Privacy Policy – CoreState Collective

Last updated: 4th May 2026

1. Introduction

CoreState Collective (“we”, “us”, “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share your information when you visit or make a purchase from corestatecollective.com (the “website”) or otherwise interact with us.

By using our website or services, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our website.

2. Who we are

CoreState Collective is a UK-based business operating via Shopify.

If you have any questions about this Privacy Policy or your data, you can contact us at:

Email: support@corestatecollective.com
Business name: CoreState Collective
Website: corestatecollective.com

3. Information we collect

We collect personal data in several ways:

3.1 Information you provide directly

When you interact with us, we may collect:

  • Full name
  • Email address
  • Phone number
  • Billing and shipping address
  • Payment details (processed securely via third-party providers)
  • Any information you provide when contacting us

3.2 Information collected automatically

When you use our website, we may collect:

  • Pages visited
  • Time spent on pages
  • Browsing behaviour
  • Shopping cart contents
  • Device and browser information
  • IP address

3.3 Cookies and tracking technologies

We use cookies and similar technologies to collect data about your activity on our website. See Section 9 for more details.

4. How we use your information

We use your data for the following purposes:

4.1 Order processing and fulfilment

  • Process payments
  • Deliver orders
  • Manage returns and refunds
  • Provide order updates

4.2 Customer support

  • Respond to enquiries
  • Provide assistance with orders or accounts

4.3 Marketing and advertising

  • Send promotional emails (where consent is given)
  • Deliver targeted advertisements via platforms such as Meta
  • Improve marketing effectiveness

4.4 Website improvement

  • Analyse customer behaviour
  • Improve user experience and site functionality

5. Legal basis for processing (UK GDPR)

We rely on the following legal bases:

  • Contractual necessity – to process and deliver your orders
  • Legitimate interests – to improve our services and marketing
  • Consent – for email marketing and certain cookies
  • Legal obligations – for accounting, tax, and compliance purposes

6. Sharing your information

We only share your data where necessary, including:

6.1 Service providers

We share data with trusted third parties such as:

  • Shopify (website hosting and e-commerce platform)
  • Mailchimp (email marketing)
  • Meta Business Manager (advertising and analytics)
  • Google (analytics)
  • Payment processors and delivery partners

These providers only use your data to perform services on our behalf.

6.2 Legal requirements

We may disclose your data if required by law or to protect our legal rights.

7. International data transfers

Some of our service providers may process data outside the UK. When this happens, we ensure appropriate safeguards are in place, such as:

  • Standard contractual clauses
  • UK-approved data transfer mechanisms

8. Data retention

We retain your data only as long as necessary:

  • Order and transaction data: up to 7 years (legal requirement)
  • Marketing data: until you unsubscribe
  • Website analytics: typically up to 24 months

9. Cookies

We use cookies to enhance your experience. These include:

  • Essential cookies – required for site functionality
  • Performance cookies – to analyse usage
  • Marketing cookies – to show relevant ads

You can manage or disable cookies through your browser settings. Please note that disabling cookies may affect site functionality.

10. Data security

We take reasonable steps to protect your data, including:

  • Secure payment processing
  • Encrypted connections (SSL)
  • Restricted access to personal data

However, no system is completely secure, and we cannot guarantee absolute security.

11. Your rights (UK GDPR)

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Restrict or object to processing
  • Withdraw consent at any time
  • Request data portability

You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO).

To exercise your rights, contact us at: support@corestatecollective.com