Privacy Policy for BDH Race Sims

1.1 Our Commitment to Your Privacy

BDH Race Sims ("the Company," "we," "us") operates this store and website. This Privacy Policy outlines the practices concerning the collection, use, and disclosure of personal information when individuals ("users," "you") visit, use our services, make a purchase, or otherwise communicate with us. The Company is committed to protecting the privacy and security of your personal information. This policy is designed to be transparent about our data practices and to help you understand your rights.

1.2 Scope of this Policy

This Privacy Policy applies to all information, content, features, tools, products, and services offered through our website, which is built using the Astro framework and hosted on Netlify (the "Services"). Our e-commerce functionality is powered by Shopify. This policy governs the entire user interaction lifecycle, from initial browsing and product discovery to transaction completion and post-purchase communications. In the event of a conflict between our Terms of Service and this Privacy Policy, this Privacy Policy shall control with respect to the collection, processing, and disclosure of your personal information. By accessing and using any of the Services, you acknowledge that you have read and understood this Privacy Policy.

1.3 Who We Are (Data Controller)

For the purpose of applicable data protection legislation, including the EU General Data Protection Regulation (GDPR), the data controller responsible for your personal information is BDH Race Sims.

Should you have any questions about our privacy practices, this Privacy Policy, or if you wish to exercise any of the rights available to you, please contact us:

• Email: info@bdhracesim.com Copied
• Mailing Address: Unit 2 Helmsely Way, Broadhelm Business Park, York, ENG, YO42 1AE, United Kingdom

2.1 Information Collected to Provide Our Services and Fulfill Your Orders

Purpose: The primary reason we collect personal information is to provide our Services, which includes processing your transactions, managing your account, arranging for product shipment, and handling customer service inquiries.

Technology/Provider: This data is primarily collected and processed through our e-commerce platform, Shopify.

Data Points Collected (Personal Information):

To facilitate the sale and delivery of our products, we collect the following categories of information:

• Contact Details: Your full name, billing address, shipping address, telephone number, and email address.
• Financial Information: Payment card details (credit or debit card numbers), financial account information, and other payment details. This information is securely transmitted to and handled by our payment processors integrated within the Shopify ecosystem. We do not store full payment card numbers on our own servers.
• Account Information: If you create an account, we collect your chosen username, password, and any security questions or preferences you configure.
• Transaction Information: Details of the products you view, add to your cart, or purchase, as well as your order history, including returns, exchanges, or cancellations.
• Communications: We keep records of your communications with us, such as customer support inquiries submitted via email or contact forms.

Legal Basis: Performance of a Contract. The processing of this information is necessary for us to fulfill our contractual obligations to you. This includes all activities from the point of sale to the delivery of the product and any subsequent customer support related to that transaction.

2.2 Information Collected to Personalize Your Experience

Purpose: To enhance your shopping experience on our website, we provide localized content, specifically by displaying product prices in your local currency.

Technology/Provider: This functionality is enabled by Netlify Edge Functions, a feature of our website hosting provider.

Data Points Collected (Geolocation Data):

When you access our website, our hosting provider, Netlify, processes your IP address at the network edge—the server geographically closest to your location. This allows for the real-time determination of your approximate geographic location. The geolocation data made available to us through this process includes your Country (name and ISO 3166 code), City, Timezone, and Postal Code.

How it is Used: This geolocation data is used transiently and for the sole purpose of determining the appropriate currency to display on the website during your visit. This is an automated process that occurs "at the edge," meaning the decision is made and the content is localized before the full webpage is delivered to your browser. We do not store this granular, city-level geolocation data in association with your user account or for any other purpose. This architectural choice significantly enhances privacy, as it avoids creating a historical database of our visitors' specific locations.

Legal Basis: Legitimate Interest. We have a legitimate interest in improving our Services and providing a more intuitive user experience by making our pricing clear and relevant to your geographic location. We have performed a balancing test and determined that this interest, given the transient and limited nature of the data processing, is not overridden by your fundamental rights and freedoms.

2.3 Information Collected to Understand and Improve Our Services (Analytics)

Purpose: We gather aggregated and anonymized insights into our website traffic and user behavior. This allows us to improve our Services, understand which products are most popular, optimize website performance, and enhance overall user engagement.

Technology/Provider: We use a self-hosted instance of Umami Analytics for this purpose.

Data Points Collected (Anonymized & Aggregated Data):

Our analytics tool collects high-level metrics about your visit, including:

• The pages you view on our site.
• The referring website or source that led you to us.
• The duration of your session.
• General technical information such as your browser type (e.g., Chrome, Firefox), operating system (e.g., Windows, macOS), device type (e.g., desktop, mobile), and country of origin.
• We may also track custom events, such as clicks on specific buttons, to understand how users interact with website features.

Our Privacy-First Approach to Analytics:

We have made specific technical choices to protect your privacy:

• No Cookies: Our implementation of Umami is entirely cookie-less. It does not place any files on your device to track you, and therefore, no cookie consent banner is required for our analytics activities.
• Data Ownership and Control: We self-host our Umami analytics platform. This means that all analytics data is collected and stored on servers under our direct control. This data is never shared with or sold to any third-party analytics company, such as Google.

Legal Basis: Legitimate Interest. We have a legitimate interest in analyzing the performance of our website to improve our business operations and service offerings. While Umami's marketing materials often refer to its data as fully "anonymized," a more precise technical description is "pseudonymized" under GDPR. To distinguish between unique visits within a 24-hour period, Umami generates a temporary, unique identifier for your session by creating a cryptographic hash from a combination of your IP address, browser user agent, and website ID. Your raw IP address is never stored in our database. This hashed identifier allows us to count unique visitors without being able to personally identify you, and it is not used to track you across different websites. Given these robust privacy-preserving measures, we have concluded that our legitimate interest is not overridden by your data protection rights.

2.4 Information Collected for Marketing and Growth

Purpose: To promote our products and grow our business, we operate an affiliate marketing program that rewards partners for referring customers to our store.

Technology/Provider: Our affiliate program is managed using the GOAFFPRO application, which integrates with Shopify.

How it Works: The program tracks referrals through two primary methods:

1. Referral Links: When you click on a unique link provided by one of our affiliate partners, a tracking cookie is placed on your browser. This cookie's purpose is to attribute any subsequent purchase to that affiliate.
2. Coupon Codes: If you use a specific discount code associated with an affiliate at checkout, the resulting sale is automatically attributed to them.

Data Points Collected (Affiliate Tracking Data):

When you interact with our affiliate program, certain information is collected to ensure accurate tracking and commission payouts:

• If you arrive via a referral link, GOAFFPRO collects "Automatic Information," which includes your IP address, browser type, the URL clickstream (the path you took to our site), and other device and usage information necessary for fraud prevention and referral validation.
• If you complete a purchase after a referral, we and GOAFFPRO collect transaction details, such as the order number and purchase amount, to calculate the affiliate's commission. This information is shared with GOAFFPRO to facilitate the program's operation.
• This process involves a multi-party data flow. Your click data is captured by GOAFFPRO's system. We, the merchant, can view this performance data in our administrative dashboard. The referring affiliate partner is also provided with access to aggregated and anonymized performance data (e.g., total clicks, conversions, and commissions earned) in their own dashboard to monitor their success. As per our agreement with GOAFFPRO, we are responsible for disclosing this data collection and sharing practice.

Legal Basis: We rely on two legal bases for this processing. For the placement of non-essential tracking cookies on your device, we rely on your Consent. For the subsequent processing of transaction data to operate our affiliate program and fulfill our payment obligations to our partners, we rely on our Legitimate Interest.

3.1 What Are Cookies?

Cookies are small text files that are placed on your computer or mobile device when you visit a website. They are widely used to make websites work, or work more efficiently, as well as to provide information to the owners of the site.

3.2 How We Use Cookies

We use cookies for two primary purposes: to ensure the essential functionality of our website and to operate our affiliate marketing program. It is important to note that our primary website analytics tool, Umami, is cookie-less and does not contribute to the cookies listed below.

3.3 Your Choices

You have the right to accept or reject cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. For more information about how to manage and disable cookies, you can visit http://www.allaboutcookies.org. Please be aware that if you choose to disable strictly necessary cookies provided by Shopify, you may not be able to use all the features of our store, such as adding items to your cart or completing a purchase.

4.1 With Core Service Providers (Our "Data Processors")

• Shopify: Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you. Your data, including contact, transaction, and account information, is stored through Shopify's data storage, databases, and the general Shopify application on a secure server behind a firewall.
• Netlify: We use Netlify, Inc. to host our website and deploy its content globally through its content delivery network. As described in Section 2.2, we utilize Netlify's Edge Functions to process your IP address for geolocation purposes to enhance your browsing experience.
• GOAFFPRO: We use the GOAFFPRO service to manage our affiliate marketing program. We share necessary transaction information with GOAFFPRO to accurately track referrals, attribute sales to the correct partners, and automate commission payouts.

4.2 With Our Affiliate Partners

If you are referred to our store by an affiliate partner and complete a purchase, we will confirm the successful transaction with that partner so they may receive their commission. This confirmation includes non-identifying transaction details such as the order date and purchase total. It does not include your personal contact details, financial information, or the specific items you purchased.

4.3 For Legal Compliance and Business Protection

We may disclose your personal information in certain limited circumstances, including:

• To comply with applicable laws or respond to valid legal processes, such as a subpoena, search warrant, or court order.
• To enforce our applicable terms of service or policies.
• To protect or defend the Services, our rights, and the rights and safety of our users or others.
• In connection with a business transaction, such as a merger, sale of company assets, or acquisition of all or a portion of our business by another company.

5.1 Our Security Measures

We are committed to protecting your information. We implement and maintain reasonable technical and organizational security measures designed to protect your personal information from accidental loss and from unauthorized access, use, alteration, or disclosure. For example, all data transmitted to and from our website is encrypted using Secure Socket Layer (SSL) technology. We also partner with service providers like Shopify who adhere to stringent industry security standards.

However, please be aware that no security measures are perfect or impenetrable. Any information you send to us may not be secure while in transit. We recommend that you do not use unsecure channels to communicate sensitive information to us. If you create an account on our site, you are responsible for keeping your account credentials safe and confidential.

5.2 Data Retention

We retain your personal information only for as long as is necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. The retention period depends on the type of information and the purpose of its collection.

• Account Information: We retain your account information for as long as your account remains active with us.
• Transaction Records: We retain records of your purchases for a longer period to comply with our legal obligations related to tax and accounting.
• Analytics Data (Umami): As this data is pseudonymized and aggregated, it may be retained for longer periods to allow for historical trend analysis.
• Affiliate Tracking Cookies (GOAFFPRO): These cookies have a defined lifespan (e.g., 30-90 days), after which they expire automatically, as specified in the cookie table.

6.1 Your Rights

• Right to Access / Know: You may have the right to request access to the personal information we hold about you and receive a copy of it.
• Right to Rectify (Correct): You may have the right to request that we correct any inaccurate personal information we maintain about you.
• Right to Erase (Delete): You may have the right to request that we delete the personal information we maintain about you.
• Right of Portability: You may have the right to receive a copy of your personal information in a structured, commonly used, and machine-readable format and to request that we transfer it to another third party.
• Right to Object to Processing: Where we process your information based on our legitimate interests, you may have the right to object to this processing.
• Right to Withdraw Consent: Where we rely on your consent as the legal basis for processing (e.g., for affiliate tracking cookies), you have the right to withdraw this consent at any time.
• Right to Opt-Out of Sale or Sharing for Targeted Advertising: As defined in applicable privacy laws like the California Consumer Privacy Act (CCPA), you may have the right to opt out of the "sale" or "sharing" of your personal information for targeted advertising purposes.

6.2 How to Exercise Your Rights

To exercise any of these rights, please contact us using the contact details provided in Section 1.3 of this policy. We may need to verify your identity before we can process your request, as permitted or required by law. You may also designate an authorized agent to make requests on your behalf, in which case we will require proof of their authorization.

6.3 Complaints

If you have complaints about how we process your personal information, please contact us first so we can address your concerns. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.

7.1 Global Operations

Our business operations are global, and we utilize service providers (such as Shopify, Netlify, and GOAFFPRO) who are based in various countries. Consequently, your personal information may be transferred to, stored in, and processed in countries outside of the one in which you reside, including the United States, where data protection laws may differ from those in your jurisdiction.

7.2 Safeguards for Transfers

When we transfer your personal information out of regions with specific data protection regulations, such as the EEA or the UK, we ensure that an adequate level of protection is provided. We rely on recognized legal mechanisms to facilitate these transfers. Our partners, including Netlify, utilize frameworks such as the EU-U.S. Data Privacy Framework (DPF) and its UK Extension. For other transfers, we may rely on the European Commission's Standard Contractual Clauses (SCCs) or any equivalent contracts issued by the relevant UK authority to ensure your information is protected.