Data Protection Policy – BoardLore

1. Introduction

At BoardLore, we take the privacy and security of your personal information seriously. Whether you are visiting our board game store, participating in tournaments, joining game nights, or ordering products online, we are committed to protecting your data. This Data Protection Policy explains how we collect, use, store, and safeguard your information in accordance with applicable data protection laws. By engaging with our services, you agree to the terms of this policy.

2. Scope of the Policy

This policy applies to all individuals who interact with BoardLore, including customers, event participants, and members of our loyalty programs. It covers data collected through in-person visits, phone or email communication, online purchases, event registrations, and feedback forms.

3. Personal Data We Collect

To provide our services and improve your experience, we may collect the following categories of personal information:

• Contact Details: full name, address, phone number, and email.
• Account Information: username, password, and preferences if you create an online account.
• Transaction Data: purchase history, payment method details (excluding sensitive payment card numbers, which are handled by secure processors), and receipts.
• Event Participation Data: sign-up forms, attendance records, and competition results.
• Communication Data: feedback, inquiries, or requests submitted via email, in-store, or on forms.
• Marketing Preferences: opt-ins or opt-outs for newsletters, promotional messages, or special offers.

We do not intentionally collect sensitive personal data unless it is necessary and provided with explicit consent.

4. How We Use Your Personal Data

Your data is processed to support our operations and enhance your experience. The purposes include:

• Order Fulfillment: processing and delivering purchases of board games, accessories, and merchandise.
• Customer Service: responding to inquiries, resolving issues, and assisting with returns or exchanges.
• Event Management: organizing game nights, tournaments, and workshops, and communicating relevant details.
• Loyalty Programs: managing membership benefits, discounts, and reward points.
• Marketing Communications: sending updates, offers, and event invitations when you have given consent.
• Security and Compliance: preventing fraud, protecting our premises, and meeting legal obligations.

5. Legal Basis for Processing

We process your personal data under one or more of the following legal bases:

• Contractual Necessity: to fulfill your orders and provide requested services.
• Legitimate Interests: to improve our operations, maintain security, and grow our business.
• Consent: for marketing communications and certain optional activities.
• Legal Obligation: to comply with laws such as taxation or record-keeping requirements.

6. Data Retention

We keep your personal data for only as long as necessary for the purposes outlined in this policy, unless a longer retention period is required by law. Once your data is no longer needed, it will be securely deleted or anonymized.

7. Sharing Your Data

We do not sell or rent your personal data. However, we may share information with:

• Service Providers: payment processors, delivery companies, and IT service providers who help us operate our business.
• Event Partners: when co-hosting tournaments or game events, limited data may be shared for coordination purposes.
• Legal Authorities: if required to comply with legal processes or enforce our rights.

All third parties are required to keep your data secure and use it only for the agreed purposes.

8. Data Security

We use a range of technical and organizational measures to protect your personal data, including:

• Secure storage systems for both digital and physical records.
• Access control to limit who can view or process personal data.
• Encryption for sensitive information during transmission.
• Regular staff training on data protection responsibilities.

9. International Data Transfers

If your data is transferred to a country outside your own, we ensure that appropriate safeguards are in place, such as contractual protections and secure processing methods.

10. Your Rights

You may have the following rights under applicable law:

• Access: request a copy of the personal data we hold about you.
• Correction: update or correct inaccurate information.
• Deletion: request that your personal data be erased, subject to legal requirements.
• Restriction: limit certain types of processing.
• Objection: stop the processing of your personal data for direct marketing.
• Data Portability: receive your data in a structured, commonly used, and machine-readable format.

Requests to exercise these rights may require verification of your identity.

11. Children’s Data

Our services are primarily intended for adults. We do not knowingly collect personal data from individuals under the age of legal consent for data processing. If such data is identified, it will be deleted promptly.

12. Changes to This Policy

We may update this Data Protection Policy from time to time to reflect changes in our business, technology, or legal requirements. The most recent version will always be available through our official communication channels.