PRIVACY POLICY – CHUMBAY (chumbay.net) Last updated: 13/12/2025 1. Who We Are CHUMBAY (“we”, “us”, “our”) operates the website https://chumbay.net (“Website”), an affiliate and content website that publishes product information, comparisons, reviews, and links to third‑party retailers and services. We are based in London, United Kingdom. Contact details: Email: support@chumbay.net Location: London, United Kingdom We act as a “controller” of your personal data under the UK GDPR and, where applicable, the EU GDPR. 2. What Personal Data We Collect 2.1 Information you provide to us We may collect the following information when you interact with our Website: - Account data: name (optional), email address, password (stored in hashed form), any profile details you choose to add. - Newsletter data: your email address and your marketing preferences. - Contact data: information you submit via contact forms or by emailing us directly (e.g. name, email address, message content). - Other information you choose to provide: for example, comments, feedback, or responses to surveys or promotions that we run. 2.2 Information collected automatically When you visit or use our Website, we automatically collect certain information using cookies, pixels and similar technologies, including: - IP address and approximate location (city/region level, not precise) - Browser type and version, operating system, device type - Referring URL (the page that led you to our Website) - Pages you visit, time spent on each page, click paths, and scroll behaviour - Technical event data such as errors, load times, and performance metrics 2.3 Cookies and similar technologies We use: - Strictly necessary cookies (for security, session management, and basic functionality). - Analytics cookies (e.g. Google Analytics, Hotjar, Cloudflare Analytics) to understand how the Website is used. - Advertising and tracking cookies (e.g. Google Ads, Meta Pixel, TikTok Pixel) to measure campaign performance and show relevant advertising. - Affiliate tracking parameters to attribute commission when you click an outbound link to a retailer and make a purchase. For more details, including types of cookies and storage periods, please see our Cookie Policy. 2.4 Data from affiliate and advertising partners When you click an affiliate link on our Website and make a purchase with a third‑party retailer (such as Amazon, eBay, or other affiliate networks), that retailer or affiliate platform may report back to us that: - A purchase occurred, - The value of the order, and - The products or categories involved, but this data is usually aggregated and pseudonymised. We do not receive your full payment card details or full account details from those retailers. 3. Purposes and Legal Bases for Processing We process your personal data for the purposes and on the legal bases listed below: 3.1 Operating and improving the Website - Purpose: To provide access to our content, ensure the Website functions correctly, fix errors, and improve user experience. - Legal basis: Our legitimate interests (running and improving our business and services). 3.2 User accounts - Purpose: To create and manage your user account, provide login functionality, and store your preferences. - Legal basis: Performance of a contract (providing you with an account you requested) and our legitimate interests. 3.3 Newsletter and marketing communications - Purpose: To send you updates, news, promotions and other marketing communications about our content and partners, where you have opted in. - Legal basis: Your consent. You can withdraw your consent at any time (see section 8). 3.4 Analytics and performance - Purpose: To understand how visitors use our Website, which content is popular, and where we can improve design and performance. - Legal basis: Your consent (for non‑essential analytics cookies and similar technologies). 3.5 Advertising, affiliate tracking and remarketing - Purpose: To track affiliate link performance, measure conversions, and run or measure advertising campaigns on platforms such as Google, Meta (Facebook/Instagram), TikTok and others. - Legal basis: Your consent (for non‑essential tracking and marketing cookies, pixels and similar technologies). 3.6 Security, fraud prevention and legal compliance - Purpose: To maintain the security of the Website and our infrastructure, prevent abuse, fraud or attacks, and comply with legal obligations. - Legal basis: Our legitimate interests (ensuring network and information security) and legal obligations where applicable. 4. How Long We Keep Your Data We keep personal data only for as long as necessary for the purposes described above or as required by law. Typical retention periods are: - Account data: for as long as you maintain an account. If you request deletion, we will remove or anonymise your account data, subject to any legal retention requirements. - Newsletter data: until you unsubscribe or withdraw your consent, plus a short period to record your opt‑out. - Analytics data: for the periods used by our analytics providers (often 12–26 months by default for Google Analytics). - Logs and security data: typically up to 12 months, unless required longer for investigations or legal reasons. - Affiliate performance data: in line with the retention practices of our affiliate partners, usually up to a few years in aggregated or pseudonymised form. 5. How We Share Your Data We do not sell your personal data. However, we share your data with trusted third parties who help us operate our business and Website. These include: 5.1 Hosting and infrastructure - Amazon Web Services (AWS) – for website hosting, data storage and related services. - Cloudflare – for security, CDN, and performance optimisation. 5.2 Analytics and user experience tools - Google Analytics – for usage statistics and performance analytics. - Hotjar – for heatmaps and behaviour analytics (where enabled). - Cloudflare Analytics – for aggregated traffic statistics. 5.3 Advertising, affiliate and marketing platforms - Google Ads and related Google marketing tools. - Meta (Facebook/Instagram) – via Meta Pixel and related advertising tools. - TikTok – via TikTok Pixel and related tools. - Affiliate networks and programs (such as Amazon Associates, eBay Partner Network, or others we may use from time to time). 5.4 Email and communication providers - Email delivery services (for example, Amazon SES or another email provider) used to send account emails, notifications and newsletters. 5.5 Payment and billing providers If at any point we offer paid services or products directly: - Payment gateways such as Stripe or PayPal (note: they process your card details directly; we do not store full card numbers). 5.6 Professional advisers and legal We may share data with legal, accounting, or other professional advisers where necessary, as well as with authorities if required by law or to protect our rights. All such third parties are required to process your data only according to our instructions and to provide appropriate security. 6. International Data Transfers Because many of our service providers are international organisations (for example, AWS, Google, Meta, TikTok), your personal data may be transferred outside the United Kingdom and European Economic Area (EEA), including to countries that may have different data protection laws. Where we transfer personal data outside the UK/EEA, we rely on appropriate safeguards, such as: - Adequacy regulations or decisions (where the destination country has been recognised as providing an adequate level of protection). - Standard Contractual Clauses (SCCs) and, where applicable, the UK International Data Transfer Addendum. - Other legally recognised transfer mechanisms. 7. User Accounts If you choose to create an account on chumbay.net: - You are responsible for keeping your login details confidential. - Your password is stored in hashed form and cannot be viewed in plain text by us. - You may update your account information at any time via your account settings. - You may request account deletion; upon deletion, we will remove or anonymise your personal data associated with the account, except where we must retain some information for legal, security or accounting reasons. 8. Email Newsletter If you sign up to receive our newsletter: - We will use your email address to send you news, updates, promotions and other marketing communications. - You can unsubscribe at any time by clicking the unsubscribe link in any email, or by contacting us at support@chumbay.net. - We may use an email service provider to manage our mailing list and send emails on our behalf. 9. Your Rights Under Data Protection Law Depending on your location and subject to certain conditions, you have the following rights: - Right of access: to obtain confirmation that we process your personal data and receive a copy of it. - Right to rectification: to correct inaccurate or incomplete personal data. - Right to erasure (“right to be forgotten”): to request deletion of your personal data in certain circumstances. - Right to restrict processing: to request that we restrict processing of your data in certain circumstances. - Right to object: to object to processing based on our legitimate interests or for direct marketing. - Right to data portability: to receive your personal data in a structured, commonly used, machine‑readable format and to transmit it to another controller where technically feasible. - Right to withdraw consent: where processing is based on your consent, you can withdraw it at any time (this does not affect processing prior to withdrawal). - Right not to be subject to automated decision‑making: we do not carry out decisions based solely on automated processing that have legal or similarly significant effects on you. To exercise your rights, please contact us at: support@chumbay.net We may need to verify your identity before responding. We aim to respond within one month, and may extend this by up to two further months for complex or numerous requests, in which case we will inform you. You also have the right to lodge a complaint with your local supervisory authority. In the UK, this is the Information Commissioner’s Office (ICO). 10. Data Security We use appropriate technical and organisational measures to protect your personal data, including: - Encryption in transit (HTTPS/TLS). - Security configurations and access controls on our servers and cloud infrastructure. - Use of reputable hosting providers and security tools. - Restricting access to personal data to staff or service providers who need it for legitimate purposes. However, no system can be completely secure; you share information with us at your own risk. You should also take care to protect your login details and devices. 11. Children’s Privacy Our Website is not intended for children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us and we will take steps to delete such data. 12. Links to Other Websites Our Website contains links to third‑party websites and services, including affiliate links to retailers and partners. We are not responsible for the privacy practices or content of those third‑party websites. We encourage you to review the privacy policies of any websites you visit via our links. 13. Changes to This Privacy Policy We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. When we do, we will update the “Last updated” date at the top of this page. We encourage you to review this Policy periodically. 14. Contact Us If you have any questions about this Privacy Policy or how we handle your personal data, please contact us at: Email: support@chumbay.net Location: London, United Kingdom
