Privacy policy

Last Updated: 10 December 2025

This Privacy Policy ("Policy") is hereby issued by the principals of memejob Merch Store ("memejob," "we," "us," or "our"). This document delineates the obligatory procedures and parameters concerning the capture, deployment, custody, dissemination, and broader handling of Personal Information arising from your engagement with our retail presence, transactional conduct, or use of platform-related functionalities (collectively, the "Services").

The Store is powered by Shopify, which hosts and operates core components of our e-commerce infrastructure.

Consequently, Shopify administers certain core e-commerce infrastructure components and processes a defined scope of Personal Information, acting in its capacity as an independent data controller for specific activities.

By accessing, using, or otherwise engaging with the Services, you hereby acknowledge that you have read, understood, and agree to be bound by the terms and conditions set forth in this Privacy Policy and any related protocols governing the operation of the Services. Your continued use of the Services shall constitute your ongoing consent to the collection, use, processing, and disclosure of Personal Information as described herein.

I . Definitions

For precise interpretation within this document:

  • “Personal Information” signifies any data element that serves, directly or indirectly, to identify, describe, or be reasonably associated with a specific individual.
  • “Services” denotes the entire ecosystem of the memejob Merch Store website, encompassing its design, underlying function, and all related commercial outputs.
  • “Processing” is defined as any sequence of operations performed on Personal Information, including activities such as acquisition, archival, deployment, disclosure, or permanent deletion.

memejob retains the designation of data controller for all Personal Information directly solicited from you, particularly where EU/UK data protection mandates apply.

II . Inventory of Collected Personal Information

The following categories of Personal Information are subject to capture, contingent upon your interaction with the Services and prevailing regulatory law:

  • 2.1 Contact and Identification Data: Name, functional email address, telephone contact, and the requisite billing and shipping coordinates.
  • 2.2 Financial and Transactional Records: Specific payment instrument data, historical transaction logs, formal order identifiers, and details surrounding refunds, exchanges, and purchase confirmations.
  • 2.3 Account Metadata: User login credentials, stored preferences, personalized configuration settings, and records of saved merchandise items.
  • 2.4 Infrastructure and Technical Diagnostics: The user's assigned IP address, browser specification and version control, unique device identifiers, operating system data, network characteristics, and comprehensive diagnostic logs.
  • 2.5 Interaction Metrics (Usage Data): Data quantifying user navigation and engagement, including products viewed, items placed into the digital shopping cart, and final transactional behavior.
  • 2.6 Communication History: Formal correspondence with customer support, submitted inquiries, and all information voluntarily conveyed during direct communication with our organization.
  • 2.7 Passive Collection Methods: Information acquired through mechanisms operating without explicit manual input, such as cookies, tracking pixels, analytical scripts, and equivalent technologies.

III . Data Acquisition Vectors

Personal Information is obtained through the following recognized channels:

  • Direct Solicitation: Information provided by you during account registration, purchase execution, or direct initiation of contact.
  • Automated Capture: Data secured passively via technological instruments, including cookies, analytical suites, and your connecting hardware.
  • Shopify Data Exchange: Information received from the Shopify platform, acknowledged both as a functional service provider and an independent data controller for defined operations.
  • Affiliated Third Parties: Data secured from operational partners, including marketing distribution networks, shipping and logistics entities, or payment processing institutions.

IV . Functional Application of Personal Information

We deploy your Personal Information strictly for the following operational and commercial objectives:

  • 4.1 Operational Execution and Service Refinement: To successfully process orders, arrange for merchandise shipment, manage your account lifecycle, facilitate returns, enable product review submissions, and continuously refine the consumer experience.
  • 4.2 Promotional and Marketing Campaigns: To distribute newsletters, promotional announcements, and execute targeted advertising strategies (always permitting the applicable right to opt out).
  • 4.3 Security Posture and Integrity Preservation: Essential for user authentication, detection and mitigation of fraudulent or illegal activities, enforcement of internal policies, and preservation of the Store’s structural integrity.
  • 4.4 Customer Interface and Support: To promptly address inquiries, deliver necessary assistance, and manage the ongoing fiduciary relationship.
  • 4.5 Legal Mandate and Reporting Compliance: Necessary for adherence to applicable laws, response to judicial or regulatory summons, fulfilling reporting obligations, enforcing the terms of service, or participation in legal processes.

V . Basis in Law for Processing (Limited to EU/UK Context)

Where processing falls under the purview of GDPR or UK GDPR, our actions are grounded in the following recognized legal justifications:

  • Contractual Necessity: Processing essential for fulfilling the terms of sale or the provision of the agreed-upon Services.
  • Legitimate Business Interests: Processing requisite for genuine operational requirements, such as enhanced security, fraud deterrence, or permissible, targeted marketing.
  • Affirmative Consent: Used for specific, non-essential operations, typically certain cookie implementations or non-service marketing communications.
  • Compliance with Legal Duty: Processing strictly required to satisfy a regulatory or statutory obligation.

VI . Release and Disclosure Protocol

We may release Personal Information to the following external parties as necessary for commercial and operational execution:

  • 6.1 Shopify Platform Integration: Disclosure necessary for hosting, platform analytics, and payment gateway functionality. Users must acknowledge Shopify's status as an independent controller in certain areas.
  • 6.2 Third-Party Service Providers: Includes providers of logistics/shipping, cloud infrastructure, specialized IT support, and dedicated marketing technology.
  • 6.3 Strategic and Marketing Affiliates: Entities collaborating on audience measurement and targeted advertising initiatives, subject to established user opt-out rights.
  • 6.4 Internal Corporate Entities: Sharing within our organizational structure solely for necessary administrative oversight.
  • 6.5 Official and Regulatory Agencies: Disclosure mandated by law, for the assertion of our rights, or for the protection of the public interest.
  • 6.6 Corporate Succession Events: Information transfer necessitated by mergers, acquisitions, asset transfers, or insolvency proceedings.

VII . Data Transfer Across Jurisdictions

Personal Information may be transmitted to locations outside the user's country of residence, including domains that may not offer the same level of data protection. Where legally binding, such transfers are legitimized through recognized protocols, including:

  • Implementation of EU Standard Contractual Clauses (SCCs).
  • Adherence to the UK International Data Transfer Addendum or other nationally sanctioned frameworks.
  • Reliance on formal adequacy determinations made by competent regulatory bodies.

VIII . User Data Rights and Options

Subject to the user's geographic jurisdiction, individuals possess rights over their Personal Information, which may include the Right of Access, the Right of Deletion (Erasure), the Right of Rectification, the Right to Data Portability, and the Right to Object to Specific Processing (e.g., targeted advertising). Identity verification is requisite for processing any formal request.

Crucially, any request relating to data processed under the sole control of Shopify must be submitted via the Shopify Privacy Portal.

Protocol Authority and Contact: For formal inquiries regarding this Protocol or the exercise of statutory data rights, all communications must be directed as follows:

Email: contact@headstarter.org