ALL STAR PUZZLES LTD – PRIVACY POLICY

1. Introduction

ALL STAR PUZZLES LTD, registered at 16 Stirling Road, Office 2C, London, England, W3 8DJ (“the Company” or “the Data Controller”), takes the privacy of its users seriously and ensures that personal data is processed in full compliance with applicable data protection laws, fundamental rights, and freedoms.
This Privacy Policy applies exclusively to online activities carried out through this website and any associated online services, valid for visitors and users of the site. It does not apply to data collected through other channels such as offline communication, phone, or other platforms.

2. Legal Framework

This Privacy Policy complies with the following applicable laws:

  • UK General Data Protection Regulation (UK GDPR);

  • Data Protection Act 2018 (DPA 2018);

  • Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR), governing electronic marketing and cookie use;

  • EU General Data Protection Regulation (EU GDPR 2016/679), where applicable to EU data subjects;

  • Any other relevant UK legislation, including future amendments (e.g. the Data Use and Access Act 2025).

3. Data Controller

The Data Controller is ALL STAR PUZZLES LTD,
Address: 16 Stirling Road, Office 2C, London, England, W3 8DJ
Email: info@iconic-puzzles.com

4. Categories of Data Collected and Purpose of Processing

a) Data Provided Voluntarily

We collect personal information such as your name, surname, email address, phone number, billing/shipping address, and payment details when you:

  • Register an account,

  • Make a purchase,

  • Contact us via forms or email.
    Purpose: to provide and manage our products and services, process orders and payments, deliver purchased items, respond to inquiries, and offer customer support.

b) Browsing Data

We may automatically collect technical data such as your IP address, browser type, operating system, time of access, visited pages, and cookie data.
Purpose: to analyse anonymous traffic statistics, ensure site security, detect fraud, and improve our services.
These data are processed based on our legitimate interest in maintaining a secure and functional website.

c) Marketing Data

With your explicit consent (opt-in), we may use your contact details for promotional or marketing communications (e.g., newsletters, special offers).
We comply with PECR and UK GDPR rules regarding marketing communications and provide an easy way to withdraw consent at any time.

d) Special Category Data

We generally do not process special category data (e.g., health, ethnicity, religion). If required for specific purposes, processing will be done only with explicit consent and in compliance with Article 9 UK GDPR and DPA 2018.

5. Lawful Basis for Processing

We process personal data under one or more of the following legal bases:

  • Consent (Art. 6(1)(a) UK GDPR);

  • Contract performance (Art. 6(1)(b));

  • Legal obligation (Art. 6(1)(c));

  • Legitimate interest (Art. 6(1)(f)), where our interest is not overridden by your rights.

6. Data Retention

Personal data are stored only as long as necessary to fulfil the purpose for which they were collected:

  • For contractual purposes: until the contract and legal retention periods expire;

  • For legitimate interest: until that interest no longer applies;

  • For consent-based processing: until consent is withdrawn.
    Data will then be securely deleted or anonymised.

7. Data Sharing with Third Parties

We may share personal data with trusted third parties who help us operate our business:

  • Payment processors (e.g., Stripe, PayPal);

  • E-commerce platforms (e.g., Shopify);

  • Financial institutions;

  • Logistics and delivery partners;

  • Fraud prevention and cyber-security providers;

  • Marketing and advertising partners (e.g., Meta, Google).
    All partners process data in compliance with data protection laws and only for specified purposes under contractual obligations.

8. International Transfers

Where data are transferred outside the UK or EEA, we ensure appropriate safeguards are in place (e.g., Standard Contractual Clauses, adequacy decisions, or binding corporate rules) in accordance with Articles 44–49 UK GDPR.

9. Data Security

We apply technical and organisational measures to protect personal data from loss, unauthorised access, or misuse.
In case of a data breach posing risk to your rights and freedoms, we will notify the UK Information Commissioner’s Office (ICO) and, if necessary, the data subjects concerned.

10. Data Subject Rights

You may exercise the following rights at any time under UK GDPR:

  • Right of access (Art. 15)

  • Right to rectification (Art. 16)

  • Right to erasure (Art. 17)

  • Right to restriction (Art. 18)

  • Right to data portability (Art. 20)

  • Right to object (Art. 21)

  • Right to withdraw consent at any time.

To exercise these rights, please contact us at info@iconic-puzzles.com.
If you believe your data has been processed unlawfully, you may file a complaint with the Information Commissioner’s Office (ICO) at www.ico.org.uk.

11. Cookies and Similar Technologies

Our website uses cookies and similar technologies to enhance user experience and analyse traffic.
We comply with the PECR requirements and present a cookie banner allowing you to accept or reject non-essential cookies.
Analytical and marketing cookies will only be used with your explicit consent.

12. Marketing Communications

Marketing emails or advertising communications are sent only with your consent or in compliance with PECR legitimate interest exceptions (for existing customers).
Each communication includes a clear unsubscribe option.

13. Children’s Privacy

Our services are not intended for children under 18.
If we become aware that we have collected personal data from a minor without parental consent, we will delete it immediately.
We comply with the ICO’s Age-Appropriate Design Code.

14. Updates to this Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.
The latest version will always be available on this page, with the effective date clearly indicated.

Effective Date: July 20th, 2022
Data Controller: ALL STAR PUZZLES LTD
Contact: info@iconic-puzzles.com