Privacy Policy

Last updated: 4 June 2026

This Privacy Policy explains how Prime Slabs ("we", "us", "our") collects, uses, and protects your personal information when you visit our website or place an order. We are committed to handling your data responsibly and in line with UK GDPR and the Data Protection Act 2018.

1. Who We Are

Prime Slabs is the data controller responsible for your personal information. We are based in the United Kingdom.

For data-related queries, contact us via our contact page.

2. Information We Collect

We collect the following types of information:

Information you provide directly

  • Order details: Name, email address, postal address, phone number, billing information
  • Custom build data: Card name, trading card game, uploaded card photo
  • Communications: Messages you send us via email or contact form

Information collected automatically

  • Device info: IP address, browser type, operating system
  • Usage data: Pages visited, time spent, links clicked
  • Cookies: Small files stored on your device — see Section 7 below

3. How We Use Your Information

We use your data to:

  • Process and fulfil your orders
  • Design your custom display kit based on your card details and photo
  • Communicate about your order (confirmations, shipping updates, support)
  • Improve our website and customer experience
  • Send marketing communications — only if you've opted in
  • Detect fraud and ensure website security
  • Comply with legal obligations

4. Legal Basis for Processing

Under UK GDPR, we process your data based on:

  • Contract: To fulfil your order and provide our service
  • Legitimate interest: To improve our business and prevent fraud
  • Consent: For marketing communications and non-essential cookies
  • Legal obligation: For tax records and regulatory compliance

5. Who We Share Your Data With

We share information only with trusted third parties who help us operate our business:

  • Shopify: Our e-commerce platform that processes orders and payments
  • Payment processors: Stripe, PayPal, and similar (we never see your full card details)
  • Royal Mail and shipping carriers: To deliver your order
  • Email service providers: To send order confirmations and updates
  • Analytics tools: Anonymised data only (e.g. Google Analytics)

We do not sell your personal information to anyone.

6. Data Retention

We keep your information only as long as necessary:

  • Order records: 6 years (UK tax requirement)
  • Marketing data: Until you unsubscribe
  • Uploaded card photos: Deleted within 90 days of order completion, unless required for warranty/dispute
  • Account data: Until you request deletion

7. Cookies

Our website uses cookies to function properly and improve your experience. Types of cookies used:

  • Essential cookies: Required for cart, checkout, and login functionality
  • Analytics cookies: Help us understand how visitors use our site (anonymised)
  • Marketing cookies: Only set with your consent

You can control cookies via your browser settings. Disabling essential cookies may prevent the website from working properly.

8. Your Rights

Under UK GDPR, you have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Ask us to correct inaccurate information
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Limit how we use your data
  • Portability: Receive your data in a portable format
  • Object: Opt out of marketing or certain processing activities
  • Withdraw consent: Where processing is based on consent

To exercise any of these rights, contact us. We'll respond within 30 days.

9. Data Security

We use industry-standard security measures to protect your data:

  • SSL/TLS encryption on all pages
  • Shopify's PCI DSS-compliant payment infrastructure
  • Restricted internal access to personal data
  • Secure cloud storage for uploaded files

However, no online transmission is 100% secure. You share data with us at your own risk.

10. International Transfers

Some of our service providers (such as Shopify) may process data outside the UK. Where this happens, we ensure appropriate safeguards are in place, including UK GDPR-approved standard contractual clauses.

11. Children's Privacy

Our website is not directed at children under 16. We do not knowingly collect data from children. If you believe we have collected data from a child, please contact us and we'll delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects when changes were made. Significant changes will be communicated via email or website notice.

13. Complaints

If you have concerns about how we handle your data and we haven't resolved them to your satisfaction, you can lodge a complaint with the UK Information Commissioner's Office (ICO):

14. Contact Us

For any privacy-related questions or requests, get in touch.