Privacy Policy
1. Introduction
Welcome to Cardzillo (“we”, “us”, or “our”). We operate the website www.cardzillo.com (the “Site”), a platform for sports card and sticker collectors providing tools including collection management, checklists, trade matching, a 1-of-1 tracker, grading guides, and hobby news.
This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. If you have any questions, please contact us using the details in Section 11.
2. Who We Are
Cardzillo is the data controller for the personal data collected through this Site. We are based in Stoke-on-Trent, United Kingdom.
Contact: www.cardzillo.com/contact/
3. Data We Collect
3.1 Account Data
When you register for a free or premium account, we collect your name, email address, password (stored in encrypted form), and account preferences and settings.
3.2 Collection & Usage Data
When you use our collector tools, we store cards added to your collection or checklists, Trade Matcher preferences and wishlists, 1-of-1 Tracker entries, and Autograph database contributions.
3.3 Technical & Analytics Data
We automatically collect certain technical data when you visit the Site, including your IP address and approximate location, browser type and operating system, pages visited and time spent on them, referring URLs, and device identifiers. This data is collected via Google Analytics, Google Search Console, and Google Tag Manager. See Section 5 for full details.
3.4 Communications Data
If you contact us, subscribe to our newsletter, or submit feedback, we collect your name, email address, and the content of your communications.
3.5 Cookies
We use cookies and similar tracking technologies. Please see Section 9 for details.
4. How We Use Your Data
We process your personal data for the following purposes:
Providing and improving the Site and its features — Legal basis: Contract performance and legitimate interests
Managing your account and authentication — Legal basis: Contract performance
Sending service-related communications (e.g. account changes, security alerts) — Legal basis: Contract performance and legal obligation
Sending newsletters and hobby updates (only where you have opted in) — Legal basis: Consent
Analytics to understand how the Site is used and to improve content — Legal basis: Legitimate interests
Detecting and preventing fraud, abuse, or security threats — Legal basis: Legitimate interests and legal obligation
Complying with legal or regulatory obligations — Legal basis: Legal obligation
5. Google Analytics, Search Console & Google Tag Manager
5.1 Google Analytics
We use Google Analytics (provided by Google LLC, USA) to analyse Site traffic and user behaviour. Google Analytics uses cookies to collect anonymised data, including pages visited and duration, traffic sources and user journeys, device and browser information, and approximate geographic location (country/region level).
We have enabled IP anonymisation, meaning your full IP address is not stored. Data is processed by Google on our behalf under a Data Processing Agreement. Google may transfer this data to the USA; such transfers are covered by Standard Contractual Clauses.
You can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on: https://tools.google.com/dlpage/gaoptout
5.2 Google Search Console
We use Google Search Console to monitor the Site’s performance in Google Search results. This tool provides aggregated data about search queries and does not collect individual user data from Site visitors.
5.3 Google Tag Manager (GTM)
We use Google Tag Manager to manage and deploy tracking and analytics scripts (such as Google Analytics) across the Site. GTM itself does not collect personal data, but the tags it deploys may do so as described above.
GTM operates under Google’s Privacy Policy: https://policies.google.com/privacy
6. Data Sharing & Third Parties
We do not sell your personal data. We may share your data with:
Google LLC — for Analytics, Search Console, and Tag Manager (see Section 5)
WordPress / Automattic — as the underlying CMS platform for the Site
Email service providers — to send newsletters and transactional emails (where you have subscribed)
Law enforcement or regulators — where required by law or to protect our legal rights
All third-party processors are required to handle your data securely and in accordance with applicable data protection law.
7. Data Retention
We retain your data only for as long as necessary:
Account data: retained for as long as your account is active, plus up to 12 months after deletion
Collection data: retained as part of your account; deleted when you close your account
Analytics data: retained for 26 months in Google Analytics (Google’s default)
Newsletter subscriptions: retained until you unsubscribe
Communications: retained for up to 3 years
8. Your Rights
Under UK GDPR, you have the following rights regarding your personal data:
Right of access — request a copy of the data we hold about you
Right to rectification — ask us to correct inaccurate data
Right to erasure (‘right to be forgotten’) — request deletion of your data
Right to restriction — ask us to limit how we process your data
Right to data portability — receive your data in a structured, machine-readable format
Right to object — object to processing based on legitimate interests
Rights related to automated decision-making — we do not use automated profiling for decisions that significantly affect you
Right to withdraw consent — where processing is based on consent, you may withdraw it at any time
To exercise any of these rights, please contact us at: www.cardzillo.com/contact/
You also have the right to lodge a complaint with the UK’s supervisory authority — the Information Commissioner’s Office (ICO): www.ico.org.uk
9. Cookies
We use the following types of cookies on the Site:
Strictly necessary cookies — required for the Site to function (e.g. login sessions)
Analytics cookies — Google Analytics cookies to measure Site usage (see Section 5)
Preference cookies — to remember your settings
On your first visit, you will be presented with a cookie consent banner. You may accept or decline non-essential cookies. You can also manage cookies through your browser settings at any time. Note that disabling certain cookies may affect Site functionality.
10. Children’s Privacy
Cardzillo is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us with personal data, please contact us and we will delete it promptly.
11. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at: www.cardzillo.com/contact/
We aim to respond to all requests within 30 days.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date at the top of this page. We encourage you to review this Policy periodically. Continued use of the Site after changes are posted constitutes acceptance of the updated Policy.