Last updated: 8 May 2026
This privacy policy explains how SEBIKS LIMITED ("we", "us", "our"), trading as GOOSEBUMP, processes personal data when you visit goosebump.fit, place an order, or sign up for our email list. We are the data controller for the personal data described below.
We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the Privacy and Electronic Communications Regulations 2003, and the Digital Markets, Competition and Consumers Act 2024.
1. What we collect
| Category | Examples | When we collect it |
|---|---|---|
| Identity | Name, email, billing/delivery address | At checkout, on newsletter signup |
| Payment | Card details (handled by Stripe — we never see the full card number) | At checkout |
| Order | Items purchased, sizes, order total, gift codes used | At checkout |
| Technical | IP address, browser, device, pages visited | Automatically when you use the site |
| Marketing | Email engagement (open / click) | After you receive a marketing email |
| Communications | Anything you write to us by email | When you contact us |
2. Lawful basis (UK GDPR Art. 6)
- Contract — to take payment, ship your order, handle returns
- Legitimate interests — to operate, secure and improve the site, prevent fraud, defend our legal rights
- Consent — for marketing emails (opt-in via the signup form, opt-out at any time via the unsubscribe link)
- Legal obligation — to keep tax/HMRC records, respond to court orders, comply with consumer law
3. Who we share data with
We use a small number of trusted third parties strictly to deliver the service. We do not sell your personal data and never will.
- Stripe (payment processing) — privacy.stripe.com
- Brevo (transactional + marketing email) — brevo.com/legal/privacypolicy
- Cloudflare (hosting, DNS, analytics with no third-party trackers) — cloudflare.com/privacypolicy
- A UK print-on-demand fulfilment partner (manufactures and ships your order; receives only the data needed to fulfil)
- Sentry (anonymous error reporting; only after cookie consent) — sentry.io/privacy
4. International transfers
Some processors host data inside the UK / European Economic Area; some are based in the United States. Where US transfers occur, we rely on the UK–US Data Bridge and / or the EU-US Data Privacy Framework plus standard contractual clauses.
5. How long we keep it
- Order data: 6 years (UK tax law)
- Marketing list: until you unsubscribe (we honour requests within 5 working days)
- Analytics + error logs: 90 days
- Customer service email: 2 years unless tied to an open dispute
6. Your rights
Under UK GDPR you have the right to:
- access the personal data we hold about you
- correct inaccurate data
- erase your data ("right to be forgotten") where lawful basis no longer applies
- object to processing based on legitimate interests
- withdraw consent at any time
- receive your data in a portable format
- complain to the Information Commissioner's Office (ico.org.uk) without coming to us first
Email privacy@goosebump.fit to exercise any of these. We respond inside 30 days.
7. Cookies
See our Cookie Policy for the specifics. The short version: we set one essential cookie for the cart, and load Cloudflare Web Analytics + Sentry only after you click "Accept" on the banner. We never use Google Analytics, Meta Pixel, TikTok Pixel or similar third-party trackers.
8. Marketing
We only email you marketing if you opt in (e.g. via the newsletter signup). Every email has a one-click unsubscribe. We never share your email with other companies.
9. Children
The site is for adults. We don't knowingly collect data from anyone under 16; if you believe we have, contact us and we'll delete it.
10. Changes
If we change this policy in a material way, we'll email you (if you're on the list) and update the "last updated" date above. Minor wording fixes, we just push.
11. Contact
SEBIKS LIMITED, registered in England and Wales, Company No. 14807147. Questions: privacy@goosebump.fit.