1. Introduction
Redline Collectibles Ltd (“Redline Collectibles”, “we”, “us”, “or “our”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use our website, purchase from us, trade with us, or otherwise interact with our services (together, the “Services”).
This notice is designed to meet the transparency requirements of the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR). If we offer goods or services to people in the European Economic Area (EEA), the EU GDPR also applies to that processing.
2. Who we are (Data Controller)
- Controller: Redline Collectibles
- Registered office: Grosvenor House, 3 Chapel Street, Congleton, Cheshire, England, CW12 4AB
- Company number: 16639902
- ICO registration number: ZB955077
- Website: https://www.redlinecollectibles.co.uk
- Email (privacy enquiries): contact@redlinecollectibles.co.uk
- Customer support: support@redlinecollectibles.co.uk
- Phone: +44 7435 136650
We have not appointed a statutory Data Protection Officer. Our privacy lead can be reached at contact@redlinecollectibles.co.uk.
Accounts & authentication: If your account is created/hosted on an e-commerce platform or marketplace, that provider is a separate controller for authentication data (e.g. usernames and passwords).
Website & store platform / developers: Our website and online store are hosted and maintained by external providers. For activities where we decide the purposes and means (e.g., taking orders, managing customers), we act as the data controllers and these controllers act as our processors. They may act as separate controllers for their own platform logs and security monitoring, and for any user authentication they may provide. Where necessary, data-processing terms are in place requiring external parties to act only on our instructions, maintain confidentiality and security, restrict sub-processors, assist with data-subject rights and incident management, and delete/return personal data at end of contract.
If you are in the EEA: if we target or offer goods/services to you and have no EU establishment, we will appoint an EU Representative under Article 27 GDPR. Details (name, address, and contact) will be added here when applicable. Until then, please contact us using the details above.
3. Scope of this notice
This notice covers personal data we process about:
- Visitors to our website and users of our online store;
- Customers (buyers and traders) and prospective customers;
- Individuals who sign up to marketing, competitions, events, or surveys;
- People who contact us for support or via social media.
It does not cover the privacy practices of independent third parties you interact with (for example, payment services or social media platforms acting as separate controllers). Please review their privacy notices.
4. What data we collect
We collect and process the following data:
- Information you provide directly
- Identification and contact information (full name, billing/shipping address, email, phone).
- Account credentials (e.g., account ID and email/username). Account information is stored securely, and where passwords are stored, they are stored in accordance with ISO 27001.
- Order and trade details; return/warranty requests; communication history.
- Marketing preferences and consent.
- Payment information (processed by payment providers who are selected with careful consideration of their compliance with PCI DSS, GDPR, and, where relevant, other applicable information security standards.
- Information collected automatically
- Device and technical data (IP address, device identifiers, browser type/version, time zone, operating system).
- Usage data (pages viewed, clicks, referring/exit pages, date/time stamps, session IDs).
- Cooke and similar tracking data (see Cookies & Tracking below).
- Information from third parties
- Payment services (e.g., transaction confirmations, chargeback data).
- Delivery partners (e.g., tracking updates and delivery confirmations).
- Fraud-prevention and security services (e.g., risk signals).
- Social networks if you interact with us there (your public profile and message content).
- On-site video recording (markets & events)
- Images and video (and incidental audio, if captured) of our stall area and its immediate vicinity at trading venues, including date/time and approximate location.
We do not intentionally collect special categories of data (e.g., health, biometric, or criminal data).
5. Purposes, lawful bases, recipients, and retention
We only use your personal data when the law allows. Below is a summary of the main purposes, the lawful basis relied upon, key recipients, and typical retention periods. Where we rely on legitimate interests, we have balanced those interests against your rights and expectations.
| Purpose | Categories of data | Lawful basis | Legitimate interests | Key recipients/categories | Retention |
| Account creation and management | Identification, contact, account identifiers, preferences | Contact (to create/manage your account); Legitimate interests (to operate our Services) | Efficient account access; prevent duplicate/fraudulent accounts | E-commerce platform, IT hosting, CRM | The entirety of the period of activity and 24 months thereafter, then deletion/anonymisation. This may be extended in the event of civil or criminal proceedings in relation to the account. |
| Order processing and fulfilment | Identification, contact, order details, delivery info | Contract | N/A | Payment processors (as independent controllers), warehousing, couriers | 6 years for transactional records (tax/accounting) |
| Payments & refunds | Identity, contact, order value, partial payment details | Contract; Legal obligation (accounting) | N/A | Payment processors (controllers), banks | 6 years |
| Customer support & communications | Identity, contact, order/trade history, communications | Legitimate interests (responding to queries); Contract (where related to an order) | Provide effective support and resolve issues | CRM providers | 5 years from the date of incident closure (to handle follow-ups/claims) |
| Returns, warranty & recalls | Identity, contact, product details, proof of purchase | Contract; Legal obligation | N/A | Logistics partners, manufacturers (where applicable) | Up to 6 years (period of limitation due to tax/accounting) |
| Marketing by email/SMS | Identity, contact, preference, purchase history (for segmentation) | Consent (prospect & SMS); Legitimate interests (soft opt-in for similar products to existing customer) | Promote relevant products; grow the platform | Email/SMS platforms as processors | Until opt-out/withdrawal; we keep a suppression list indefinitely |
| Competitions & events | Identity, contact, entry details | Consent; Contract (to administer the promotion) | N/A | Promotion administrators, prize couriers | Promotion end + 12 months |
| Fraud prevention & security | Identity, contact, device/technical data, risk signals | Legitimate interests; Legal obligation (where applicable) | Protect our customers and business; prevent fraud and abuse | Fraud-prevention tools, payment services, security providers | Event logs are typically retained for 24 months; blacklists are retained indefinitely |
| On-site video recording (markets & events) | Images/video (and incidental audio), date/time, stall area/location | Legitimate interests (safety, loss prevention, evidence) | Deter/prevent theft and abuse towards staff and/or customers; investigate incidents; protect staff and customers | Venue operators (separate controllers), security providers, insurers, law enforcement where lawful | 30 days typical; longer where required for an investigation or claim |
| Analytics & service delivery improvement | Device/usage data, cookie IDs | Consent (for non-essential cookies); Legitimate interests (aggregated insights where permitted) | Improve site performance and user experience | Analytics providers | Per cookie lifetime (see Cookie Policy) or aggregated/anonymised |
| Legal, compliance & disputes | Any relevant data | Legal obligation; Legitimate interests (establish/defend claims) | Keep proper records; cooperate with authorities | Professional advisers; courts/authorities | As long as necessary until incident resolution; typically up to 6 years |
On-site video recording (markets & events)
- We may operate a phone-mounted camera above/near our stall to record the stall area and immediate vicinity for safety and loss-prevention purposes.
- Notice: where recording is in operation, we display a sign with contact details and purpose.
- What is captures: Primarily video of the stall area. We do not intentionally record irrelevant audio, and audio is disabled where practicable, but incidental audio may be captured.
- Use & sharing: Footage is used to deter or investigate theft, abusive behaviour, accidents, or other incidents, and may be shared with venue operators (Who may run their own CCTV as separate controllers), insurers, or law enforcement where lawful.
- Retention: We normally keep footage for 30 days, extending it where reasonably required for an investigation or insurance claim.
- Access requests: To request a copy of footage that identifies you, email contact@redlinecollectibles.co.uk with the date, approximate time, venue/location, and a description of your appearance/clothing. We may need to mask/blur third parties to protect their rights.
Providing data: Some data is necessary to enter into a contract with us (e.g., name, address, contact, and payment details). If you do not provide this information, we may be unable to fulfil your order.
6. Direct marketing (PECR)
- We send marketing only where we have your consent (e.g., newsletters or SMS) or were permitted under the soft opt-in for existing customers about similar products.
- You can object to or opt out of marketing at any time using the unsubscribe link in our emails, replying STOP to SMS, or contacting us.
- We never use pre-ticked boxes. Your choices are honoured immediately, and we maintain a suppression list to ensure we do not contact you again unless you ask us to.
7. Cookies & tracking technologies
We use cookies and similar technologies to operator our site, remember your preferences, and (with your consent) to measure performance and personalise marketing.
- Essential cookies are necessary for the site to function (e.g., basket, checkout, security). These are always on.
- Analytics cookies help us understand how our site is used.
- Marketing cookies help us show relevant offers.
On your first visit you will see our cookie banner where you can accept, reject, or customise non-essential cookies. You can change your choices at any time via the Cookie Settings link below.
See our separate Cookie Policy for a full list of cookies/trackers, purposes, and lifetimes.
8. Sharing your data
We never sell your personal data. We share it only as needed with:
- Payment service providers (independent controllers) to process payments and prevent fraud.
- Website developers/maintainers and hosting providers (processors) for site builds, maintenance, and store administration; always under our zero-trust rules-based access control.
- E-commerce platform and marketplace providers (separate controllers for user authentication and account credentials; may act as our processors for store operations of the online store).
- Couriers and logistics partners to deliver your orders and manage returns.
- IT and cloud service providers (processors) for hosting, storage, CRM/helpdesk, email/SMS delivery, analytics, and security.
- Professional advisers (e.g., accountants, lawyers) and authorities where legally required.
If data is required to be sent to a data processor, contracts will be in place requiring them to keep your data secure and process it only under our instructions.
9. International data transfers
Some partners are located outside the UK/EEA. Where we transfer data internationally, we ensure appropriate safeguards are in place, such as:
- UK adequacy regulations (including the UK-US Data Bridge, where the recipient is certified);
- The UK International Data Transfer (IDTA) or the UK Addendum to the EU Standard Contractual Clauses;
- EU Standard Contractual Clauses for EEA transfers, if applicable;
- Additional technical and organisational measures following transfer risk assessments.
You can request a copy or summary of the relevant safeguards by contacting contact@redlinecollectibles.co.uk.
10. Children and young people
Our Services are aimed at general retail customers. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data without parental consent, please contact us using the contact details above so we can take appropriate action.
11. Automated decision-making and profiling
We do not make decisions based solely on automated processing that produce legal or similarly significant effects about you.
We may use limited profiling (e.g. segmenting customers by purchase history to send relevant offers where permitted). You can object to profiling for direct marketing at any time (see Your Rights).
Fraud-prevention providers and payment services may conduct automated checks. If an automated check appears to have affected you adversely, contact us and we will ensure a human review.
12. Security
We implement appropriate technical and organisational measures designed to protect personal data, including, but not limited to:
- TLS encryption for data in transit;
- Access controls, least-privilege permissions, and staff confidentiality commitments;
- Secure development practices;
- Regular reviews of our suppliers’ security commitments;
- Admin and development access controls with least-privilege permissions.
No method of transmission or storage is 100% secure; we continually improve our safeguards in line with risk.
13. Data retention
Please see the table in Section 5 for retention policies.
14. Your rights
Under data protection law, you have the following rights (subject to conditions and exemptions):
- Access – receive a copy of your personal data.
- Rectification – correct inaccurate or incomplete data.
- Erasure – ask us to delete your data in certain situations.
- Restriction – ask us to limit processing of your data in certain situations.
- Portability – receive your data in a structured, commonly used format and have it transmitted to another controller where technically feasible.
- Object – object to processing based on our legitimate interests, including profiling for marketing; we will stop unless we have compelling legitimate grounds.
- Withdraw consent – where we rely on consent (e.g. newsletters or SMS), you can withdraw it at any time; this does not affect processing already carried out.
- Complain – to the ICO (see below) or your local authority.
How to exercise your rights: email contact@redlinecollectibles.co.uk. We may request proof of identity and information to help locate your data.
Timelines: we aim to respond within one month of receipt. We may extend by up to two further months for complex or numerous requests; if so, we will tell you why. Requests are free of charge unless manifestly unfounded or excessive.
15. Complaints
If you are unhappy with how we handle your data, please contact us first so we can try to resolve it. You can also complain to the UK Information Commissioner’s Office (ICO): www.ico.org.uk. If you are in the EEA, you may contact your local data protection authority.
16. Third-party links & social media
Our website may contain links to other websites, plug‑ins, or social media features. Clicking those links may allow third parties to collect or share data about you. We are not responsible for their privacy practices; please read their privacy notices.
17. Changes to this policy
We may update this Privacy Policy from time to time. We will post the updated version on our website with the effective date shown at the top. If we make material changes, we will take reasonable steps to notify you (e.g., by email to account holders or via a site notice).
18. Contact us
Please view Section 2 (Who we are) for relevant methods to contact us.
Version 1.0
Last updated 12/11/2025
