Privacy policy

Last updated: 24 May 2026

This Privacy Policy explains how Kit Rock ("we", "us", "our") collects, uses, shares and protects your personal information when you visit kit-rock.com, place an order, contact us, or otherwise interact with our store and services (the "Services").

Kit Rock is the data controller of your personal information for the purposes of the UK General Data Protection Regulation ("UK GDPR") and the Data Protection Act 2018. Our store is hosted on Shopify, which acts as our data processor for most of the personal information collected through the Services.

By using the Services you confirm you have read and understood this Privacy Policy. If you do not agree with it, please do not use the Services.

1. Who We Are

Kit Rock is a UK-based retailer of football kits and related apparel.

  • Trading name: Kit Rock
  • Registered address: 11 Ellesmere Gardens, IG4 5DA, United Kingdom
  • Contact email: Kitrock00@gmail.com
  • Shipping region: United Kingdom only

2. Information We Collect

We collect the following categories of personal information, depending on how you interact with us:

  • Identity and contact data — name, email address, phone number, billing address, shipping address.
  • Order and transaction data — products ordered, sizes, custom-print options (e.g. name and number on shirt), order value, order date, payment status, refund and return history.
  • Payment data — payment method type and last four digits of your card. We do not see or store your full card details. Full card details are processed directly by Shopify Payments / Shop Pay and PayPal under their own privacy policies.
  • Account data — if you create a customer account: username, password (hashed), saved addresses, order history, wishlist items.
  • Marketing and communications data — email and SMS opt-in status, marketing preferences, click and open events on our marketing messages.
  • Technical and usage data — IP address, device type, browser type and version, operating system, time zone, referring URL, pages viewed, items added to cart, search terms used on our site, session duration, and similar interaction events.
  • Customer support data — the content of emails, chat messages, or other communications you send us, including any attachments.

3. How We Collect Your Information

  • Directly from you when you place an order, create an account, sign up to our newsletter or SMS list, or contact us.
  • Automatically through cookies, pixels, and similar technologies when you browse the site (see Section 8).
  • From third-party services we use to run the store, such as Shopify, payment processors (Shop Pay, PayPal), our email/SMS platform (Klaviyo), and analytics and advertising partners (Google, Meta, TikTok).

4. How We Use Your Information and Our Legal Basis

Under UK GDPR we must have a lawful basis for processing your personal data. The legal bases we rely on are:

  • Performance of a contract — to take and fulfil your order, process payment, arrange delivery, handle returns and refunds, and provide order updates and customer support.
  • Legal obligation — to retain transaction and tax records (HMRC requires retention for at least 6 years), to handle consumer-rights requests, and to respond to lawful requests from authorities.
  • Legitimate interests — to operate, secure and improve the Services, prevent fraud and chargebacks, analyse store performance, send service-related communications, and (where permitted) send marketing to existing customers about similar products. You can object to this at any time.
  • Consent — to send you marketing emails or SMS where required by law, to set non-essential cookies (analytics, advertising, retargeting), and to process any special category data you voluntarily provide. You can withdraw consent at any time.

5. Marketing Communications

Where you have given consent, or where the soft opt-in applies under PECR, we may send you:

  • Email marketing — newsletters, restock alerts, kit drops, promotions, and abandoned-cart reminders, sent via Klaviyo.
  • SMS marketing — text messages with offers and launches, sent via Klaviyo, only if you have explicitly opted in.
  • Targeted advertising — adverts shown to you on Meta (Facebook/Instagram), TikTok, and Google based on your activity on our site, using cookies and pixels.

You can opt out at any time by clicking "unsubscribe" in any marketing email, replying STOP to any marketing text, updating your preferences in your account, or emailing Kitrock00@gmail.com. Even if you opt out of marketing, we will still send transactional messages (order confirmations, shipping updates, returns) as these are necessary to perform our contract with you.

6. Who We Share Your Information With

We do not sell your personal information. We share it only with the following categories of recipient, and only for the purposes described:

  • Shopify Inc. — our e-commerce platform and hosting provider, processing orders, accounts, checkout and analytics on our behalf.
  • Shopify Payments / Shop Pay — to process card payments, fraud screening and chargebacks.
  • PayPal (Europe) S.à r.l. et Cie, S.C.A. — to process PayPal payments at checkout.
  • Klaviyo, Inc. — to send email and SMS marketing and transactional flows, and to segment audiences.
  • Google LLC (Google Analytics, Google Ads) — to measure site performance and serve adverts.
  • Meta Platforms Ireland Ltd. (Facebook / Instagram Pixel) — to measure ad performance and serve retargeting adverts.
  • TikTok Information Technologies UK Ltd. (TikTok Pixel) — to measure ad performance and serve retargeting adverts.
  • Shipping carriers we use to deliver UK orders, who receive your name, delivery address, phone number and email for delivery purposes only.
  • Professional advisers such as accountants, lawyers and insurers where necessary.
  • Regulators, law enforcement and government bodies where we are legally required to disclose information.
  • A buyer or successor in the event of a merger, acquisition, restructuring, or sale of all or part of our business.

7. International Transfers

We ship only within the United Kingdom, however some of our service providers (including Shopify, Klaviyo, Google, Meta and TikTok) are based outside the UK and may process your data in the United States, the European Economic Area, or other countries.

When we transfer personal data outside the UK we rely on one of the following safeguards: (a) the recipient country has been recognised by the UK as providing adequate protection; (b) we use the UK International Data Transfer Agreement (IDTA) or the EU Standard Contractual Clauses with the UK Addendum; or (c) another lawful transfer mechanism under the UK GDPR. You may request a copy of the safeguard in place by contacting us.

8. Cookies and Tracking Technologies

We use cookies, pixels, local storage and similar technologies to operate the site, remember your preferences and basket, analyse usage, and deliver targeted advertising. Categories include:

  • Strictly necessary — required for checkout, cart, login and security. Always on.
  • Analytics — Google Analytics. Set only with your consent.
  • Marketing / advertising — Meta Pixel, TikTok Pixel, Google Ads, Klaviyo on-site tracking. Set only with your consent.

You can manage your preferences via our cookie banner, your browser settings, or the opt-out tools provided by each advertising network.

9. How Long We Keep Your Information

  • Order, transaction and tax records — at least 6 years after the end of the tax year in which the transaction occurred, in line with HMRC requirements.
  • Customer accounts — for as long as the account is active, plus up to 24 months of inactivity, after which we may delete or anonymise it.
  • Marketing data — until you unsubscribe or withdraw consent, plus a suppression record kept indefinitely to ensure we do not contact you again.
  • Customer support correspondence — up to 3 years after the matter is closed.
  • Cookies and analytics data — see the duration set against each cookie in our cookie banner.

10. Your Rights

Under UK GDPR you have the following rights in relation to your personal information:

  • Access — to a copy of the personal data we hold about you.
  • Rectification — to have inaccurate or incomplete data corrected.
  • Erasure — to ask us to delete your personal data in certain circumstances.
  • Restriction — to ask us to restrict our processing in certain circumstances.
  • Objection — to object to processing based on our legitimate interests, including direct marketing.
  • Portability — to receive your data in a structured, machine-readable format and to have it transferred to another controller, where technically feasible.
  • Withdraw consent — at any time, where we rely on your consent.
  • Not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects.

To exercise any of these rights, email us at Kitrock00@gmail.com. We may need to verify your identity before responding and will reply within one month, unless the request is complex, in which case we may extend by up to two further months.

11. Children

The Services are not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it.

12. Security

We use appropriate technical and organisational measures to protect your personal information against unauthorised access, loss, misuse or alteration, including HTTPS encryption across the site, PCI-DSS-compliant payment processing through Shopify and PayPal, and access controls on our admin systems. No system is 100% secure; if you believe your account has been compromised, contact us immediately.

13. Third-Party Links

The Services may contain links to third-party websites or social media platforms that we do not control. We are not responsible for their privacy practices. Please review their privacy notices before sharing any personal information with them.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other operational reasons. We will update the "Last updated" date above and, where required, notify you of material changes by email or a prominent notice on the site.

15. Complaints

If you have a complaint about how we handle your personal information, please contact us first at Kitrock00@gmail.com and we will do our best to resolve it. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

16. Contact

If you have any questions about this Privacy Policy or how we handle your personal information, please contact us: