Cookies & Tracking

We use cookies to:

  • Ensure website functionality

  • Analyse site traffic and usage

  • Deliver targeted advertising

You can manage or disable cookies via your browser settings or www.allaboutcookies.org. Blocking cookies may limit functionality.

10. Do Not Track

We do not currently respond to “Do Not Track” signals, as there is no consistent industry standard for compliance.

11. Changes to This Privacy Policy

We may update this policy for operational, legal, or regulatory reasons. Continued use of the site indicates acceptance of updates.

12. Liability Protection

This policy does not create any contractual obligations beyond those required by UK law. We are not liable for issues arising from third-party processing, shipping delays, or customer misuse of the website.