How we collect, use, and protect your personal information.
Last Updated: 15/05/2026
This Privacy Policy explains how The Trading Post Multiverse Limited ("we", "us", "our"), a company registered in Ireland (CRO Number: 751986), with its registered address at 103 High Street, Prior's-Land, Limerick City, Co. Limerick, Ireland, collects, uses, stores, and protects your personal data when you visit our Website (www.ttpmultiverse.com), make a purchase, or interact with us in-store or online.
We are the data controller for the purposes of the General Data Protection Regulation (GDPR) (EU) 2016/679 and the Data Protection Act 2018.
If you have any questions, concerns, or requests regarding your personal data or this Privacy Policy, please contact us:
Email: thetradingpostttp@gmail.com
Address: 103 High Street, Prior's-Land, Limerick City, Co. Limerick, Ireland
3.1 Information You Provide Directly When you place an order, create an account, contact us, or interact with our services, we may collect:
• Full name
• Email address
• Phone number
• Billing and shipping address
• Payment information (processed securely by our third-party payment provider; we do not store full card details)
• Order history and transaction records
• Any additional information you provide in correspondence with us
3.2 Information Collected Automatically
When you visit our Website, we may automatically collect:
• IP address
• Browser type and version
• Device type and operating system
• Pages visited, time spent, and navigation patterns
• Referring website or source
• Cookie data (see our Cookie Policy for details)
3.3 In-Store Data If you make a purchase in our physical store, our Epos Now point-of-sale system may collect transaction data including items purchased, payment method, and date/time of transaction.
How We Use Your Data
We use your personal data for the following purposes:
• Order fulfilment: Processing and delivering your orders, issuing invoices and order confirmations.
• Payment processing: Facilitating secure payments through our third-party payment provider.
• Customer support: Responding to your enquiries, complaints, and requests.
• Fraud prevention: Detecting and preventing fraudulent transactions and abuse.
• Legal compliance: Meeting our obligations under Irish and EU law, including tax and accounting requirements.
• Website improvement: Analysing usage patterns to improve our Website, products, and services.
• Marketing communications: Sending promotional emails and offers, but only where you have opted in or where we have a legitimate interest to do so. You can unsubscribe at any time.
Legal Basis For Processing (GDPR)
Under the GDPR, we process your personal data on the following legal bases:
• Performance of a contract: Processing necessary to fulfil your order and deliver Goods to you (Article 6(1)(b)).
• Legal obligation: Processing required to comply with tax, accounting, and other legal requirements (Article 6(1)(c)).
• Legitimate interests: Processing necessary for fraud prevention, website analytics, and business improvement, where these interests do not override your fundamental rights (Article 6(1)(f)).
• Consent: Where you have opted in to receive marketing communications (Article 6(1)(a)). You may withdraw consent at any time.
Who We Share Your Data With
We may share your personal data with the following categories of third parties, solely for the purposes described in this policy:
• Payment processors: Shopify Payments / Stripe / PayPal for processing transactions securely. • Shipping providers: An Post for delivering your orders.
• Website hosting: Framer for hosting our Website.
• Point-of-sale system: Epos Now for processing in-store transactions.
• Analytics providers: Google Analytics, Framer Analytics, Shopify Analytics for understanding Website usage.
• Email marketing: Shopify Email for sending marketing communications where you have opted in.
• Legal and regulatory authorities: Where required by law, court order, or regulatory obligation.
We do not sell, rent, or trade your personal data to any third party for their own marketing purposes.
International Data Transfers
Some of our third-party service providers (e.g. Shopify, payment processors) may store or process your data outside the European Economic Area (EEA). Where this occurs, we ensure that appropriate safeguards are in place, including:
• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions by the European Commission for the receiving country
• Other legally recognised transfer mechanisms under the GDPR
Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:
• Order and transaction data: Retained for 6 years to comply with Irish tax and accounting obligations under the Taxes Consolidation Act 1997.
• Customer account data: Retained for as long as your account is active, plus a reasonable period thereafter.
• Marketing data: Retained until you unsubscribe or request deletion.
• Website analytics data: Retained in accordance with our analytics provider's retention settings.
When data is no longer required, it will be securely deleted or anonymised.
Your Rights Under GDPR
Under the GDPR, you have the following rights in relation to your personal data:
• Right of access: Request a copy of the personal data we hold about you.
• Right to rectification: Request correction of inaccurate or incomplete data.
• Right to erasure: Request deletion of your data (subject to legal obligations).
• Right to restrict processing: Request that we limit how we use your data.
• Right to data portability: Request your data in a structured, commonly used format.
• Right to object: Object to processing based on legitimate interests or for direct marketing.
• Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, please email us at thetradingpostttp@gmail.com. We will respond within one month, as required by the GDPR.
If you are not satisfied with our response, you have the right to lodge a complaint with the Data Protection Commission (DPC) of Ireland:
Data Protection Commission
6 Pembroke Row, Dublin 2, D02 X963, Ireland
Website: www.dataprotection.ie
Children's Data
Our Website and online store are not directed at individuals under 18 years of age. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided personal data to us, please contact us and we will take steps to delete it.
Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encrypted payment processing, secure hosting, and access controls.
However, no method of transmission over the internet or electronic storage is completely secure. While we strive to protect your data, we cannot guarantee its absolute security.
Changes to This Policy