Trade in
Gameswap logo with game controller icons.

Last Updated: May 28, 2026

1. Introduction and Data Controller

This Privacy Policy governs the processing of personal data by GameSwap (“we”, “us”, “our”), operating via the website gameswap.shop.

The Data Controller for this website is Thomas Harris, trading as GameSwap, based in York, North Yorkshire, United Kingdom. As a UK-based e-commerce operator, we are fully committed to compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

For any data protection inquiries, you can contact us directly at: [email protected].

2. The Personal Data We Collect and Why

We only collect data that is strictly necessary to fulfill your orders, optimize site performance, ensure security, and provide an ultra-transparent checkout experience.

A. Transactional & Account Data (WooCommerce & Stripe)

When you make a purchase or attempt a purchase, we collect:

  • Identity Data: First name, last name.
  • Contact Data: Email address, telephone number.
  • Billing & Shipping Data: Delivery address, billing address.
  • Financial Data: Payment card details. Note: GameSwap operates a PCI-DSS compliant infrastructure. Your full card numbers never hit or store on our WordPress database; they are tokenized and processed directly via the secure Stripe API.
  • Purpose & Legal Basis: Performance of a Contract (to fulfill your order, process payment, and handle your 48-hour UK delivery and local warranty).

B. Behavioral, Technical & Session Data (Our Optimization Stack)

To defend against grey-market dropshippers and keep our edge routing clean, we log:

  • Technical Data: IP address, browser type, operating system, and geolocation data (via Cloudflare).
  • Session Data (Custom Marketing Frameworks):
  • QR Code Leaflet Coupons: If you scan a physical leaflet QR code, our server executes a two-step PHP session listener. It captures the coupon identifier (e.g., GMATCH10) on page load and caches it in your active PHP/WooCommerce session data to prevent shipping calculation lag, applying it automatically at checkout.
  • True Landed Cost Calculator: If you interact with our Elementor-based cost comparison widget, your input values or geographical tax thresholds are temporarily processed in your browser’s local storage to evaluate if you qualify for our “Match or Beat” exit-intent voucher system.
  • Purpose & Legal Basis: Legitimate Interests (protecting our profit margins, optimizing site speed, preventing cart abandonment, and ensuring correct localized tax displays).

C. Marketing & Tracking Analytics (Google Listings & Ads)

  • Usage Data: Pages viewed, time spent on site, products added to cart, and conversion paths.
  • Purpose & Legal Basis: Consent. We use this data to sync our inventory with Google Merchant Center and run optimized Performance Max campaigns. This tracking only fires if you explicitly accept our tracking cookies.

3. How We Share Your Data (Third-Party Processors)

We do not sell, rent, or trade your personal data. We only share data with essential third-party data processors critical to our infrastructure:

ProcessorPurposeData TransferredData Location 
StripePayment gateway authorization and fraud screening.Billing details, tokenized card data, transaction totals.US / Global (Standard Contractual Clauses applied)
GoogleInventory synchronization and Performance Max ad attribution.Product interaction data, hashed customer indicators for conversion tracking.US / Global (EU-US / UK-US Data Privacy Framework)
CloudflareEdge caching (APO), security filtering, and IP geolocation.IP Address, request payloads, traffic metadata.Global Network
Shipping CarriersRoyal Mail / Courier networks for 48-hour UK delivery.Name, delivery address, phone number (for SMS tracking notifications).UK / EU

4. Cookies and Local Storage Architecture

Our full cookie policy is available here.

5. International Data Transfers

While our core servers reside in high-security environments, certain integrations (such as Stripe and Google) require processing data outside the UK and the European Economic Area (EEA), primarily to the United States. Where these transfers occur, we ensure robust safeguard mechanisms are in place, including standard contractual clauses (SCCs) or reliance on the UK Extension to the EU-US Data Privacy Framework, guaranteeing an equivalent layer of protection.

6. Data Retention

We retain your data only as long as necessary to fulfill the operations detailed in this policy:

  • Order Histories: Retained for a minimum of 6 years to satisfy UK tax laws (HM Revenue & Customs) and validate our local UK product warranties.
  • Abandoned Cart Data: Unconverted session data gathered through our checkout pipeline is automatically purged within 30 days.

7. Your Statutory Legal Rights

Under the UK GDPR, you possess absolute rights regarding your data:

  • Right of Access: You can request a full copy of the personal data we hold on you.
  • Right to Rectification: You can demand correction of inaccurate shipping, billing, or identity profiles.
  • Right to Erasure (“Right to be Forgotten”): You can request that we delete your data, provided it does not conflict with our legal obligations to maintain tax records or active warranty logs.
  • Right to Restrict or Object to Processing: You can revoke consent for tracking cookies or marketing emails instantly.

To execute any of these rights, email [email protected] from your registered customer email address.

8. Regulatory Authority Complaints

If you believe GameSwap has processed your personal data unlawfully or failed to address a valid structural data grievance, you have the right to file a formal complaint with the UK supervisory authority:

Information Commissioner’s Office (ICO)

Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Website: https://ico.org.uk

0