Privacy policy

Privacy Policy – The Island Society

Effective date: 28 April 2026
Last reviewed: 28 April 2026

1. Introduction

The Island Society ("we", "us", "our") is committed to protecting personal data and respecting privacy rights. This Privacy Policy explains how we collect, use, store, share and protect personal information in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable UK privacy laws.

2. Who We Are

Data Controller: Jacques Enterprise LTD trading as The Island Society, a board games brand based in Monmouth, Wales, United Kingdom
Contact email: hello@theislandsociety.co.uk
Postal address: 31 Brook Estate, Monmouth, NP25 5AN, Wales, United Kingdom
Telephone: [insert phone number, if applicable]

If we are required to appoint a Data Protection Officer (DPO), their contact details will be published here.

3. Scope of This Policy

This policy applies to personal data we process relating to:

  • customers;

  • newsletter subscribers;

  • competition entrants;

  • event attendees;

  • website users;

  • retailers, distributors and trade contacts;

  • suppliers and contractors; and

  • any other individuals who contact us.

4. Personal Data We Collect

Depending on how you interact with us, we may collect:

Identity and Contact Data

  • full name;

  • postal address;

  • email address;

  • telephone number;

  • date of birth (where relevant);

  • emergency contact details (for activities/events).

Membership and Participation Data

  • membership status;

  • subscription/payment history;

  • attendance records;

  • volunteer roles;

  • communications preferences.

Financial Data

  • donation records;

  • bank/payment references;

  • billing details (processed securely via payment providers).

Technical Data

  • IP address;

  • browser/device information;

  • website usage data;

  • cookie preferences.

Special Category Data

We will only collect special category data (for example health, accessibility or dietary information) where necessary, lawful, and subject to additional safeguards.

5. How We Collect Data

We collect personal data when:

  • you apply for membership;

  • you complete forms or surveys;

  • you make payments or donations;

  • you register for events;

  • you contact us by email, phone, social media or post;

  • you use our website; or

  • third parties lawfully provide information to us (for example payment processors or referral partners).

6. Lawful Bases for Processing

We rely on one or more of the following lawful bases under UK GDPR:

  • Contract – to manage membership, bookings or services;

  • Legal obligation – to comply with legal/regulatory duties;

  • Legitimate interests – to administer and improve our organisation, provided your rights do not override those interests;

  • Consent – where required, including certain marketing or optional data uses;

  • Vital interests – in urgent situations involving health or safety.

Where consent is used, you may withdraw it at any time.

7. How We Use Personal Data

We may use personal data to:

  • process orders, payments and deliveries;

  • manage customer accounts and enquiries;

  • communicate product news, launches and updates;

  • organise demos, conventions, tournaments or promotional events;

  • maintain accounts and records;

  • respond to enquiries and complaints;

  • safeguard participants and manage health/safety matters;

  • improve our services, website and operations;

  • comply with legal obligations; and

  • protect our rights, property and security.

8. Marketing Communications

We may in future send newsletters, product announcements, promotions and updates where permitted by law or where you have provided consent. You can opt out at any time by using the unsubscribe link or contacting us.

9. Sharing Personal Data

We may share personal data only where necessary with:

  • Shopify and associated payment processors;

  • payment processors;

  • IT, hosting and website providers;

  • event venues or delivery partners;

  • professional advisers (legal, accounting, insurance);

  • regulators, law enforcement or public authorities where required; and

  • successors in the event of restructuring or transfer.

All third parties must respect confidentiality and process data lawfully.

10. International Transfers

Where personal data is transferred outside the UK, we will ensure appropriate safeguards are in place, such as adequacy regulations or approved contractual protections.

11. Data Security

We use proportionate technical and organisational measures to protect personal data, including access controls, secure systems, encryption where appropriate, staff confidentiality measures, and incident response procedures.

12. Data Retention

We retain personal data only for as long as necessary for the purposes collected, including legal, accounting, safeguarding and reporting requirements. Typical retention periods include:

  • customer order records: up to 6 years after the last transaction;

  • financial records: up to 6 years after relevant financial year end;

  • event records: up to 3 years unless longer retention is required;

  • enquiry correspondence: up to 2 years;

  • safeguarding records: as long as reasonably necessary under applicable guidance.

We may retain data longer where legally required or to establish, exercise or defend legal claims.

13. Your Rights

Subject to legal conditions and exemptions, you may have the right to:

  • access your personal data;

  • request correction of inaccurate data;

  • request erasure;

  • restrict processing;

  • object to processing based on legitimate interests;

  • data portability in certain cases;

  • withdraw consent where consent is relied upon; and

  • complain to the Information Commissioner's Office (ICO).

To exercise rights, contact us using the details above.

14. Complaints

If you are unhappy with how we handle personal data, please contact us first so we can address the issue. You also have the right to complain to the ICO:

Information Commissioner's Office
Website: https://ico.org.uk
Telephone: 0303 123 1113

15. Cookies and Website Tracking

Our website, www.theislandsociety.co.uk, may use cookies and similar technologies, including cookies provided through Shopify and analytics or advertising tools. Where required, we will request consent before placing non-essential cookies. Further details are available in our Cookie Policy.

16. Children’s Data

Where we collect data relating to children or young people, we apply additional safeguards and obtain consent from parents/guardians where required.

17. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be published with the effective date above.

18. Final Review Notes

This policy should be reviewed periodically and updated whenever business practices, suppliers, technologies or legal requirements change. Ensure any separate Cookie Policy, Terms of Sale and Refund Policy remain consistent with this Privacy Policy.