Privacy Policy

Effective Date: 10 September 2025
Last Updated: 10 September 2025

We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services, in compliance with applicable data protection laws, including:

• UK Data Protection Act 2018 and UK GDPR
• EU General Data Protection Regulation (GDPR)
• Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA)
• United States privacy laws, including the California Consumer Privacy Act (CCPA/CPRA)

By accessing or using our website, you agree to the practices described in this Privacy Policy.

1. Information We Collect

We may collect the following categories of information:

Personal Information

• Name, email address, phone number
• Billing and shipping addresses
• Date of birth (where required)
• Government-issued identification (where required for verification)

Account Information

• Username and password
• Account preferences and settings
• Profile information (if you create an account)

Payment Information

• Payments are securely processed through our third-party payment processors
• We do not store full credit card or banking details on our servers
• Our payment processors’ privacy policies apply to all payment transactions

Technical Data

• IP address and geolocation data
• Browser type and version
• Device identifiers and operating system
• Cookies and similar tracking technologies
• Website usage data and analytics
• Referral sources and search terms

Communication Data

• Customer service inquiries and responses
• Email communications and correspondence
• Feedback, reviews, and testimonials
• Survey responses and market research data

Behavioral Data

• Website browsing patterns and preferences
• Product views and interactions
• Purchase history and transaction data
• Marketing campaign engagement

2. How We Use Your Information

We process personal data only for lawful purposes, including:

Service Provision

• To provide and maintain our website and services
• To process orders, transactions, and payments
• To deliver products and services you have requested
• To manage your account and customer relationship

Communication

• To respond to your inquiries and provide customer support
• To send transactional emails and service notifications
• To provide technical support and troubleshooting
• To communicate important updates or changes to our services

Business Operations

• To improve our website, products, and services
• To analyze usage patterns and optimize user experience
• To conduct market research and analytics
• To prevent fraud and ensure security

Legal Compliance

• To comply with applicable laws and regulations
• To respond to legal requests and court orders
• To protect our rights and interests
• To enforce our terms of service

Marketing (with consent where required)

• To send promotional emails and newsletters
• To provide personalized recommendations
• To conduct targeted advertising campaigns
• To inform you about new products and services

3. Legal Basis for Processing (UK/EU)

Under GDPR/UK GDPR, we rely on the following legal bases:

• Consent – for marketing communications, cookies, and optional features
• Contract – to process transactions and provide requested services
• Legal Obligation – for tax, accounting, and regulatory compliance
• Legitimate Interests – for fraud prevention, security, analytics, and business operations
• Vital Interests – to protect health and safety where applicable

4. Sharing & Disclosure of Information

We do not sell your personal data to third parties. We may share information with:

Service Providers

• Web hosting and cloud storage providers
• Payment processors and financial institutions
• Shipping and logistics companies
• Email and communication service providers
• Analytics and marketing platforms
• Customer support and CRM systems

Business Partners

• Joint venture partners (with your consent)
• Affiliate marketing partners
• Technology integration partners
• Professional advisors (legal, accounting, consulting)

Legal Requirements

• Government authorities and regulators when required by law
• Law enforcement agencies for investigation purposes
• Courts and legal proceedings
• Emergency services when necessary to protect safety

Business Transfers

• In case of merger, acquisition, or sale of assets
• During corporate restructuring or bankruptcy proceedings
• To potential buyers or investors (with appropriate safeguards)

5. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence. When we transfer data internationally, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by relevant authorities
• Adequacy decisions by the European Commission or UK government
• Binding Corporate Rules for intra-group transfers
• Certification schemes and codes of conduct
• Your explicit consent where required

6. Data Retention

We retain your information only as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Retention periods vary based on:

• Account data: Until account deletion plus 30 days
• Transaction records: 7 years for tax and accounting purposes
• Marketing data: Until you withdraw consent or 3 years of inactivity
• Technical logs: 12 months for security and analytics
• Legal compliance: As required by applicable laws

7. Your Privacy Rights

Depending on your location, you may have the following rights:

UK/EU Rights (GDPR)

• Access: Request copies of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data (right to be forgotten)
• Restriction: Limit how we process your data
• Portability: Receive your data in a portable format
• Objection: Object to processing based on legitimate interests
• Automated decision-making: Opt out of automated profiling

Canadian Rights (PIPEDA)

• Access: Request access to your personal information
• Correction: Request correction of inaccurate information
• Complaint: File complaints with privacy commissioners

California Rights (CCPA/CPRA)

• Right to Know: What personal information we collect and how it’s used
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt out of sale or sharing of personal information
• Right to Correct: Request correction of inaccurate information
• Right to Non-Discrimination: Equal service regardless of exercising rights

To exercise your rights, contact us at [Insert Contact Email] or use our online privacy request form.

8. Cookies & Tracking Technologies

We use cookies and similar technologies to:

• Essential cookies: Enable basic website functionality
• Performance cookies: Analyze website usage and performance
• Functional cookies: Remember your preferences and settings
• Targeting cookies: Deliver personalized advertising

Cookie Management

You can manage cookie preferences through:

• Your browser settings
• Our cookie preference center
• Third-party opt-out tools
• Industry opt-out programs

For more information, see our detailed Cookie Policy.

9. Data Security

We implement industry-standard security measures to protect your personal data:

Technical Safeguards

• SSL/TLS encryption for data transmission
• AES-256 encryption for data storage
• Multi-factor authentication systems
• Regular security audits and penetration testing
• Secure coding practices and vulnerability management

Administrative Safeguards

• Employee training on data protection
• Access controls and need-to-know principles
• Background checks for personnel
• Incident response and breach notification procedures
• Regular security policy updates

Physical Safeguards

• Secure data centers with controlled access
• Environmental controls and monitoring
• Equipment disposal and destruction protocols
• Backup and disaster recovery systems

10. Children’s Privacy

Our website and services are not directed to children under 13 (or under 16 in the EU/UK). We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete such information promptly.

If you believe we have collected information from a child, please contact us immediately.

11. Third-Party Links and Services

Our website may contain links to third-party websites, applications, or services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies before providing any personal information.

Social Media Integration

If you connect your account to social media platforms, those platforms’ privacy policies will apply to the information shared through their services.

12. California “Do Not Sell or Share” Rights

California residents have the right to opt out of the sale or sharing of their personal information. We do not sell personal information in the traditional sense, but some data sharing activities may be considered “sales” under California law.

[Do Not Sell or Share My Personal Information] 

You can also email us at legal@oxboxing.com to submit your opt-out request.

13. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will:

• Post the updated policy on our website
• Update the “Last Updated” date
• Notify you of material changes via email or website notice
• Obtain your consent for material changes where required by law

We encourage you to review this Privacy Policy periodically.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

OXBOXING
Privacy Officer/Data Protection Officer

Email: legal@oxboxing.com

For complaints or concerns, you may also contact the relevant data protection authority:

• UK: Information Commissioner’s Office (ICO)
• EU: Your local data protection authority
• Canada: Office of the Privacy Commissioner
• California: California Attorney General’s Office

15. Definitions

Personal Data/Information: Any information relating to an identified or identifiable natural person.

Processing: Any operation performed on personal data, including collection, use, storage, and deletion.

Controller: The entity that determines the purposes and means of processing personal data.

Processor: An entity that processes personal data on behalf of the controller.

Data Subject: The individual to whom personal data relates.

This Privacy Policy is effective as of the date stated above and will remain in effect except with respect to any changes in its provisions in the future, which will be in effect immediately after being posted on this page.