Skip to content
Goose Cards

Privacy Policy

Last updated: 22 April 2026

Goose Cards ("we", "us", "our") is committed to protecting your personal information. This policy explains what data we collect, why we collect it, and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Our registered business operates in the United Kingdom.

1. Who We Are

Goose Cards is a UK-based online retailer selling TCG sealed products, individual cards, and graded slabs. For data protection purposes, Goose Cards is the data controller. You can contact us at [email protected].

2. Data We Collect

We collect the following personal data when you use our website:

  • Account information — name, email address, and password (stored securely as a hash) when you register for an account.
  • Order information — name, delivery address, and order history when you place an order.
  • Payment information — payment transactions are processed by SumUp. We do not store card details on our servers.
  • Communications — any messages you send us via email.
  • Technical data — IP address, browser type, and pages visited, collected automatically via server logs and cookies.

3. How We Use Your Data

We use your personal data to:

  • Process and fulfil your orders, including arranging shipping.
  • Create and manage your account.
  • Send order confirmation and dispatch notifications.
  • Respond to customer service enquiries.
  • Improve our website and product listings.
  • Comply with legal obligations (e.g. tax records).

We will only send you marketing emails if you have explicitly opted in. You can unsubscribe at any time.

4. Legal Basis for Processing

  • Contract — processing your order and delivering goods.
  • Legal obligation — maintaining financial records as required by law.
  • Legitimate interests — preventing fraud and improving our service.
  • Consent — sending marketing communications (where you have opted in).

5. Sharing Your Data

We do not sell your personal data. We may share it with trusted third parties only where necessary:

  • SumUp — payment processing.
  • Royal Mail / shipping carriers — to deliver your order.
  • Hosting and infrastructure providers — to operate our website securely.
  • Legal authorities — if required by law or to protect our rights.

All third-party processors are contractually obligated to handle your data securely and only for the purposes we specify.

6. Cookies

We use essential cookies to keep you logged in and maintain your shopping cart. We do not use third-party advertising or tracking cookies. You can disable cookies in your browser settings, but this may affect the functionality of the website.

7. Data Retention

We retain your order and account data for up to 6 years to comply with HMRC accounting requirements. If you close your account and have no outstanding orders, we will delete your personal data sooner upon request.

8. Your Rights

Under UK GDPR, you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate or incomplete data.
  • Erasure — request deletion of your data (subject to legal obligations).
  • Restriction — ask us to limit how we use your data.
  • Portability — receive your data in a structured, machine-readable format.
  • Object — object to processing based on legitimate interests.
  • Withdraw consent — at any time where processing is based on consent.

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.

9. Complaints

If you believe we have not handled your data correctly, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

10. Changes to This Policy

We may update this policy from time to time. Any significant changes will be communicated via email or a notice on our website. The date at the top of this page indicates when the policy was last revised.