PRIVACY POLICY

Last updated: June 27, 2026

This Privacy Policy explains how we collect, use, store, and protect personal data when you visit or purchase from iconic-puzzles.com (the "Website"), or interact with our services, marketing tools, SMS communications, or customer support.

This Privacy Policy applies in accordance with:

  • Regulation (EU) 2016/679 (GDPR)

  • UK GDPR (Data Protection Act 2018)

  • Applicable national privacy laws

  • Meta Business Tools Terms (including Meta Pixel / Conversions API)

By using the Website or providing your personal data, you acknowledge that you have read and understood this Privacy Policy.

1. DATA CONTROLLER

The sole Data Controller responsible for processing personal data collected through this Website is:

ALL STAR PUZZLES LTD
16 Stirling Road, Office 2C
London, England, W3 8DJ

Primary Email: info@iconic-puzzles.com

Secondary Email (urgent/legal matters): allstarpuzzles.ltd@gmail.com

ALL STAR PUZZLES LTD determines all purposes and means of data processing relating to the Website, customer management, advertising, analytics, marketing activities, and SMS communications.

2. ROLE OF IDON SRLS (NO DATA PROCESSING)

IDON SRLS is involved solely in the design and development of the physical products sold through the Website.

IDON SRLS does not access, process, store, or manage users' personal data and is not a Data Controller or Data Processor for the purposes described in this Privacy Policy.

3. TYPES OF DATA WE COLLECT

Depending on your interaction with the Website, we may collect:

a) Account and Identification Data

  • Name and surname

  • Email address

  • Phone number (if provided)

  • Shipping and billing address

b) Order, Payment & Transaction Data

  • Products purchased

  • Order details

  • Payment status

  • Delivery information

Payments are securely processed through third-party payment providers (such as Shopify Payments, Stripe, or PayPal). We do not store your complete payment card information.

c) Technical & Navigation Data

  • IP address

  • Browser and device information

  • Operating system

  • Cookies and tracking identifiers

  • Website activity and log files

d) Marketing & Communication Data

  • Email marketing preferences

  • SMS marketing preferences

  • Phone number provided for SMS marketing (where applicable)

  • Consent to receive newsletters or promotional communications

  • Social media interactions

  • Cookie preferences

  • Consent relating to advertising technologies such as Meta Pixel

e) Customer Support Data

  • Emails

  • Messages

  • Customer support requests

  • Warranty claims or inquiries

4. LEGAL BASES FOR PROCESSING

We process personal data under one or more of the following legal bases:

Contract Performance (Art. 6(1)(b) GDPR)

  • Processing orders

  • Shipping products

  • Managing customer accounts

  • Providing customer support

Legal Obligations (Art. 6(1)(c) GDPR)

  • Tax obligations

  • Accounting requirements

  • Fraud prevention

  • Compliance with applicable laws

Legitimate Interests (Art. 6(1)(f) GDPR)

  • Website security

  • Fraud prevention

  • Improving our services

  • Website performance and analytics

Consent (Art. 6(1)(a) GDPR)

  • Email marketing

  • SMS marketing

  • Advertising cookies

  • Meta Pixel and similar tracking technologies

You may withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal.

5. PURPOSES OF PROCESSING

We process personal data for the following purposes:

  • Processing and fulfilling orders

  • Managing payments and invoices

  • Shipping and delivery

  • Customer support

  • Managing user accounts

  • Fraud prevention

  • Website security

  • Sending newsletters and promotional emails (with consent)

  • Sending SMS marketing communications (with consent)

  • Sending promotional offers

  • Analytics and website performance measurement

  • Advertising campaigns and remarketing (including Meta Pixel)

5A. SMS MARKETING COMMUNICATIONS

If you choose to opt in to receive SMS marketing communications from us, we may use your phone number to send:

  • Promotional offers and discounts

  • Product launches and updates

  • Exclusive promotions

  • Shopping cart reminder messages

  • Order-related notifications (where applicable)

  • Other marketing communications that you have consented to receive

SMS marketing messages are sent only where you have provided your explicit consent or where otherwise permitted by applicable law.

You may withdraw your consent at any time by replying STOP to any SMS message (where supported) or by contacting us directly using the contact details provided below.

6. COOKIES, META PIXEL & TRACKING TECHNOLOGIES

We use cookies and similar technologies to improve the functionality of our Website, analyze traffic, personalize content, and measure advertising performance.

Shopping Cart Tracking

Our Website uses cookies and similar technologies to recognize when you add products to your shopping cart, including when a shopping cart has been abandoned.

This information may be used to determine when to send shopping cart reminder messages by email or SMS, provided that you have opted in to receive such communications.

Meta Business Tools / Meta Pixel

We may use Meta Pixel and/or the Meta Conversions API to:

  • Measure advertising campaign performance

  • Create custom audiences

  • Analyze purchases and browsing behavior

  • Improve advertising relevance

Meta may receive certain Event Data as a joint controller under Article 26 GDPR solely for the purposes defined within the Meta Business Tools Terms.

Consent and Cookie Choices

Where required by applicable law (including the GDPR and UK GDPR):

  • Marketing and advertising cookies are activated only after obtaining your consent.

  • You may withdraw your consent or modify your cookie preferences at any time.

You may also manage cookies through your browser settings or through industry opt-out tools such as:

Our Website displays a Cookie Banner allowing users to manage their cookie preferences.

7. DATA SHARING WITH THIRD PARTIES

We may share personal data only where necessary with trusted third-party service providers, including:

  • Payment processors (Shopify Payments, Stripe, PayPal)

  • Shipping and logistics companies

  • Customer support providers

  • Email marketing, SMS marketing and CRM platforms (such as Klaviyo)

  • Website hosting and IT service providers

  • Advertising and analytics providers (such as Meta and Google)

These providers process personal data only on our behalf and under appropriate contractual and security obligations.

SMS Consent

Text messaging originator opt-in data and consent will not be shared with any third parties for their own marketing purposes.

This exclusion applies even where this Privacy Policy otherwise describes the sharing of personal information with service providers or business partners.

8. INTERNATIONAL DATA TRANSFERS

Where personal data is transferred outside the United Kingdom or European Economic Area, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs)

  • Adequacy Decisions

  • Additional safeguards where legally required

You may contact us for additional information regarding these safeguards.

9. DATA RETENTION

We retain personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy.

Typical retention periods include:

  • Customer account data: until account deletion or prolonged inactivity

  • Transaction and accounting records: up to 10 years

  • Marketing data: until consent is withdrawn

  • Technical logs and cookies: according to our Cookie Policy

When retention is no longer necessary, personal data is securely deleted or anonymized.

10. DATA SECURITY

We implement appropriate technical and organizational measures designed to protect personal data against:

  • Unauthorized access

  • Accidental loss

  • Unauthorized disclosure

  • Alteration or destruction

  • Cybersecurity threats

Access to personal data is restricted to authorized personnel and trusted service providers where necessary.

11. YOUR RIGHTS

Subject to applicable law, you have the right to:

  • Access your personal data

  • Correct inaccurate information

  • Request deletion of your personal data

  • Restrict processing

  • Object to processing

  • Request data portability

  • Withdraw consent at any time

  • Lodge a complaint with your local supervisory authority (including the UK ICO or the Italian Garante per la Protezione dei Dati Personali)

To exercise any of your rights, please contact us:

info@iconic-puzzles.com

or

allstarpuzzles.ltd@gmail.com

12. CHILDREN'S PRIVACY

Our Website is not intended for children under the age of 13.

We do not knowingly collect personal data from children. If we become aware that such information has been collected, we will promptly delete it.

13. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in applicable laws, our business operations, or our services.

The updated version will always be published on this page together with the revised "Last Updated" date.

Continued use of the Website after publication of the updated Privacy Policy constitutes acceptance of the revised version.

14. CONTACT INFORMATION

For any questions regarding this Privacy Policy or the processing of your personal data, please contact:

ALL STAR PUZZLES LTD

16 Stirling Road, Office 2C

London, England, W3 8DJ

Primary Email:
info@iconic-puzzles.com

Secondary Email:
allstarpuzzles.ltd@gmail.com