Privacy Policy MemBoards
Last updated: [DATE]
MemBoards (“we”, “us”, “our”) operates the website memboards.energy-stars.org. We are committed to protecting your personal data and respecting your privacy in accordance with the UK Data Protection Act 2018, the UK GDPR, and the EU General Data Protection Regulation (GDPR).
This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and what rights you have.
1. Who We Are
Business name: MemBoards
Address: [YOUR BUSINESS ADDRESS]
Email: [YOUR EMAIL]
Phone: [YOUR PHONE]
For any data protection queries, please contact us at the email address above.
2. What Personal Data We Collect
We collect and process the following personal data:
| Data Type | When Collected | Purpose |
|---|---|---|
| Full name | Checkout, account registration | Order processing, delivery |
| Email address | Checkout, account, contact form | Order confirmation, communication |
| Billing address | Checkout | Payment processing, invoicing |
| Shipping address | Checkout | Order delivery |
| Phone number | Checkout (optional) | Delivery updates |
| Payment information | Checkout | Payment processing (handled by Stripe/PayPal) |
| IP address | Website visit | Security, fraud prevention |
| Browser & device info | Website visit | Website optimisation |
| Order history | Purchase | Customer service, returns |
3. How We Use Your Data
We use your personal data for the following purposes:
- Order fulfilment: Processing, packaging, and shipping your orders
- Payment processing: Securely processing payments through third-party providers
- Communication: Sending order confirmations, shipping updates, and responding to enquiries
- Legal compliance: Meeting our legal and regulatory obligations
- Website improvement: Analysing how visitors use our site to improve the shopping experience
- Fraud prevention: Protecting against fraudulent transactions
4. Legal Basis for Processing
Under GDPR, we process your data based on the following legal grounds:
- Contract: Processing is necessary to fulfil your order (name, address, payment)
- Legal obligation: We must keep certain records for tax and accounting purposes
- Legitimate interest: Fraud prevention, website security, and improving our services
- Consent: Marketing emails and non-essential cookies (only with your explicit consent)
5. Who We Share Your Data With
We only share your personal data with trusted third parties who help us operate our business:
- Payment processors: Stripe, PayPal — to securely process your payment
- Shipping carriers: Royal Mail, DPD, DHL — to deliver your order
- Hosting provider: [YOUR HOSTING PROVIDER] — to host our website
- Analytics: Google Analytics — to understand website usage (only with your cookie consent)
We never sell your personal data to third parties. We do not share your data with any party not listed above without your consent.
6. International Data Transfers
Some of our third-party providers may process data outside the UK/EU. Where this happens, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or adequacy decisions.
7. How Long We Keep Your Data
| Data Type | Retention Period | Reason |
|---|---|---|
| Order data | 6 years | UK tax & accounting requirements |
| Account data | Until you delete your account | Service provision |
| Marketing consent | Until you unsubscribe | Your consent |
| Website analytics | 26 months | Google Analytics default |
| Customer service records | 3 years | Dispute resolution |
8. Your Rights
Under GDPR and UK data protection law, you have the following rights:
- Right of access: Request a copy of the personal data we hold about you
- Right to rectification: Request correction of inaccurate data
- Right to erasure: Request deletion of your data (“right to be forgotten”)
- Right to restrict processing: Request that we limit how we use your data
- Right to data portability: Request your data in a machine-readable format
- Right to object: Object to processing based on legitimate interest
- Right to withdraw consent: Withdraw consent for marketing or cookies at any time
To exercise any of these rights, please contact us at [YOUR EMAIL]. We will respond within 30 days.
9. Cookies
Our website uses cookies. For full details, please see our Cookie Policy.
Essential cookies (required for the shop to function) are loaded automatically. Non-essential cookies (analytics, marketing) are only loaded with your explicit consent via our cookie banner.
10. Data Security
We take the security of your data seriously. We implement the following measures:
- SSL/TLS encryption (HTTPS) across the entire website
- Secure payment processing through PCI-compliant providers (Stripe, PayPal)
- Regular software updates and security patches
- Access controls — only authorised personnel can access personal data
11. Children’s Privacy
Our website is not intended for children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated “Last updated” date. We encourage you to review this page periodically.
13. Complaints
If you are unhappy with how we handle your data, you have the right to lodge a complaint with:
- UK: Information Commissioner’s Office (ICO) — ico.org.uk
- EU: Your local Data Protection Authority (DPA)
14. Contact Us
For any questions about this Privacy Policy or your personal data, please contact us:
MemBoards
Email: [YOUR EMAIL]
Address: [YOUR BUSINESS ADDRESS]