• Your shopping cart is empty!

Privacy Policy

This Privacy Policy explains how Midnight Box (“we”, “us”, “our”) collects, uses and protects your personal information when you use midnightbox.co.uk. We are committed to protecting your privacy and complying with the UK GDPR and Data Protection Act 2018.

By using our website, you agree to the practices described in this policy.

1. Who We Are

Midnight Box
4th Floor
14 Museum Place
Cardiff
CF10 3BH
Telephone: +44 7783 903152
Email: contact@midnightbox.co.uk

Our contact details are also available on our Contact Page

2. Information We Collect

We collect only the information necessary to operate our online store, process orders and provide customer support.

a) Information you provide directly

  • Name

  • Billing and delivery address

  • Email address

  • Telephone number

  • Account details (if you create an account)

  • Messages sent to us through contact forms or email

b) Automatically collected information

Through standard OpenCart functionality and security tools, we collect:

  • IP address

  • Browser type

  • Device information

  • Pages visited

  • Time spent on the website

c) Cookies

We use essential OpenCart cookies plus optional analytics cookies (Google Analytics and Microsoft Clarity). Full details are available here:
https://midnightbox.co.uk/en-gb/information/cookie-policy

3. Payment Information

We do not process or store payment card details on our servers.

All payments are handled securely by:

  • PayPal

This means:

  • We never see your full card number

  • We do not store any sensitive payment information

  • All payment details are handled on PayPal’s encrypted systems

4. How We Use Your Information

We use your information for the following purposes:

  • Processing and delivering your orders

  • Managing your account

  • Handling returns, refunds, chargebacks and customer support

  • Preventing fraud and maintaining site security

  • Improving our website through anonymous analytics (only if consented)

  • Sending essential service emails (order updates, account notices)

We do not sell, rent or share your personal information with any third parties for marketing or advertising.

5. Legal Basis for Processing

We process data under the following lawful bases:

  • Contract: To fulfil your orders and provide services

  • Legal obligation: To meet HMRC accounting requirements and consumer law

  • Consent: For analytics and cookie categories you choose to enable

  • Legitimate interests: Fraud prevention and website security

6. How Long We Keep Your Data

We retain data only as long as necessary:

Order information:

Kept for 6 years, as required by HMRC and the Consumer Rights Act.

Account information:

If you request your account to be deleted, it will be scheduled for deletion after 180 days so that:

  • Chargebacks

  • Refunds

  • Fraud checks
    can still be handled.

Analytics & cookies:

Follow the expiry times listed in our Cookie Policy.

7. Your Rights Under UK GDPR

You have the right to:

  • Request a copy of the personal information we hold about you

  • Request correction of inaccurate data

  • Request deletion of your account

  • Withdraw consent for analytics cookies

  • Object to certain types of processing

  • Lodge a complaint with the ICO

To request your data or account deletion, visit:
https://midnightbox.co.uk/en-gb?route=information/gdpr

8. Account Deletion Requests

If you submit an account deletion request, please note:

  • You will lose access to your Midnight Box account

  • You will lose access to order history, invoices, wishlists and any downloads

  • Your request will be processed after 180 days

  • Order records will remain for 6 years as legally required

Only non-essential data will be deleted.

9. Sharing Your Information

We do not sell or share your data with advertisers or third parties for marketing.

We only share necessary data with:

  • Payment processors (to complete your transaction)

  • Delivery services (to deliver your orders)

  • Anti-fraud and security systems (essential operation)

All external services are required to protect your data.

10. Data Security

We use appropriate technical and organisational measures to protect your information, including:

  • Encrypted connections (HTTPS)

  • Secure hosting

  • Access controls

  • Cloudflare security tools

  • Regular system updates

While no system is invincible, we take data protection seriously.

11. Links to Other Websites

Our website may link to external sites such as PayPal. We are not responsible for their content or privacy practices. Please review their policies separately.

12. Updates to This Policy

We may update this Privacy Policy if our processes or legal obligations change. Any updates will be posted on this page.

Contact Us

If you have questions about this policy or how we handle your data, contact us at:

Midnight Box
4th Floor
14 Museum Place
Cardiff
CF10 3BH
Telephone: +44 7783 903152
Email: contact@midnightbox.co.uk