Privacy policy

PRIVACY POLICY

Last updated: 11 February 2026

This Privacy Policy explains how PokéProtection Ltd (“we”, “us”, “our”) collects, uses, and protects your personal data when you visit www.pokeprotection.co.uk
 (the “Site”) or purchase products from us.

We are the data controller for the purposes of the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and the Data Protection Act 2018.

1. Personal Data We Collect
1.1 Information You Provide

When you place an order or contact us, we may collect:

Full name

Billing and shipping address

Email address

Telephone number

Order details

Payment information (processed securely by our payment provider — we do not store full card details)

Lawful basis:

Performance of a contract

Legal obligation (tax and accounting requirements)

1.2 Automatically Collected Data

When you browse our Site, we may collect:

IP address

Browser type and version

Device information

Pages viewed and time spent

Referral source

Cookie identifiers

Lawful basis:

Legitimate interests (to operate and improve our Site)

Consent (for non-essential cookies and marketing technologies)

1.3 Marketing Data

If you opt in to marketing communications, we may process:

Email address

Marketing preferences

Engagement with emails or advertisements

Lawful basis:

Consent (which you may withdraw at any time)

2. How We Use Your Personal Data

We use personal data to:

Process and fulfil orders

Arrange shipping and delivery

Manage returns and refunds

Comply with VAT and tax obligations (including EU IOSS where applicable)

Provide customer support

Improve our website

Deliver marketing communications (where permitted)

We do not sell your personal data.

3. How We Share Personal Data

We share personal data only where necessary and in accordance with data protection law.

3.1 Service Providers Acting on Our Instructions (Processors)

We use trusted third-party providers to support our business operations. These may include:

Website hosting and e-commerce platform providers

Payment processors

Shipping and logistics providers

Returns management platforms

Email and communications service providers

Cloud storage and IT support providers

VAT and tax compliance intermediaries (including IOSS services)

These providers process personal data only on our instructions and under contractual obligations requiring confidentiality and appropriate security measures.

3.2 Independent Data Controllers

Some third parties may act as independent data controllers, meaning they determine their own purposes and means of processing personal data.

These may include:

Google (including Google Analytics and Google Ads)

Meta (Facebook and Instagram)

TikTok

These providers may collect data via cookies or tracking technologies when you interact with our Site or advertisements.

Where such providers act as independent controllers, their use of personal data is governed by their own privacy policies. We are not responsible for the independent processing activities of such third parties.

We encourage you to review their privacy policies for further information.

3.3 Legal & Regulatory Disclosures

We may disclose personal data where necessary to:

Comply with legal obligations

Respond to lawful requests from authorities

Protect our legal rights

Enforce our terms

4. International Data Transfers

Some of our service providers and advertising partners may process personal data outside the UK or European Economic Area (EEA), including in the United States.

Where international transfers occur, we ensure appropriate safeguards are in place, such as:

UK International Data Transfer Agreement (IDTA)

EU Standard Contractual Clauses (SCCs)

Transfers to countries deemed adequate by the UK Government or European Commission

5. Cookies & Tracking Technologies

We use cookies and similar technologies to:

Operate our website

Analyse traffic

Improve functionality

Deliver personalised advertising

Non-essential cookies are only placed with your consent.

You can manage cookie preferences via our cookie banner or browser settings.

6. Data Retention

We retain personal data only as long as necessary:

Order and financial records: up to 6 years (legal requirement)

Marketing data: until consent is withdrawn

Customer service enquiries: up to 24 months

Analytics data: according to provider retention settings

Data is securely deleted or anonymised when no longer required.

7. Your Rights (UK & EU Residents)

You have the right to:

Access your personal data

Correct inaccurate data

Request erasure

Restrict processing

Object to processing

Data portability

Withdraw consent at any time

Lodge a complaint with a supervisory authority

UK Supervisory Authority

Information Commissioner’s Office (ICO)
www.ico.org.uk

EU residents may contact their local Data Protection Authority.

8. Data Security

We implement appropriate technical and organisational measures, including:

SSL encryption

Secure payment processing

Access controls

Contractual safeguards with third-party providers

However, no method of transmission over the internet is completely secure.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Updates will be posted on this page with a revised “Last updated” date.

10. Contact Details

PokéProtection Ltd
44 Harpur Street
Bedford
MK40 2QT
United Kingdom

Email: luke@pokeprotection.co.uk