Privacy Notice

MyPiLink Ltd. ("we", "our", "us") is the data controller for any personal data collected through this Website. We are registered in England and Wales.

You can reach our Data Protection Officer via our contact page — mark the message "for the DPO" and we'll route it.

We collect:

• Account data: name, email address, hashed password, country of residence, phone (optional), marketing preferences.
• Order data: billing and shipping addresses, items purchased, order totals, payment-card brand and last 4 digits (we never store the full card number).
• Bidder verification data: date of birth, photo identity document type and last 4 digits of its number, tax residency, VAT / NI number, where applicable.
• Technical data: IP address, browser type, language, referring URL, pages viewed (for fraud prevention and site analytics).

• Contract — UK GDPR Art. 6(1)(b): creating and managing your account, fulfilling orders, communicating about your purchase.
• Legal obligation — Art. 6(1)(c): verifying bidder identity (Money Laundering Regulations 2017), record-keeping for HMRC (seven-year retention).
• Legitimate interests — Art. 6(1)(f): fraud prevention, securing the Website, basic site analytics.
• Consent — Art. 6(1)(a): marketing emails. Withdrawn at any time via the unsubscribe link.

Order and accounting records: 7 years after the transaction date, in line with HMRC requirements (Schedule 11 of the VAT Act 1994 and section 388 of the Companies Act 2006).

Account data of inactive accounts: deleted after 3 years of inactivity, or sooner on request.

Bidder ID document numbers: only the last 4 digits are retained after the verification check.

Marketing preferences: kept until you withdraw consent.

We share data only with processors who help us run the business: our payment provider (Stripe), our shipping carriers (DPD, Royal Mail, DHL), our email service (Postmark) and our cloud hosting partner (Hetzner). All processors are bound by data-processing agreements with appropriate safeguards.

We do not sell your personal data, and we do not share it with advertising networks.

Where data is transferred to processors outside the UK, the transfer is governed by the UK Information Commissioner's International Data Transfer Agreement (IDTA), or — for transfers to the EU — the European Commission's adequacy decision of June 2021, supplemented by the UK Addendum to the Standard Contractual Clauses where required.

See our Cookie Policy for the full list. In short: we use a small number of necessary cookies (session, basket) and ask for your consent before any analytics or marketing cookies are set.

You have the right to:

• access the personal data we hold about you;
• have inaccurate data corrected;
• ask us to delete your data, where the legal basis permits;
• restrict processing;
• portability — receive your data in a machine-readable form;
• object to processing based on legitimate interests;
• withdraw consent for marketing at any time.

To exercise any of these rights, please submit a request via our contact page, marked for the attention of the Data Protection Officer. We respond within one calendar month.

If you are unhappy with the way we handle your personal data, you have the right to lodge a complaint with the UK Information Commissioner's Office at ico.org.uk or by phone on 0303 123 1113.

We may update this notice from time to time. Material changes will be notified to registered customers by email at least 30 days before they take effect.