Privacy Policy

Last updated: 25 February 2026

Leithal Hits (“we”, “us”, “our”) respects your privacy and is committed to protecting your personal data.

This Privacy Policy explains how we collect, use, and protect your personal information when you visit our website, make a purchase, or contact us.

1. Who we are

Leithal Hits is an Edinburgh-based Warhammer community group and event organiser. Our website includes information about our events and may offer products, bookings, or other services through our online checkout.

Contact email: team@leithalhits.co.uk

If you have any questions about this policy or your personal data, please contact us at the email above.

2. What personal data we collect

We may collect and process the following categories of personal data:

A) Information you provide directly

  • Name

  • Email address

  • Billing address

  • Shipping address (if applicable)

  • Phone number (if provided)

  • Order details (products purchased, amounts, dates)

  • Any information you submit through contact forms or messages

B) Payment information

When you make a purchase, payment information is processed by our payment providers (such as Stripe and/or Squarespace Payments, depending on our checkout setup). We do not store your full card details on our systems. Payment processing is handled by the payment processor under their own terms and privacy policies.

C) Website usage and analytics data

We use Google Analytics (and Squarespace analytics/cookies) to understand how visitors use our site, such as:

  • Pages viewed

  • Time spent on site

  • Traffic sources

  • Device/browser information

  • Approximate location (based on IP)

  • Site interactions (e.g. conversions)

Squarespace also uses cookies and analytics/performance cookies to support site functionality and reporting.

3. How we use your personal data

We use your data to:

  • Process and fulfil orders

  • Take payment and manage refunds or payment issues

  • Send order confirmations and service-related messages

  • Respond to enquiries and support requests

  • Manage our website, store, and customer records

  • Improve our website and services using analytics

  • Prevent fraud and protect our business

  • Meet legal, tax, and accounting obligations

4. Our lawful bases for processing (UK GDPR)

Under UK GDPR, we rely on the following lawful bases:

  • Contract – where we need your data to process your order or provide a service

  • Legal obligation – where we must keep records for tax/accounting or comply with legal requirements

  • Legitimate interests – for running and improving our website, preventing fraud, and managing our business

  • Consent – for non-essential cookies/analytics where required (via cookie banner preferences)

The ICO recommends privacy notices explain the lawful bases used and the rights available to individuals.

5. Payments and third-party providers

We use third-party providers to help operate our website and process orders.

Squarespace

Our website is hosted on Squarespace. Squarespace may process certain data (including site usage and checkout-related information) to provide the platform and related services. Squarespace also uses cookies and similar technologies.

Stripe / Squarespace Payments

If you pay online, payment processing is handled by Stripe and/or Squarespace Payments. Squarespace’s Payments Terms explain that payment processing services are provided by Stripe (or its affiliates) and that personal information connected to processing may be handled under Stripe’s privacy policy.

Google Analytics

We use Google Analytics to understand traffic and improve the site. Squarespace provides a built-in Google Analytics integration.

6. Cookies and similar technologies

We use cookies and similar technologies to:

  • Make the website work properly

  • Remember preferences

  • Measure traffic and performance

  • Understand how visitors use the site

Some cookies are essential for the website to function. Others (such as analytics cookies) may require your consent, depending on your location and applicable law.

Squarespace provides cookie banner tools and uses cookies for analytics and performance reporting.

You can manage cookie preferences through our cookie banner (where shown) and through your browser settings.

7. Who we share your data with

We only share personal data where necessary, including with:

  • Payment processors (e.g. Stripe / Squarespace Payments)

  • Website platform provider (Squarespace)

  • Analytics providers (e.g. Google Analytics)

  • Professional advisers (e.g. accountants, legal advisers) where needed

  • Authorities or regulators where required by law

We do not sell your personal data.

8. International transfers

Some of our service providers (such as Squarespace, Stripe, and Google) may process data outside the UK. Where this happens, they use appropriate safeguards for international data transfers as required by data protection law (for example, contractual safeguards).

9. How long we keep your data

We keep personal data only as long as necessary for the purposes set out in this policy, including legal, tax, and accounting requirements.

Typical retention periods may include:

  • Order and transaction records: up to 6 years (to meet UK tax/accounting requirements)

  • Customer enquiries: typically 12–24 months unless longer retention is needed

  • Analytics data: according to our analytics settings and provider retention controls

If we no longer need your data, we will securely delete or anonymise it.

(ICO guidance says you should tell people your retention periods, or the criteria used to decide them.)

10. Your data protection rights

Under UK data protection law, you may have rights including:

  • The right to be informed

  • The right of access

  • The right to rectification

  • The right to erasure

  • The right to restrict processing

  • The right to object

  • The right to data portability

  • Rights related to automated decision-making (where applicable)

To exercise any of your rights, please contact us at team@leithalhits.co.uk.

11. Complaints

If you are unhappy with how we use your personal data, please contact us first and we will try to resolve your concern.

You also have the right to complain to the Information Commissioner’s Office (ICO) in the UK. ICO guidance explains that privacy notices should tell people how they can complain.

12. Security

We take reasonable steps to protect your personal data. Our website and checkout are provided through reputable providers that use security measures such as SSL and PCI-compliant payment infrastructure for online payments.

13. Changes to this policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with a revised “Last updated” date.