Privacy Policy
At RarePokémonCards.shop, your privacy is not a checkbox — it is a core principle of how we operate. As an authentic Pokémon cards shop handling high-value collectible transactions, we recognise that the personal and financial information you share with us demands the highest standard of care, transparency, and legal compliance. This Privacy Policy explains precisely what data we collect, why we collect it, how we protect it, and what rights you hold over it at all times. By accessing or placing an order through rarepokemoncards.shop, you acknowledge and agree to the practices described in this policy.
This policy is written in compliance with applicable digital data protection legislation, including but not limited to the General Data Protection Regulation (GDPR) as it applies to users in the European Economic Area and United Kingdom, the California Consumer Privacy Act (CCPA) as it applies to residents of California, and other applicable regional privacy frameworks.
Last updated: June 2025
This policy may be updated periodically to reflect changes in our practices or applicable law. The most current version is always published at rarepokemoncards.shop/privacy-policy with a revised effective date. Continued use of our site following any update constitutes your acceptance of the revised policy.
1. Data Controller
The data controller responsible for your personal information collected through this website is:
| Field | Detail |
|---|---|
| Business name | RarePokémonCards.shop |
| Website | https://rarepokemoncards.shop |
| Contact email | privacy@rarepokemoncards.shop |
| Privacy enquiries | support@rarepokemoncards.shop |
If you have any questions regarding how your data is handled, you may contact us directly at either address above and we will respond within the timeframes required by applicable law.
2. Information We Collect
We collect only the personal data that is strictly necessary to operate our store, process your orders, and maintain a secure and lawful transaction environment. We do not collect data speculatively or for any purpose beyond those described in this policy.
2a. Information You Provide Directly
The following personal data may be collected when you create an account, complete a purchase, subscribe to our newsletter, or contact our support team:
| Data Type | When Collected | Purpose |
|---|---|---|
| Full name | Checkout / account creation | Order processing and shipping label generation |
| Email address | Checkout / account creation / newsletter signup | Order confirmations, tracking updates, account communications |
| Shipping address | Checkout | Delivery of purchased items via our insured carriers |
| Billing address | Checkout | Payment verification and fraud prevention |
| Phone number | Checkout (optional) | Carrier delivery notifications where required |
| Account password | Account creation | Encrypted account authentication — never stored in plain text |
2b. Information Collected Automatically
When you visit rarepokemoncards.shop, certain technical data is collected automatically by our hosting and analytics infrastructure:
| Data Type | Source | Purpose |
|---|---|---|
| IP address | Server logs | Security monitoring, fraud detection, geographic access analysis |
| Browser type and version | Session data | Site compatibility optimisation |
| Device type | Session data | Mobile/desktop experience optimisation |
| Pages visited and time on site | Analytics platform | Understanding user behaviour to improve site performance |
| Referring URL | Session data | Understanding how users arrive at our store |
| Shopping cart contents | Session/cookie data | Preserving cart state across your browsing session |
2c. Information We Do Not Collect
We do not collect, store, or process the following under any circumstances through our own servers:
- Raw credit card numbers, CVV codes, or full card details
- Government-issued identification numbers unless legally required
- Sensitive personal data as defined under GDPR Article 9 (health data, biometric data, etc.)
- Personal data belonging to individuals under the age of 16
3. How We Use Your Information
Every use of your personal data at RarePokémonCards.shop is governed by a lawful basis and a specific, documented purpose. We do not use your data for any purpose beyond those listed below.
| Purpose | Lawful Basis (GDPR) | Detail |
|---|---|---|
| Processing and fulfilling orders | Contractual necessity | Your name, address, and contact details are required to complete your purchase and arrange insured shipment to your location |
| Sending order and tracking updates | Contractual necessity | We use your email address to send order confirmation, dispatch notification, and carrier tracking information |
| Payment processing and fraud prevention | Contractual necessity / Legitimate interest | Transaction data is passed to our secure payment gateway to authorise payments and screen for fraudulent activity |
| Customer support | Legitimate interest / Contractual necessity | We use your order and contact history to resolve support enquiries, return requests, and shipping claims |
| Site performance and analytics | Legitimate interest | Anonymised or aggregated technical data helps us improve site speed, layout, and user experience |
| Marketing communications | Consent | We send promotional emails, vault drop alerts, and newsletters only to customers who have explicitly opted in. You may unsubscribe at any time via the link in every email. |
| Legal and compliance obligations | Legal obligation | We may retain or disclose data where required by applicable law, court order, or regulatory authority |
⚠️ We do not use your data for automated profiling or algorithmic decision-making
No decisions with legal or significant personal effect are made about you through automated means. Your data is not used to build advertising profiles, sold to data brokers, or shared with third-party marketers under any circumstances.
4. Data Security & Payment Processing
The security of your financial data is our highest technical priority. All payment transactions conducted through rarepokemoncards.shop are processed exclusively through industry-standard, PCI DSS-compliant encrypted payment gateways.
🔒 Payment Security Statement
RarePokémonCards.shop does not store, log, or have access to your raw credit card number, CVV security code, or full payment card details at any point during or after a transaction.
All financial data is entered directly into and processed by our encrypted third-party payment partners. Card details are tokenised at the point of entry and never transmitted to or stored on our own servers.
Our payment infrastructure uses the following security standards:
| TLS Encryption | All data transmitted between your browser and our site is encrypted via TLS 1.2 / 1.3 |
| PCI DSS Compliance | Payment processors operate under Payment Card Industry Data Security Standard compliance |
| Card Tokenisation | Card details are replaced with a secure token upon entry — the raw data never touches our infrastructure |
| Fraud Screening | Transactions are screened in real time against fraud detection algorithms operated by our payment gateway |
Payments processed via Stripe and/or PayPal. Each provider maintains independent PCI DSS Level 1 certification — the highest level available.
General Data Security Measures
Beyond payment security, we implement the following technical and organisational measures to protect all personal data held by us:
- All account passwords are stored using one-way cryptographic hashing — they are never stored in plain text and cannot be retrieved by our staff
- Access to customer order data is restricted to authorised personnel only, under role-based access controls
- Our hosting environment uses firewalls, intrusion detection systems, and regular security audits
- In the event of a data breach that poses a risk to your rights, we are legally obligated to notify affected users and the relevant supervisory authority within 72 hours of becoming aware of the incident
5. Third-Party Disclosure
✅ We never sell, trade, rent, or transfer your personal data to third parties for marketing or commercial purposes. Ever.
Your personal data may be shared with the following categories of third-party service providers, exclusively for the purpose of fulfilling your order or operating our store infrastructure:
| Third-Party Category | Data Shared | Purpose |
|---|---|---|
| Shipping carriers (e.g. USPS, UPS, FedEx, DHL) | Name, shipping address, phone number (where required) | Physical delivery of your purchased items and tracking updates |
| Payment processors (e.g. Stripe, PayPal) | Billing details, transaction amount | Secure payment authorisation and fraud prevention |
| Email service provider | Email address, first name, order reference | Transactional order emails and (if opted in) newsletter communications |
| Analytics platform (e.g. Google Analytics) | Anonymised IP, session behaviour, device type | Aggregate site performance analysis — no personally identifiable data |
| E-commerce platform (e.g. Shopify) | Order and account data | Store operation, order management, and customer account functionality |
All third-party service providers with whom we share personal data are contractually bound to:
- Use the data only for the specific purpose for which it was shared
- Maintain appropriate technical and organisational security measures
- Not sub-process or further transfer your data without our prior written consent
- Comply with applicable data protection legislation in their jurisdiction
We do not share your data with law enforcement or government bodies except where we are legally compelled to do so by a valid court order or statutory obligation, in which case we will notify you to the extent permitted by law.
6. Cookies Policy
Cookies are small text files placed on your device by your browser when you visit a website. RarePokémonCards.shop uses a minimal set of cookies that are necessary for the operation of our store and for understanding basic site performance.
Cookies We Use
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential / Functional | Maintains your shopping cart contents, login session state, and checkout progress across page loads | Session or up to 30 days |
| Preference | Remembers your currency, region, or display preferences where applicable | Up to 12 months |
| Analytics | Collects anonymised data on pages visited, time on site, and device type to help us improve site performance | Up to 24 months |
| Security | Used by our payment processor to detect fraudulent session behaviour | Session |
Cookies We Do Not Use
- We do not use third-party advertising or retargeting cookies
- We do not use cross-site tracking cookies for behavioural advertising profiles
- We do not permit third-party marketing networks to place cookies through our site
Managing Your Cookie Preferences
You may control or disable cookies at any time through your browser settings. Please note that disabling essential cookies may impair your ability to complete a purchase or maintain a shopping cart session. Instructions for managing cookies in major browsers are available at allaboutcookies.org.
7. Data Retention
We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by law:
| Data Category | Retention Period | Reason |
|---|---|---|
| Order and transaction records | 7 years from date of transaction | Legal and tax compliance obligations |
| Account profile data | Duration of active account + 2 years after last login | Service continuity and dispute resolution |
| Email marketing preferences | Until you unsubscribe or request deletion | Consent management |
| Analytics data | Up to 26 months (anonymised) | Site performance analysis |
| Customer support correspondence | 3 years from resolution | Dispute and claims reference |
When data is no longer required, it is securely deleted or anonymised in accordance with our internal data retention schedule.
8. International Data Transfers
RarePokémonCards.shop operates globally and your data may be processed by service providers located outside your country of residence, including countries outside the European Economic Area. Where such transfers occur, we ensure they are governed by appropriate safeguards including:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Transfers to countries recognised by the European Commission as providing adequate data protection
- Binding Corporate Rules or other lawful transfer mechanisms where applicable
9. Children’s Privacy
Our store is intended for use by adults and individuals aged 16 and over. We do not knowingly collect personal data from children under the age of 16. If you are a parent or guardian and believe your child has provided personal data to us without your consent, please contact us immediately at privacy@rarepokemoncards.shop and we will delete the relevant data without delay.
10. Your Rights & How to Exercise Them
Depending on your country of residence, you may hold some or all of the following rights regarding your personal data:
| Right | What it means | Applies under |
|---|---|---|
| Right of access | Request a copy of all personal data we hold about you | GDPR · CCPA |
| Right to rectification | Request correction of inaccurate or incomplete personal data | GDPR |
| Right to erasure | Request deletion of your personal data, subject to legal retention obligations | GDPR · CCPA |
| Right to restrict processing | Request that we limit how we use your data while a dispute is under review | GDPR |
| Right to data portability | Request your data in a structured, machine-readable format for transfer to another provider | GDPR |
| Right to object | Object to processing based on legitimate interest, including direct marketing | GDPR |
| Right to opt out of sale | We do not sell personal data. This right is preserved and honoured by default. | CCPA |
How to Submit a Request
To exercise any of the rights listed above, please contact us using one of the following methods:
✅ Submit a privacy rights request
Email: privacy@rarepokemoncards.shop
Contact form: rarepokemoncards.shop/contact
Please include your full name, the email address associated with your account, and a clear description of your request. We will acknowledge your request within 5 business days and fulfil it within the timeframe required by applicable law — no longer than 30 days for GDPR requests or 45 days for CCPA requests, with the right to extend by a further 45 days where necessary.
We may need to verify your identity before processing a data access or deletion request in order to protect your data from unauthorised third-party requests. We will never charge a fee for exercising your rights unless a request is manifestly unfounded or excessive.
Right to Lodge a Complaint
If you are an EEA or UK resident and believe we have not handled your personal data lawfully, you have the right to lodge a complaint with your local data protection supervisory authority. In the UK, this is the Information Commissioner’s Office (ico.org.uk). In the EU, you may contact the supervisory authority in your member state of residence.
11. Changes to This Policy
We reserve the right to update this Privacy Policy at any time to reflect changes in our data practices, operational requirements, or applicable law. Any material changes will be communicated via a notice on our homepage or by email to registered account holders where required by law. The updated policy will always carry a revised effective date at the top of this page.
Your continued use of rarepokemoncards.shop following the publication of changes constitutes your acknowledgement of the updated policy.
Privacy Policy — RarePokémonCards.shop
Last updated: June 2025
Effective date: June 2025
For all privacy and data enquiries: privacy@rarepokemoncards.shop
Full policy always available at: rarepokemoncards.shop/privacy-policy