PRIVACY POLICY

Last updated: April 26, 2026

Effective date: April 26, 2026

Version: 2.0

This Privacy Policy explains how Rendah Mag ("we", "us", "our") collects, uses, stores, shares, and protects personal data when you use https://www.rendahmag.com/ and any related websites, accounts, memberships, checkout flows, newsletters, events, content, community features, and services (together, the "Services").

This Policy is intended to satisfy transparency requirements under the UK GDPR, Data Protection Act 2018, Privacy and Electronic Communications Regulations, and, where applicable, equivalent laws in other jurisdictions. It does not override rights you have under applicable law.

Please do not send us special category data, financial account passwords, government identifiers, health information, or other sensitive information unless we specifically request it through a secure and appropriate channel. Payment card details are processed by our payment providers; we do not store full card numbers.

1. Who We Are

For UK data protection purposes, Rendah Mag is the controller of personal data processed for the Services, except where a third party independently determines how and why it processes your data.

You can contact us about privacy matters via our contact form. Please include "Privacy Request" in your message.

2. Personal Data We Collect

The personal data we collect depends on how you use the Services and may include:

  • Identity and contact data: name, email address, postal address, telephone number, username, account identifiers, and profile information.
  • Account and authentication data: login credentials, account settings, access permissions, membership status, security events, and password reset information.
  • Order, billing, and delivery data: products purchased, subscription details, payment status, billing address, shipping address, delivery updates, carrier references, refund and chargeback information, and tax or accounting records.
  • Content and community data: comments, messages, submissions, contributor materials, public profile content, testimonials, competition entries, survey responses, and other content you provide.
  • Marketing and preference data: newsletter preferences, consent records, communication preferences, engagement with emails, and opt-out requests.
  • Technical and usage data: IP address, device and browser information, approximate location derived from IP address, referral URLs, pages viewed, session activity, cookies, pixels, logs, diagnostics, performance data, and fraud-prevention signals.
  • Support and correspondence data: enquiries, complaints, legal notices, accessibility requests, and our responses.

3. Where We Get Data From

  • Directly from you when you create an account, buy something, subscribe, submit content, contact us, or use the Services.
  • Automatically from your device and browser when you access the Services.
  • From service providers and partners, such as payment processors, fulfilment providers, email platforms, analytics providers, advertising platforms, fraud-prevention tools, and social media or embedded content providers.
  • From public sources where relevant to editorial, contributor, rights-management, fraud-prevention, or legal purposes.

4. How and Why We Use Personal Data

We only process personal data where we have a lawful basis. Depending on the circumstances, we rely on contract, legitimate interests, consent, legal obligation, or, rarely, vital interests.

  • Providing the Services: to operate the website, create and secure accounts, provide memberships, deliver digital content, process orders, arrange fulfilment, provide customer support, and manage your relationship with us. Lawful basis: contract and legitimate interests.
  • Payments, refunds, and fraud prevention: to process payments, verify transactions, prevent misuse, investigate chargebacks, recover debts, and protect the Services. Lawful basis: contract, legitimate interests, and legal obligation.
  • Marketing and newsletters: to send updates, promotions, editorial communications, and event information where you have consented or where the law permits us to contact you about similar products or services. Lawful basis: consent and, in limited cases, legitimate interests.
  • Personalisation, analytics, and improvement: to understand how the Services are used, improve performance, develop content, measure campaigns, and fix errors. Lawful basis: legitimate interests or consent where required for cookies or similar technologies.
  • Content, community, and rights management: to publish or moderate submitted content, administer contributor relationships, handle permissions, investigate infringement, and enforce our policies. Lawful basis: contract, legitimate interests, consent, and legal obligation.
  • Security, abuse prevention, and legal protection: to detect security incidents, prevent spam and unauthorised access, enforce terms, respond to lawful requests, bring or defend legal claims, and protect users, the public, and our business. Lawful basis: legitimate interests, legal obligation, and vital interests where necessary.
  • Legal, tax, accounting, and compliance: to keep records, comply with consumer, tax, company, data protection, and other legal requirements, and respond to regulators. Lawful basis: legal obligation and legitimate interests.

5. Legitimate Interests

Where we rely on legitimate interests, we assess whether our interests are overridden by your rights and freedoms. Our legitimate interests include operating and improving the Services, protecting accounts and payments, preventing fraud and abuse, enforcing our legal rights, understanding audience engagement, maintaining business records, and communicating with customers about relevant services.

6. Cookies and Similar Technologies

We use cookies, pixels, local storage, logs, and similar technologies for site operation, security, analytics, advertising, embedded content, and measurement. Non-essential storage or access technologies should only be used where required transparency and consent requirements are satisfied. More detail is available in our Cookie Policy.

7. When We Share Personal Data

We do not sell your personal data. We share personal data only where reasonably necessary for the purposes described in this Policy, where you direct us to share it, or where the law permits or requires it.

  • Payment providers: to process payments, refunds, subscriptions, fraud checks, and disputes, including Stripe and PayPal where used.
  • Fulfilment and shipping providers: to manufacture, pack, ship, track, and support physical orders, including fulfilment partners, warehouses, carriers, and shipping platforms.
  • Technology providers: hosting, infrastructure, content management, analytics, diagnostics, security, email, support, and operational tools, including providers such as Sanity, Sentry, Mailchimp, Plausible, Google, Meta, and TikTok where used.
  • Professional advisers: accountants, lawyers, insurers, banks, auditors, and other advisers.
  • Authorities and legal parties: regulators, courts, law enforcement, payment networks, rights holders, or others where required by law or necessary to protect rights and safety.
  • Business transfers: prospective or actual buyers, investors, lenders, or advisers in connection with a merger, acquisition, financing, restructuring, sale of assets, or similar transaction.
  • Public areas: if you post or submit content for publication, that content and associated profile information may be visible to other users and the public.

8. International Transfers

Some service providers, partners, or infrastructure may process data outside the UK or EEA. Where required, we rely on adequacy regulations, the UK International Data Transfer Agreement, UK Addendum to EU Standard Contractual Clauses, EU Standard Contractual Clauses, Data Privacy Framework certifications where applicable, or other lawful transfer mechanisms.

9. Retention

We keep personal data only for as long as reasonably necessary for the purposes described in this Policy, including to provide the Services, comply with law, resolve disputes, enforce agreements, and protect our business.

  • Account data: while your account is active and for a reasonable period afterwards for security, disputes, backups, and legal compliance.
  • Order, payment, tax, and accounting records: generally up to 6 years after the relevant transaction or financial year, or longer if required for disputes, investigations, or legal obligations.
  • Support, complaints, and legal correspondence: generally up to 6 years where needed to evidence how a matter was handled.
  • Marketing data: until you unsubscribe or object, and then we may keep a suppression record so we do not contact you again.
  • Technical logs and security records: usually for a shorter operational period, unless needed to investigate abuse, fraud, outages, or security incidents.
  • Published content: may remain published unless removed under our policies or applicable law.

When data is no longer needed, we delete, anonymise, aggregate, or securely archive it. Backup copies may persist for a limited period before deletion.

10. Security

We use reasonable technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, and alteration. No internet service is completely secure. You are responsible for using strong credentials, keeping account details confidential, and promptly telling us about suspected unauthorised access.

11. Your Rights

Depending on your location and the processing involved, you may have rights to request access, correction, erasure, restriction, portability, objection, withdrawal of consent, and review of certain automated decisions. You also have the right to object to direct marketing at any time.

To exercise rights, use our contact form. We may need to verify your identity, clarify your request, or ask for authority where someone acts on your behalf. We may refuse or limit requests where the law allows, including where data must be retained for legal claims, compliance, security, or accounting.

You can complain to the Information Commissioner's Office at ico.org.uk. We encourage you to contact us first so we can try to resolve your concern.

12. Marketing Choices

You can unsubscribe from marketing emails using the unsubscribe link in the email or by contacting us. We may still send service, transactional, legal, security, billing, or account communications that are not marketing.

13. Children

The Services are not directed to children under 16. You must be at least 16 to create an account, use membership features, or submit personal data unless we expressly state otherwise and obtain any required consent. If you believe a child has provided personal data to us unlawfully, contact us so we can take appropriate action.

14. Automated Decision-Making

We do not intend to make solely automated decisions that produce legal or similarly significant effects about you. We may use automated tools to support fraud prevention, security, checkout risk, analytics, advertising measurement, and content personalisation, but important account, payment, or enforcement decisions may be reviewed where required by law.

15. Links, Embeds, and Third Parties

The Services may link to or embed third-party websites, media, payment flows, social platforms, audio players, videos, maps, or tools. Those third parties may process your data under their own terms and privacy policies. We are not responsible for third-party privacy practices.

16. Changes to This Policy

We may update this Policy from time to time. The latest version will be posted on this page with an updated date. If changes are material, we may provide additional notice where required or appropriate.