Privacy Policy
Privacy Policy
The Amateur Angler
Last updated: 27 December 2025
This Privacy Policy explains how The Amateur Angler (“we”, “us”, “our”) collects, uses, stores, and protects personal data when you visit our website, create an account, place an order, or otherwise interact with us.
We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Nothing in this policy affects your statutory rights.
1. Data Controller
For the purposes of UK data protection law, The Amateur Angler is the data controller.
Contact details for data protection matters are provided at the end of this policy.
2. Personal Data We Collect
a) Information You Provide to Us
We may collect:
Full name
Email address
Password (stored in encrypted/hashed form)
Billing and delivery address
Telephone number (if provided)
Account preferences
Communications with us (emails, contact forms, customer support)
b) Order & Transaction Information
When you place an order, we collect:
Products purchased
Order history
Payment status and transaction references
Refund and return records
We do not store full card numbers or CVV details.
c) Automatically Collected Information
When you visit our website, we automatically collect:
IP address
Device type, operating system, and browser
Pages visited and navigation paths
Time spent on pages
Referring URLs
This information is collected using cookies and similar technologies (see our Cookies Policy).
3. Payments
Payments are processed securely via WooPayments and its authorised payment partners (which may include card networks, Stripe, or PayPal).
We do not store payment card details
Payment tokens (e.g. saved cards) are stored securely by the payment provider
Payment providers act as independent data controllers for payment data
4. How We Use Personal Data
We use personal data to:
Provide and manage user accounts
Process and fulfil orders
Take and manage payments
Arrange delivery of goods
Provide customer support
Manage returns, refunds, and warranties
Communicate with you about orders or services
Improve website functionality and performance
Prevent fraud and protect site security
Send marketing communications where consent has been provided
5. Lawful Bases for Processing
Under UK GDPR, we rely on the following lawful bases:
Contract – to fulfil orders and provide services
Legal obligation – to comply with tax, accounting, and regulatory requirements
Legitimate interests – for fraud prevention, security, and service improvement
Consent – for marketing communications and non-essential cookies
You may withdraw consent at any time where consent is the lawful basis.
6. Marketing & Communications
We use Mailchimp to manage email communications.
Marketing emails are sent only where you have opted in
Abandoned-cart emails are sent only where consent has been given
You may unsubscribe at any time using the link in our emails
Service emails (such as order confirmations) are not marketing and cannot be opted out of.
7. Analytics, Advertising & Tracking
Where consent has been provided, we may use:
Google Analytics – website usage analysis
Hotjar – user behaviour analysis
Meta (Facebook & Instagram) Pixel – advertising measurement
TikTok Pixel – advertising performance tracking
These tools may collect online identifiers such as IP address and browsing behaviour.
Full details are provided in our Cookies Policy.
8. Reviews & User-Generated Content
Where enabled, users may submit product reviews, including text and images.
Reviews are moderated before publication. Approved reviews may be publicly visible.
9. Sharing Personal Data
We share personal data only where necessary with trusted third parties, including:
Website hosting providers
Payment processors (WooPayments and partners)
Email marketing providers (Mailchimp)
Analytics and performance tools
Courier and delivery partners
All third parties are required to process data securely and lawfully.
We do not sell personal data.
10. International Data Transfers
Some service providers may process personal data outside the UK.
Where this occurs, appropriate safeguards are in place, including:
UK adequacy regulations
UK Standard Contractual Clauses
International Data Transfer Addendum
11. Data Retention
We retain personal data only for as long as necessary:
Order and financial records: up to 6 years (HMRC requirement)
Active user accounts: retained while the account remains active
Inactive accounts: deleted or anonymised after 24 months
Analytics and log data: retained for up to 5 years
12. Your Rights Under UK GDPR
You have the right to:
Access your personal data
Request correction of inaccurate data
Request erasure of personal data (where legally permissible)
Restrict processing
Object to processing
Request data portability
Withdraw consent at any time
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO).
13. Security Measures
We use appropriate technical and organisational measures, including:
SSL/TLS encryption
Secure hosting
Role-based access controls
Two-factor authentication for administrative access
Ongoing security monitoring
14. Data Breaches
In the event of a personal data breach:
The incident will be investigated promptly
The ICO will be notified where legally required
Affected individuals will be informed where there is a risk to their rights and freedoms
15. Children’s Data
Our website and services are not intended for individuals under 18.
We do not knowingly collect personal data from children.
16. Changes to This Policy
We may update this Privacy Policy from time to time.
The “Last updated” date will be amended accordingly.
17. Contact Us
For questions, data requests, or complaints, contact:
If you are not satisfied with our response, you may lodge a complaint with the Information Commissioner’s Office (ICO).