Privacy Policy – Savy Prime Club

Savy Prime Club ("we", "us", or "our") is committed to protecting your personal data. This Privacy Policy explains what information we collect when you visit savyprimeclub.com or use our membership service, how we use it, and the rights you have under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Please read this policy carefully. By using our website or becoming a member, you acknowledge you have read and understood how we handle your personal data.

Who We Are

Savy Prime Club is a UK-based membership service that curates exclusive Amazon deals and discounts for our members.

For the purposes of UK data protection law, we are the Data Controller responsible for your personal information.

Data Controller: Savy Prime Club
Website: savyprimeclub.com
Contact: privacy@savyprimeclub.com

Data We Collect

We collect and process the following categories of personal data:

Information You Provide Directly

Identity data — first name, last name, username or similar identifier
Contact data — email address, postal address (where provided)
Account data — membership status, preferences, and settings
Communications — messages you send us via email or contact forms

Payment Information

When you purchase a membership, payment card details are collected and processed directly by our payment processor, Stripe. We do not store your full card details on our servers. We retain a record of your transaction (amount, date, subscription status) for billing and fraud prevention purposes.

Automatically Collected Data

Technical data — IP address, browser type and version, device type, operating system
Usage data — pages visited, time spent on site, clicks, referring URLs, and session data
Cookie data — see the Cookies section below

How We Use Your Data

Purpose	Data Used	Legal Basis
Create and manage your account & membership	Identity, contact, account data	Contract performance
Process membership payments and billing	Payment & identity data	Contract performance
Send you deal alerts and membership updates	Contact, account data	Contract performance / Consent
Send marketing emails about offers and promotions	Contact, preference data	Consent
Analyse website performance and user behaviour	Usage, technical, cookie data	Legitimate interests
Prevent fraud and ensure platform security	Identity, technical, payment data	Legitimate interests
Comply with legal and regulatory obligations	Any relevant data	Legal obligation
Respond to customer enquiries and support requests	Identity, contact, communications	Contract performance / Legitimate interests

Legal Basis for Processing

Under the UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following bases:

Contract performance — processing necessary to deliver your membership and services you have signed up to.
Legitimate interests — where we have a business interest in improving our service or protecting our platform, provided that interest is not overridden by your rights.
Consent — where you have explicitly opted in, such as for marketing emails. You may withdraw consent at any time.
Legal obligation — where we are required to process data to comply with UK law.

Third-Party Services

We work with a small number of trusted third-party providers. Each acts as a data processor on our behalf and is contractually required to keep your data secure and use it only for the purposes we specify.

💳 Stripe (Payments)

All membership payments are processed by Stripe, Inc. Stripe collects payment card data and is certified to PCI-DSS Level 1 standards. We receive confirmation of payment but never your raw card details. You can review Stripe's privacy policy at stripe.com/gb/privacy.

📊 Google Analytics

We use Google Analytics to understand how visitors interact with our website. Google Analytics uses cookies to collect anonymised usage data (pages visited, session duration, device type). We have enabled IP anonymisation. Data is processed under a Data Processing Agreement with Google. You can opt out using the Google Analytics Opt-out Browser Add-on.

📧 Mailchimp (Email Marketing)

We use Mailchimp (operated by Intuit Inc.) to manage our mailing list and send marketing communications. Your name and email address are transferred to Mailchimp's servers when you subscribe. You may unsubscribe at any time via the link in any email we send, or by contacting us directly. Mailchimp's privacy policy is available at mailchimp.com/legal/privacy.

Amazon Affiliate Disclosure: Links to Amazon products on our site may be affiliate links. Clicking these links and making a purchase may earn Savy Prime Club a small commission at no extra cost to you. We do not share your personal data with Amazon as a result of affiliate activity.

We do not sell, rent, or trade your personal data to any third party for their own marketing purposes.

Cookies & Tracking

We use cookies and similar tracking technologies to operate and improve our website. A cookie is a small text file placed on your device.

Category	Purpose	Examples
Strictly Necessary	Essential for the site to function (login sessions, security)	Session cookie, CSRF token
Analytics	Help us understand site usage (requires consent)	Google Analytics (_ga, _gid)
Marketing	Track effectiveness of email campaigns (requires consent)	Mailchimp tracking pixel

You can manage or withdraw your cookie consent at any time through our cookie banner or your browser settings. Note that disabling certain cookies may affect site functionality.

Data Retention

We retain your personal data only for as long as necessary for the purposes set out in this policy, or as required by law.

Account data — retained for the duration of your membership and for up to 2 years after cancellation (to assist with any disputes or re-subscriptions).
Payment records — retained for 7 years in line with HMRC tax record requirements.
Marketing data — retained until you unsubscribe or withdraw consent.
Analytics data — aggregated and anonymised data may be retained indefinitely; identifiable session data is retained for up to 26 months (Google Analytics default).
Support communications — retained for up to 2 years from the date of resolution.

When data is no longer needed, we securely delete or anonymise it.

Your Rights

Under the UK GDPR, you have the following rights regarding your personal data. You can exercise any of these rights free of charge by contacting us at privacy@savyprimeclub.com. We will respond within one calendar month.

👁️

Right of Access

Request a copy of the personal data we hold about you (Subject Access Request).

✏️

Right to Rectification

Ask us to correct inaccurate or incomplete data we hold about you.

🗑️

Right to Erasure

Request deletion of your personal data where there is no compelling reason for us to continue processing it.

⏸️

Right to Restriction

Ask us to pause processing your data in certain circumstances.

📦

Right to Portability

Receive your data in a structured, machine-readable format to transfer elsewhere.

🚫

Right to Object

Object to processing based on legitimate interests or for direct marketing purposes.

↩️

Withdraw Consent

Withdraw consent at any time where processing is based on consent (e.g. marketing emails).

🤖

Automated Decisions

Not to be subject to decisions based solely on automated processing that significantly affect you.

International Transfers

Some of our third-party service providers are based outside the UK. When your data is transferred internationally, we ensure appropriate safeguards are in place:

Stripe — operates in the US and EEA under the UK-US Data Bridge and Standard Contractual Clauses.
Google Analytics — data may be processed in the US under Google's Data Processing Agreement incorporating Standard Contractual Clauses.
Mailchimp (Intuit) — operates in the US under Standard Contractual Clauses approved by the UK ICO.

You can request more information about these transfer mechanisms by contacting us at privacy@savyprimeclub.com.

Security

We take the security of your data seriously and implement appropriate technical and organisational measures to protect it from unauthorised access, loss, or disclosure. These include:

HTTPS encryption across the entire website (TLS)
Secure, access-controlled server environments
Payment data handled exclusively by PCI-DSS compliant Stripe
Regular review of our data access controls and security practices

However, no method of transmission over the internet is 100% secure. If you believe your data has been compromised, please contact us immediately at privacy@savyprimeclub.com.

Children's Privacy

Our service is not directed at children under the age of 13, and we do not knowingly collect personal data from anyone under this age. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make significant changes, we will notify you by email or by displaying a prominent notice on our website. The "Last updated" date at the top of this page will always reflect the most recent version.

We encourage you to review this policy periodically.

Contact & Complaints

If you have any questions about this Privacy Policy, wish to exercise your rights, or have a concern about how we handle your data, please get in touch:

Privacy enquiries & data subject requests

✉️ privacy@savyprimeclub.com

Right to Lodge a Complaint

If you are unhappy with how we have handled your data and we have been unable to resolve your concern, you have the right to lodge a complaint with the UK's supervisory authority:

Information Commissioner's Office (ICO)
🌐 ico.org.uk
📞 0303 123 1113
We would, however, appreciate the opportunity to address your concerns before you approach the ICO. Please contact us first.