🏆 World Cup 2026 Special Free International Shipping On Every Order Limited Edition Vault World Cup 2026 Own The History Before The Tournament Begins Free Returns · 30 Days 🏆 World Cup 2026 Special Free International Shipping On Every Order Limited Edition Vault World Cup 2026 Own The History Before The Tournament Begins Free Returns · 30 Days
Home All Kits Our Story Contact

Privacy policy

Last updated: April 2026

Pitch Relics ("we", "us", "our") is committed to protecting your privacy and handling your personal data with transparency and care. This Privacy Policy explains what data we collect, why we collect it, how we use it, who we share it with, and your rights over it. This policy complies with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR 2016/679), the Data Protection Act 2018, and all other applicable data protection legislation.

1. Data Controller

Pitch Relics is the data controller for personal data processed through this website. For any data protection queries, contact us at: privacy@pitchrelics.com

2. What Data We Collect

We collect the following categories of personal data:

  • Identity data: first name, last name, email address
  • Contact data: delivery address, billing address, phone number (if provided)
  • Transaction data: details of purchases, order history, payment method type (not card numbers)
  • Technical data: IP address, browser type and version, device type, operating system, time zone, pages visited, referral source
  • Usage data: information about how you use our website, products, and services
  • Communications data: your preferences for receiving marketing from us, and your customer service correspondence with us
  • Cookie data: data collected through cookies and similar tracking technologies (see Section 8)

We do not collect any special category data (such as data about race, health, religious beliefs, or political opinions). We do not store payment card details — all payment processing is handled by PCI-DSS compliant third-party processors (Shopify Payments, Stripe, PayPal).

3. How We Collect Data

We collect data through:

  • Direct interactions: when you place an order, create an account, contact us, or subscribe to marketing
  • Automated technologies: cookies, server logs, and analytics tools as you use our website
  • Third parties: payment processors, shipping partners, and analytics providers may share data with us as part of service delivery

4. How We Use Your Data

Purpose Data Used Legal Basis
Process and fulfil your order Identity, Contact, Transaction Contract performance
Send order confirmations and shipping updates Identity, Contact, Transaction Contract performance
Process payments securely Transaction Contract performance
Handle returns, refunds, and customer service Identity, Contact, Transaction Contract performance
Send marketing emails and promotions Identity, Contact, Communications Consent (opt-in only)
Analyse website usage to improve our service Technical, Usage, Cookie Legitimate interests
Prevent fraud and ensure security Identity, Technical Legitimate interests
Comply with legal obligations All categories as required Legal obligation
Respond to legal claims or regulatory requests All categories as required Legal obligation / Legitimate interests

5. Marketing

We will only send you marketing communications if you have opted in to receive them. You may opt out at any time by clicking the unsubscribe link in any marketing email, or by contacting us at privacy@pitchrelics.com. Opting out of marketing does not affect the delivery of transactional emails related to your orders.

6. Sharing Your Data

We do not sell, rent, or trade your personal data. We share your data only with trusted service providers necessary to operate our business:

  • Shopify Inc. — e-commerce platform, order management, payment processing (Data Processing Agreement in place)
  • Stripe / PayPal — payment processing (PCI-DSS compliant)
  • Shipping carriers — to fulfil and deliver your order (name and address shared)
  • Google LLC — analytics (Google Analytics, anonymised data) and advertising (if applicable)
  • Meta Platforms — advertising (if applicable, subject to your cookie preferences)
  • Email service providers — transactional and marketing email delivery

All third-party processors are bound by data processing agreements and are only permitted to use your data for specified, legitimate purposes.

We may also disclose your data where required by law, court order, or governmental authority, or where necessary to protect the rights, property, or safety of Pitch Relics, our customers, or others.

7. International Data Transfers

Some of our service providers are based outside the UK and European Economic Area (EEA). Where we transfer personal data internationally, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission and/or UK ICO
  • Adequacy decisions where applicable
  • The UK International Data Transfer Agreement (IDTA) where required

8. Cookies

We use cookies and similar tracking technologies on our website. Cookies are small files placed on your device that allow us to recognise you and remember your preferences.

We use the following types of cookies:

  • Strictly necessary cookies: Required for the website to function (shopping cart, checkout, login). Cannot be disabled.
  • Analytics cookies: Help us understand how visitors use our website (e.g. Google Analytics). Can be disabled.
  • Marketing cookies: Used to show relevant advertising across other websites (e.g. Meta Pixel). Only set with your consent.
  • Preference cookies: Remember your settings and preferences.

On your first visit, you will be presented with a cookie consent banner allowing you to accept or reject non-essential cookies. You can update your preferences at any time via our Cookie Settings. You can also control cookies through your browser settings — see your browser's help section for instructions.

9. Data Retention

We retain your personal data only for as long as necessary for the purposes described in this policy, or as required by law:

  • Order and transaction data: 7 years (legal and accounting requirements)
  • Customer account data: Duration of account, plus 2 years after last activity
  • Marketing preferences: Until you withdraw consent or unsubscribe
  • Customer service communications: 3 years from the date of resolution
  • Analytics data: 26 months (Google Analytics default)

10. Your Rights

Under the UK GDPR and EU GDPR, you have the following rights:

  • Right of access: Request a copy of the personal data we hold about you (Subject Access Request)
  • Right to rectification: Request correction of inaccurate or incomplete data
  • Right to erasure ("right to be forgotten"): Request deletion of your data in certain circumstances
  • Right to restriction: Request that we restrict processing of your data in certain circumstances
  • Right to data portability: Receive your data in a structured, commonly used, machine-readable format
  • Right to object: Object to processing based on legitimate interests or for direct marketing purposes
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time
  • Rights in relation to automated decision-making: We do not use automated decision-making or profiling that produces legal or similarly significant effects

To exercise any of your rights, contact us at privacy@pitchrelics.com. We will respond within 30 days. We may need to verify your identity before processing your request.

You have the right to lodge a complaint with a supervisory authority. In the UK, this is the Information Commissioner's Office (ICO) at ico.org.uk. In the EU, contact your national data protection authority.

11. Data Security

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, accidental loss, destruction, or damage. These measures include SSL/TLS encryption, access controls, and regular security assessments. All payment data is processed by PCI-DSS compliant processors. However, no data transmission over the internet is completely secure, and we cannot guarantee absolute security.

12. Children's Privacy

Our website and services are not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected data from a child, please contact us immediately at privacy@pitchrelics.com and we will delete it.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by email (if you have an account) or by posting a prominent notice on our website. The date at the top of this page shows when the policy was last updated. Continued use of our website after an update constitutes acceptance of the revised policy.

14. Contact Us

For any privacy or data protection enquiries:
Email: privacy@pitchrelics.com
Response time: Within 30 days (we aim for within 5 business days)

Your Cart
0 items
Your vault is empty.
Add a kit to get started.