HOME STORE ABOUT CONTACT
About Contact

GDPR Policy

Last updated: 5/1/2026


This Privacy Policy explains how Riffcraft and Wizardry collects, uses, and protects your personal data when you visit or use our website www.riffcraftandwizardry.com.
We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Who We Are

Business name: Riffcraft and Wizardry
Contact email: [email protected]
Location: United Kingdom

We are the data controller responsible for your personal data.

What Personal Data We Collect

We may collect the following information:
• Name
• Email address
• Billing and payment details (processed securely via third-party providers)
• Information you submit via contact forms
• Purchase history (for digital or physical products)
• Technical data such as IP address, browser type, and device information
• Cookies and usage data (see Cookies section below)
• Our services are not intended for children under 16, and we do not knowingly collect personal
data from children.

How We Collect Your Data

We collect data when you:
• Contact us via forms or email
• Make a purchase
• Sign up to a newsletter, competition or mailing list
• Browse our website (via cookies and analytics tools)

Why We Use Your Data (Legal Basis)

Under UK GDPR, we must have a lawful reason to use your data. We rely on the following bases:
• Consent – when you opt in to emails or accept cookies
 Contract – to fulfil orders or provide services
 Legal obligation – for accounting and tax purposes
• Legitimate interests – to improve our website and services

How We Use Your Data

We use your personal data to:
• Respond to enquiries
• Process orders and payments
• Deliver digital or physical products
• Send updates or marketing emails (only if you opt in)
• Improve website performance and user experience
• Comply with legal obligations

How We Store and Protect Your Data

We take appropriate security measures to protect your data, including:
• Secure platforms and encrypted services
• Limited access to personal information
• Trusted third-party providers that comply with GDPR

Your data is kept within these timeframes:
• Order and billing records are kept for 6 years to comply with UK tax law
• Marketing data is kept until consent is withdrawn
• Contact form enquiries and contact details are retained for up to 12 months

Sharing Your Data

We may share your data with trusted third parties only when necessary, such as:
• Payment processors (e.g. Apple Pay, Clearpay, Klarna)
• Website hosting providers
• Email marketing platforms
• Analytics services (e.g. Google Analytics)

These providers are required to handle your data securely and lawfully.

Some of our third-party service providers are based outside the UK.

Where personal data is transferred internationally, we ensure appropriate safeguards are in place, such as
UK International Data Transfer Agreements or adequacy regulations.

Cookies and Analytics

Our website uses cookies to:
• Analyse website traffic
• Improve functionality
• Support marketing and advertising (where applicable)
Non-essential cookies, including analytics and marketing cookies, are only placed after you give your
consent via our cookie banner.
You can manage or disable cookies through your browser settings or via our cookie banner.
For more information, please see our Cookie Policy.
You can unsubscribe from marketing emails at any time by using the link in our emails or by contacting us.

Your GDPR Rights

Under UK GDPR, you have the right to:
• Access your personal data
• Request correction of inaccurate data
• Request deletion of your data
• Object to or restrict processing
• Withdraw consent at any time
• Request data portability

Where we rely on legitimate interests, these include improving our website, preventing fraud, and ensuring the security of our services. We have balanced these interests against your rights and freedoms. We have conducted a balancing test to ensure our interests do not override your rights.

We do not use automated decision-making or profiling that produces legal or similarly significant effects.

To exercise any of these rights, contact us at support@riffcraftandwizardry.

Complaints

If you believe your data has been mishandled, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
Website: https://ico.org.uk

You have the right to lodge a complaint with the ICO without first contacting us.

Third-Party Links

Our website may contain links to third-party websites. We are not responsible for their privacy practices.

Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date.