Privacy Policy
NerdyGubbins.co.uk
This Privacy Policy explains how NerdyGubbins.co.uk collects, uses, stores, and shares personal data. We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR). By using our website, you agree to the practices described below.
Who we are
NerdyGubbins.co.uk is operated by Nested Learning Ltd, a company registered in the United Kingdom. For all data-protection purposes, Nested Learning Ltd acts as the Data Controller.
Website: https://nerdygubbins.co.uk
Email: support@nerdygubbins.com
Personal data we collect
Comments
When visitors leave comments, we collect the information entered in the comments form, the visitor’s IP address, and browser user-agent details for spam detection and site security.
An anonymised hash of your email may be sent to the Gravatar service to determine whether you use it. See https://automattic.com/privacy/. Once approved, your profile image appears beside your comment.
Forms, enquiries, giveaways, product alerts, and affiliate-related interactions
When you complete a form on NerdyGubbins.co.uk (for example: enquiries, giveaways, fan-club sign-ups, product notifications, or voluntary affiliate-marketing opt-ins), we may collect your name, email address, phone number, location, interests, shopping preferences, and any information you choose to provide.
We use this information to deliver the service requested, such as sending updates, recommending products, or providing access to partner offers.
Where data is shared with third-party providers (for example: product partners, affiliate networks, merch suppliers, or offer-matching services), those organisations act as independent Data Controllers and must comply with UK GDPR.
Media uploads
If you upload images, avoid including embedded location data (EXIF). Other users may download and extract this information.
Technical and usage data
We collect IP addresses, device details, operating systems, browser types, time-zone settings, and patterns of site use. This supports site performance, fraud prevention, security monitoring, and service improvements.
Cookies and similar technologies
We use both essential and non-essential cookies.
Essential cookies
These are required for site stability, log-in functions, secure content delivery, and core performance. They do not require consent.
Non-essential cookies
These include analytics, performance, personalisation, advertising, and affiliate-tracking cookies. These are only activated after you have given explicit consent through our cookie-consent tool.
You can adjust or withdraw your cookie preferences at any time.
Essential cookies used
• Temporary login-check cookies to confirm whether your browser accepts cookies (deleted when the browser closes).
• Login cookies storing authenticated sessions for up to two days (or two weeks if “Remember Me” is chosen).
• Display-preference cookies stored for up to one year.
• Editor cookies tracking recently edited content (expire after one day).
Non-essential cookies (set only with consent)
• Analytics cookies to understand site usage and improve content.
• Performance cookies improving load speed and responsiveness.
• Advertising, referral, and affiliate-tracking cookies used only where consent has been given.
We do not use implied consent.
Embedded content
Our pages may include embedded content (videos, product catalogues, social media posts, images, articles). Embedded content behaves as if you have visited the external site directly. These external providers may collect data, use cookies, and monitor your interactions in ways not controlled by us. You should review their privacy policies.
Lawful bases for processing
We rely on the following lawful bases:
• Consent: for marketing emails, newsletters, giveaways, analytics cookies, affiliate-related communications, and optional user-provided data.
• Contract or pre-contract steps: when responding to orders, arranging deliveries, administering giveaways, or giving product support.
• Legitimate interests: to maintain website security, prevent abuse, detect fraud, improve services, understand site usage, and manage technical operations.
• Legal obligation: for statutory record-keeping and compliance with UK law.
Marketing communications and affiliate marketing under PECR
We may send marketing messages by email or digital channels:
• With your explicit consent; or
• Under the “soft opt-in” where you have previously purchased goods or services from us and we are offering similar items.
Affiliate marketing
Where you consent, we may send you:
• Partner offers
• Discount codes
• Promotions for products sold by approved third parties
• Notifications of limited-edition items, pre-orders, or collaborations
You may withdraw consent or unsubscribe at any time.
How we use personal data
We process personal data for:
• Responding to enquiries and providing requested services
• Delivering personalised product recommendations
• Managing giveaways, competitions, and fan-club registrations
• Sending newsletters and marketing communications where permitted
• Supporting affiliate-marketing interactions where consent is provided
• Processing orders and payments via trusted partners
• Enhancing website security, performance, and content quality
• Conducting analytics (with consent)
• Meeting legal and regulatory duties
Sharing personal data
We may share data with:
• Trusted merchandise partners, product suppliers, delivery partners, and fulfilment centres
• Affiliate-network partners where you have opted in
• Marketing, CRM, and email-automation systems
• Website-hosting and security providers
• Payment processors when making purchases
• Analytics providers (consent-dependent)
• Spam-detection and fraud-prevention services
• Regulators or law-enforcement agencies when required by law
Any organisation receiving data must comply with UK GDPR.
International transfers
If your data is transferred outside the UK, we ensure appropriate safeguards such as UK adequacy regulations, International Data Transfer Agreements (IDTAs), or standard contractual clauses.
Retention periods
• Comments: stored indefinitely for moderation, continuity, and community history.
• Account information: retained while the account remains active.
• Enquiry and form submissions: retained for up to 24 months unless engagement continues.
• Marketing and affiliate-consent data: retained until you withdraw consent or sustained inactivity occurs.
• Technical logs: retained only as long as necessary for security and system integrity.
• Payment, tax, and legal records: retained for statutory periods.
User rights under UK GDPR
Your rights include:
• Access to your data
• Correction of inaccurate or incomplete data
• Erasure (“right to be forgotten”)
• Restriction of processing
• Data portability
• Objection to processing
• Withdrawal of consent at any time
• The right to complain to the Information Commissioner’s Office (ICO)
If you have an account or have left comments, you may request an export of your personal data. You may also request deletion except where we must retain information for legal or security reasons.
Where your data is sent
• Visitor comments may be analysed by automated spam-detection services.
• Data entered into forms may be sent to trusted service providers, merch partners, delivery companies, and affiliate-marketing platforms where required to provide the service you have requested.
Security measures
We use technical and organisational safeguards including encryption, secure servers, access-control measures, malware protection, monitoring tools, and regular reviews of our security practices to reduce the risk of unauthorised access or misuse.
Changes to this policy
We may update this policy periodically to reflect changes in law or operational needs. The latest version will always be available on this page.
Contact
For any privacy-related matter:
support@nerdygubbins.com