Privacy Policy

Last updated: 7 April 2026 | store.rememberthexith.org

Contents

Who we are
What data we collect and why
Our legal basis for processing
How we use your data
Cookies and analytics
Third-party services
Who we share your data with
How long we keep your data
Your rights
Security
International transfers
Changes to this policy
Contact us

Summary Remember The XIth CIC takes your privacy seriously. We collect only the personal data we need to process and fulfil your order. We do not sell your data, and we do not use it for marketing unless you specifically ask us to. This policy explains what we collect, why, and what your rights are.

1. Who we are

Remember The XIth CIC is a Community Interest Company incorporated in England and Wales (Company Number: 17067647), with a registered address at 12, Siskin Way, Kidderminster, Worcestershire DY10 4TD, United Kingdom.

For the purposes of UK data protection law, Remember The XIth CIC is the data controller for personal data collected through this website and online store (store.rememberthexith.org).

This policy also applies to personal data collected through our main website at rememberthexith.org in connection with donations processed via Wise or Stripe.

We are not currently required to register with the Information Commissioner's Office (ICO) as a data controller, but we are committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 in all our data handling. If our processing activities change and registration becomes required, we will register accordingly.

If you have any questions about this policy or about how we handle your data, please contact us at contact@store.rememberthexith.org.

2. What data we collect and why

When you place an order

To process and fulfil your order, we collect:

Name and delivery address — to dispatch your order and complete customs documentation where required.
Email address — to send you an order confirmation and dispatch notification.
Order details — the items ordered, quantities, prices, and any applicable shipping information. We retain this as your order history.
Payment information — payment is handled entirely by PayPal. We do not see or store your full card details. We do receive confirmation from PayPal that payment has been made, including the transaction reference.

You are required to provide this information to complete a purchase. Without it, we cannot process your order.

When you make a donation

If you donate via Stripe or Wise Quick Pay on our main website, those platforms process your payment directly. We receive confirmation of the donation amount and, depending on the method, your name or email address. We do not store full payment card details.

When you browse our website

Like most websites, our server and any analytics tools we use may automatically collect certain technical information, including your IP address, browser type, referring page, and pages visited. See Section 5 (Cookies and analytics) for more detail.

When you contact us

If you email us or use a contact form, we will retain your name, email address, and the content of your message in order to respond to you and keep a record of our correspondence.

3. Our legal basis for processing

Under UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following:

Contract (Article 6(1)(b)): Processing your name, address, email address, and order details is necessary to perform the contract we have with you when you place an order.
Legal obligation (Article 6(1)(c)): We may be required to retain certain records (such as transaction data and export documentation) to comply with our legal and tax obligations.
Legitimate interests (Article 6(1)(f)): We process limited technical data (such as IP addresses and server logs) to keep our website secure and to understand how it is being used, provided this does not override your interests or rights.

We do not process your data on the basis of consent for any current activity, and we do not carry out automated decision-making or profiling.

4. How we use your data

We use the personal data we collect solely for the following purposes:

Processing and fulfilling your order, including dispatch and delivery.
Sending you transactional emails: order confirmation, dispatch notification, and responses to your enquiries.
Preparing customs and export documentation for international orders (Netherlands).
Maintaining financial records as required by law.
Protecting the security of our website and detecting fraudulent or abusive activity.
Improving our website and store based on aggregated, anonymised usage data.

We do not use your personal data for marketing or promotional communications. We do not add you to any mailing list as a result of placing an order.

5. Cookies and analytics

Cookies are small text files placed on your device by websites you visit. Our store at store.rememberthexith.org may use cookies for the following purposes:

Essential cookies: Required for the store to function — for example, maintaining your session while you browse and add items to your basket. These cannot be disabled without breaking core functionality.
Analytics cookies: If we use an analytics tool (such as self-hosted or privacy-focused analytics), these cookies help us understand how visitors use the site. Where possible, we configure analytics to anonymise IP addresses and avoid storing personally identifiable information.

You can control cookies through your browser settings. Please note that disabling essential cookies will affect your ability to use the store checkout.

We do not currently use advertising or tracking cookies, and we do not share cookie data with third-party advertisers.

6. Third-party services

We use the following third-party services that may process personal data in connection with your transaction or visit. Each is an independent data controller with its own privacy policy.

PayPal — Payment processing (store orders)

When you check out, you are redirected to PayPal to complete payment. PayPal processes your payment details directly. We receive transaction confirmation only.

PayPal is operated by PayPal (Europe) S.à r.l. et Cie, S.C.A. | PayPal Privacy Policy

Stripe — Donation processing (rememberthexith.org)

Stripe processes donation payments made through our main website. Stripe handles all card data; we do not store card details.

Stripe is operated by Stripe, Inc. and its European affiliate Stripe Payments Europe, Limited. | Stripe Privacy Policy

Wise — Donation processing (rememberthexith.org)

Wise Quick Pay processes certain donations on our main website. Wise handles the payment transaction and associated personal data directly.

Wise is operated by Wise Payments Limited, regulated by the FCA. | Wise Privacy Policy

Hostinger — Web hosting

Our website and store are hosted on a Hostinger VPS. Hostinger's servers may process data as part of normal hosting operations, including server logs containing IP addresses.

Hostinger International Ltd, Jonavos g. 60C, Kaunas, Lithuania. | Hostinger Privacy Policy

Royal Mail / Parcelforce — Delivery

We share your name and delivery address with our delivery carrier (Royal Mail or Parcelforce) for the sole purpose of delivering your order. For international shipments, this information also appears on customs documentation.

Royal Mail Privacy Notice | Parcelforce Privacy Policy

We do not sell, rent, or trade your personal data. We share it only in the following limited circumstances:

Delivery carriers (Royal Mail / Parcelforce): your name and address, solely to deliver your order.
Payment processors (PayPal, Stripe, Wise): as described in Section 6 above.
Our hosting provider (Hostinger): incidental access as part of normal server operations.
Legal requirements: if we are required to disclose data by law, court order, or to a regulatory authority, we will do so. We will notify you where legally permitted.
Customs authorities: for orders shipped to the Netherlands, your name, address, and order details appear on customs documentation as required by law.

We do not share your data with any marketing companies, data brokers, or other third parties not listed above.

8. How long we keep your data

We retain personal data only for as long as necessary for the purpose for which it was collected, and to meet our legal obligations:

Order and transaction records (name, address, email, order details): retained for 6 years from the date of the transaction, in line with HMRC record-keeping requirements for financial records.
Email correspondence: retained for as long as reasonably necessary to resolve your query, and no longer than 2 years thereafter unless there is an ongoing dispute.
Server logs and IP addresses: typically retained for up to 90 days by our hosting provider for security purposes.

Once data is no longer needed and the retention period has passed, we securely delete or anonymise it.

9. Your rights

Under UK GDPR, you have the following rights in relation to your personal data:

Right of access

You can request a copy of the personal data we hold about you (a Subject Access Request).

Right to rectification

You can ask us to correct inaccurate or incomplete data we hold about you.

Right to erasure

You can ask us to delete your data where we no longer have a lawful basis to hold it.

Right to restriction

You can ask us to restrict processing of your data in certain circumstances.

Right to object

You can object to processing based on legitimate interests. We will stop unless we have compelling grounds to continue.

Right to portability

Where processing is based on contract and carried out automatically, you can request your data in a portable format.

To exercise any of these rights, please contact us at contact@store.rememberthexith.org. We will respond within one month. We will not charge a fee for reasonable requests.

If you are not satisfied with how we have handled your data or responded to a request, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk/make-a-complaint or by calling 0303 123 1113.

10. Security

We take reasonable steps to protect your personal data from unauthorised access, loss, or disclosure. These include:

All data transmitted between your browser and our store is encrypted using HTTPS/TLS.
Access to our store's database and admin panel is restricted to authorised personnel only.
Payment processing is handled entirely by PCI DSS-compliant third parties (PayPal, Stripe, Wise). We do not store payment card data on our systems.
Our server is maintained with regular security updates.

No method of transmission over the internet is completely secure. In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify the ICO within 72 hours and inform affected individuals without undue delay, as required by UK GDPR.

11. International transfers

Your personal data is primarily stored and processed within the UK and the European Economic Area (EEA). However, some of our third-party providers (including PayPal and Stripe) may process data outside the UK/EEA. Where this occurs, those providers are required to ensure adequate safeguards are in place, such as Standard Contractual Clauses approved by the ICO or equivalent mechanisms.

For orders shipped to the Netherlands, your name and delivery address will be transmitted to Dutch and UK customs authorities as required by export and import law.

12. Changes to this policy

We may update this Privacy Policy from time to time — for example, if we add new services, change how we process data, or in response to changes in UK data protection law. Any significant changes will be noted at the top of this page with a revised "Last updated" date.

We encourage you to review this policy periodically. Your continued use of our website after any changes constitutes acceptance of the updated policy.

13. Contact us

If you have any questions, concerns, or requests relating to this Privacy Policy or the way we handle your personal data, please contact us:

Data controller contact Remember The XIth CIC
12, Siskin Way, Kidderminster, Worcestershire DY10 4TD, United Kingdom

Email: contact@store.rememberthexith.org
Website: Contact Us