PRIVACY POLICY

Empire Club – Privacy Policy Operated by MAGUI DIGITAL LTD | Company Registration No. 16907584 Registered Office: 86-90 Paul Street, London, England, EC2A 4NE Effective Date: 12 December 2025

This Privacy Policy explains how MAGUI DIGITAL LTD (trading as Empire Club) collects, uses, stores, and protects your personal data when you visit www.empireclubco.com or make a purchase from us. We are committed to protecting your privacy in full compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Data Controller

The data controller responsible for your personal information is:

MAGUI DIGITAL LTD 86-90 Paul Street, London, England, EC2A 4NE Company No.: 16907584 Email: contact@empireclub.com

2. What Personal Data We Collect

We collect the following categories of personal data:

Identity and Contact Information

  • Full name
  • Email address
  • Phone number
  • Billing address and shipping address

Transaction and Order Information

  • Products purchased, order value, and order history
  • Payment method type (e.g. credit card, PayPal) — note: full card details are never stored by us; they are processed securely by Shopify Payments

Technical and Usage Data

  • IP address and approximate geographic location
  • Browser type and version
  • Device type and operating system
  • Pages visited, time spent on site, and referring URLs
  • Cookie identifiers and session data

Communications

  • Any messages, emails, or enquiries you send to us
  • Customer service correspondence and records

Marketing Preferences

  • Whether you have opted in or out of receiving marketing communications

3. How We Collect Your Data

We collect your data through:

  • Direct interactions — when you create an account, place an order, contact us, or subscribe to our newsletter
  • Automated technologies — cookies, pixels, and similar tracking technologies when you browse our website
  • Third parties — payment processors, shipping partners, and analytics providers may share data with us in the course of providing their services

4. Legal Basis for Processing (UK GDPR Article 6)

We only process your personal data where we have a lawful basis to do so:

  • Contract performance — to process your orders, arrange delivery, handle returns, and provide customer service
  • Legal obligation — to comply with UK tax law (HMRC), anti-fraud regulations, and consumer protection legislation
  • Legitimate interests — for fraud detection, website security, analytics, and improving our services, where these interests are not overridden by your rights
  • Consent — for sending marketing emails and newsletters; you may withdraw consent at any time by clicking "unsubscribe" in any email or contacting us directly

5. How We Use Your Personal Data

We use your personal data for the following purposes:

  • Processing, fulfilling, and delivering your orders
  • Sending order confirmations, updates, and delivery notifications
  • Handling returns, refunds, and customer complaints
  • Sending promotional communications and offers (only where you have consented)
  • Detecting, investigating, and preventing fraud and security incidents
  • Complying with legal, tax, and regulatory obligations
  • Analysing website usage to improve user experience and store performance
  • Communicating with you about changes to our products, services, or policies

6. How We Share Your Personal Data

We do not sell your personal data. We share your data only with trusted third parties where strictly necessary:

  • Shopify Inc. — our e-commerce platform and payments infrastructure provider; Shopify processes data in accordance with their own privacy policy and is compliant with UK GDPR
  • Payment processors — including Stripe, PayPal, and other providers integrated through Shopify Payments, solely to process your payment
  • Shipping and logistics partners — to deliver your order; they receive only the data necessary to complete delivery (name, address, contact details)
  • Email marketing platforms — only if you have explicitly opted in to marketing communications
  • Analytics providers — such as Google Analytics, which may collect anonymised data about your browsing behaviour
  • Legal and regulatory authorities — including HMRC, law enforcement, or courts, where required by law or to protect our legal rights

All third-party service providers are contractually required to handle your data securely and in compliance with applicable data protection laws.

7. International Data Transfers

Some of our service providers operate outside the United Kingdom. Where we transfer your data internationally, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or adequacy decisions, in accordance with UK GDPR requirements.

8. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:

  • Order and transaction records: 7 years (required by HMRC for tax purposes)
  • Customer account information: Duration of active account plus 2 years following last activity
  • Marketing consent and email records: Until consent is withdrawn, plus 12 months
  • Customer service correspondence: 3 years from the date of last contact
  • Technical and cookie data: As defined by individual cookie lifespans (see Cookie Policy)

After the applicable retention period, data is securely deleted or anonymised.

9. Cookies and Tracking Technologies

We use cookies and similar technologies on our website. A cookie is a small text file stored on your device that helps us recognise you and improve your experience.

Types of cookies we use:

  • Strictly necessary cookies — essential for the website and checkout process to function; these cannot be disabled
  • Analytics cookies — help us understand how visitors interact with our website (e.g. Google Analytics); data is collected anonymously
  • Functional cookies — remember your preferences, such as currency or language settings
  • Marketing/advertising cookies — used to show you relevant advertisements on other platforms; only activated with your consent

You can manage your cookie preferences at any time via your browser settings or our cookie consent banner. Please note that disabling certain cookies may affect the functionality of our website.

10. Your Rights Under UK GDPR

As a data subject, you have the following rights, which you may exercise at any time by contacting us at contact@empireclub.com:

  • Right of access — to request a copy of the personal data we hold about you (Subject Access Request)
  • Right to rectification — to request correction of any inaccurate or incomplete personal data
  • Right to erasure ("right to be forgotten") — to request deletion of your personal data, subject to our legal obligations to retain certain records
  • Right to restriction of processing — to request that we limit how we use your data in certain circumstances
  • Right to data portability — to receive your personal data in a structured, commonly used, machine-readable format
  • Right to object — to object to processing based on legitimate interests or to the use of your data for direct marketing purposes
  • Rights related to automated decision-making — not to be subject to decisions based solely on automated processing that significantly affect you

We will respond to all valid requests within 30 calendar days. In complex cases, we may extend this period by a further 2 months, in which case we will notify you.

11. Right to Complain

If you believe we have handled your personal data unlawfully or in breach of your rights, you have the right to lodge a complaint with the UK's supervisory authority:

Information Commissioner's Office (ICO) Website: ico.org.uk Helpline: 0303 123 1113

We would, however, appreciate the opportunity to address your concerns before you contact the ICO. Please contact us first at contact@empireclub.com.

12. Data Security

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These include SSL/TLS encryption for all data transmitted through our website, restricted access to personal data on a need-to-know basis, and regular security reviews.

13. Children's Privacy

Our website is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us immediately at contact@empireclub.com and we will take steps to delete it promptly.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. Any updates will be posted on this page with a revised effective date. We encourage you to review this policy periodically.

15. Contact Us

For any privacy-related questions or to exercise your data rights:

MAGUI DIGITAL LTD (trading as Empire Club) 86-90 Paul Street, London, England, EC2A 4NE Company Registration No.: 16907584 Email: contact@empireclub.com Website: www.empireclubco.com