FANTASY JERSEYSAll policies
Home/Policies/Privacy
Draft policy. This document is available for review but is not yet marked as published. Fields shown as TBC still need confirmation.

Privacy Policy

Version: 0.1
Status: Draft
Effective date: TBC
Last reviewed: TBC
Next review due: TBC
Owner: Hormiguitas Limited T/A Fantasy Jerseys

Draft for operational and legal review. Provider roles, transfers, retention periods and contact details must be confirmed before publication.

1. Who controls your information

Hormiguitas Limited T/A Fantasy Jerseys ("Fantasy Jerseys", "we", "us" or "our") is the controller of personal information described in this policy unless another organisation tells you it acts as a separate controller.

  • Website: fantasy-jerseys.com
  • Privacy email: [TBC]
  • Registered company number: [TBC]
  • Registered office: [TBC]
  • ICO registration status: [TBC]

2. Information we may collect

Depending on how you use the site, we may collect:

  • identity and contact details, including name, email, billing and shipping address, and phone number if collected;
  • account and authentication details;
  • order, product, size, delivery, return and support details;
  • payment status, transaction references and fraud-check results, but not normally full card details;
  • uploaded images, logos, photographs and artwork;
  • design prompts, instructions, customisation choices and AI-generated previews;
  • messages, feedback, complaints and intellectual-property reports;
  • technical data such as IP address, device, browser, operating system, referral information and service or security logs; and
  • cookie, consent and analytics data where those tools are used.

Please avoid uploading unnecessary personal information. If an image identifies another person, you must have authority to provide it.

3. How we use information and our likely legal bases

We may use personal information to:

PurposeLikely legal basis
Provide the designer, account, checkout, manufacturing, delivery and support servicesContract or steps requested before a contract
Take payment and manage refundsContract; legal obligation
Review designs, prevent prohibited uploads, fraud and security incidentsLegitimate interests in operating a safe, lawful service; legal obligation where applicable
Keep accounting, tax, consumer and transaction recordsLegal obligation
Handle complaints, disputes and intellectual-property claimsLegal obligation; legitimate interests in establishing, exercising or defending legal claims
Improve and troubleshoot the service using proportionate technical dataLegitimate interests in service reliability and improvement
Send optional marketingConsent, or another basis permitted by applicable direct-marketing law
Use non-essential cookies or similar technologiesConsent, unless a specific legal exception applies and its conditions are met

Where we rely on legitimate interests, we assess whether the use is necessary and balanced against people's rights. The final lawful-basis assessment must be confirmed before publication.

4. How we obtain information

We receive information directly from you when you use the designer, upload content, place an order or contact us. We may also receive it from Shopify, Stripe or another payment provider, delivery and fulfilment partners, authentication or support services, and technical or analytics tools.

5. Who we may share information with

We share only what is reasonably needed with relevant service providers, such as:

  • Shopify, for storefront, checkout and ecommerce operations;
  • Stripe and/or other payment processors, for payment, fraud checks, refunds and disputes;
  • Neon, where used for database hosting;
  • email and customer-support providers [TBC];
  • analytics and cookie-consent providers [TBC], where enabled;
  • AI or image-generation providers [TBC], where needed to generate or process a preview;
  • OEM, manufacturing and fulfilment partners [TBC], where needed to make, quality-check and dispatch an order;
  • hosting, security, professional-adviser, insurer and logistics providers; and
  • regulators, courts, law enforcement or rights holders where disclosure is required or legally justified.

Some providers may act as our processors; others may be independent controllers for parts of their service. Their own privacy notices may apply. We do not sell personal information.

6. International transfers

Some providers or OEM partners may process information outside the UK. Before launch, we must confirm each location and the transfer mechanism used. Where required, we will use an adequacy regulation, approved contractual safeguards or another lawful transfer mechanism, and make information about the relevant safeguard available on request.

7. Retention

We keep personal information only for as long as reasonably necessary for the purposes described in this policy, including order fulfilment, customer support, accounting, fraud prevention, legal compliance and dispute handling.

Retention depends on the type of record, why we hold it, legal requirements, claim periods, security needs and whether an active dispute or legal hold applies. Operational periods are listed in our internal Data Retention Policy and remain [TBC]. We will delete or anonymise information when it is no longer needed, where reasonably possible.

8. Security

We use proportionate organisational and technical measures intended to protect personal information. No online system can be guaranteed completely secure. Customers should protect their credentials and tell us promptly about suspected unauthorised access.

9. Your rights

Depending on the circumstances, UK data-protection law may give you rights to:

  • access your personal information;
  • correct inaccurate or incomplete information;
  • ask for deletion or restriction;
  • object to certain uses, including direct marketing;
  • receive certain information in a portable format;
  • withdraw consent at any time where processing relies on consent; and
  • complain to the Information Commissioner's Office.

These rights are not absolute and exemptions may apply. Contact [privacy email — TBC] to make a request. We may need to verify identity. ICO contact information is available at ico.org.uk.

10. Automated tools and AI previews

We may use automated tools to generate or assist with previews and to detect fraud, abuse or technical problems. AI previews are not intended to make legal or similarly significant decisions about people. Provider, model, data-use and retention settings must be confirmed before publication.

11. Children

The service is not designed for children to use independently. Do not upload an image of a child unless you are the parent or guardian or otherwise have appropriate authority and a lawful reason to do so.

12. Cookies

Our Cookie Policy explains the categories of cookies and similar technologies that may be used and how choices can be managed.

13. Policy changes

We may update this policy to reflect changes in law, technology, suppliers or our operations. The latest published version governs future site use from its effective date. Material changes will be highlighted where appropriate. Changes do not alter the terms that governed an earlier order retrospectively.

14. Contact and complaints

Contact [privacy email — TBC] with a privacy question or complaint. You may also complain to the ICO. We would appreciate the opportunity to address concerns first, but that does not affect the right to contact the ICO.

Other policies

  • Terms
  • Cookies
  • Returns & refunds
  • Shipping
  • Uploads
  • IP takedowns
  • AI disclaimer
  • Responsible sourcing
  • Supplier code
  • Contact & complaints