Privacy Policy

How we handle your data — GDPR compliant

Last updated: February 2026

1. Introduction

MEGA Caps ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and otherwise process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and other applicable data protection laws.

2. What Data We Collect

We collect personal data in the following ways:

  • Order Data: Name, email, phone number, delivery address, and payment information (processed securely via Stripe)
  • Account Data: Username, password, preferences (if you create an account)
  • Marketing Data: Email address if you sign up for newsletters or notifications
  • Communications: Any messages you send us (support emails, inquiries, etc.)
  • Analytics Data: IP address, device type, browser, pages visited, and behaviour (via Plausible Analytics — privacy-focused, no cookies)

3. Legal Basis for Processing

We process your data on one or more of the following lawful bases:

  • Contract Performance: To fulfil your order and provide customer service
  • Consent: For marketing emails and newsletters (you can opt out anytime)
  • Legal Obligation: Tax, accounting, and fraud prevention requirements
  • Legitimate Interests: Security, analytics, and improving our service

4. How We Use Your Data

We use personal data for:

  • Processing and fulfilling orders
  • Sending order confirmations, shipping, and delivery updates
  • Customer support and handling inquiries
  • Preventing fraud and securing our website
  • Marketing communications (only with your consent)
  • Analysing usage trends (anonymised via Plausible)
  • Complying with legal obligations

5. Data Sharing

We may share your data with:

  • Payment Processor (Stripe): For payment processing. Stripe's privacy policy applies at checkout
  • Shipping Providers (Royal Mail, DHL, etc.): To deliver your order
  • Email Service Provider (Formspree, future providers): To send emails (transactional and marketing)
  • Analytics (Plausible): For anonymised analytics

We do not sell or rent your personal data to third parties. We only share data with service providers who process data on our behalf and are bound by data protection obligations.

6. Your Rights under UK GDPR

You have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten") where permitted
  • Restrict Processing: Limit how we use your data
  • Portability: Receive your data in a portable format
  • Withdraw Consent: Opt out of marketing communications anytime
  • Object: Oppose certain processing activities

To exercise these rights, email privacy@megacaps.co.uk with your request. We will respond within 30 days.

7. Data Retention

We retain your data for as long as necessary to:

  • Fulfil orders and provide customer service (5 years)
  • Comply with legal and tax obligations (7 years)
  • Maintain marketing preferences (until you opt out)

You can request deletion sooner by contacting us, except where retention is required by law.

8. International Transfers

If you are in the EU and your data is transferred outside the UK/EEA (e.g., to Stripe in the US), we rely on Standard Contractual Clauses (SCC) or adequacy decisions to ensure GDPR-compliant protection.

9. Cookies & Tracking

Our website uses essential cookies for:

  • Shopping cart functionality
  • Session management
  • Security

We do not use tracking cookies. Analytics are handled by Plausible, which is privacy-focused and does not use cookies or require consent.

10. Security

We use industry-standard security measures including SSL/TLS encryption, secure payment processing via Stripe, and restricted access to data. However, no system is 100% secure. If you suspect a data breach, contact us immediately at security@megacaps.co.uk.

11. Children's Privacy

Our website is not directed to children under 13. We do not knowingly collect data from children. If you believe we have collected data from a child, contact us immediately and we will delete it.

12. Third-Party Links

Our website may contain links to third-party sites (Instagram, Twitter, etc.). We are not responsible for their privacy practices. Please review their privacy policies separately.

13. Changes to This Policy

We may update this Privacy Policy at any time. Changes are effective upon posting. Your continued use of the website constitutes acceptance of the updated policy.

14. Data Protection Officer & Complaints

If you have concerns about how we process your data, you can contact:

MEGA Caps Privacy Team
Email: privacy@megacaps.co.uk

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe we've breached your rights.

15. Contact Us

For questions about this Privacy Policy or our data practices:

MEGA Caps
Email: contact@megacaps.co.uk
Website: megacaps.co.uk