Welcome to the X Comps privacy policy. We value your privacy and are dedicated to safeguarding your personal information. This policy explains how we handle your personal data when you use our website, regardless of your location. It also outlines your privacy rights and the legal protections available to you.
This policy describes how X Comps gathers and processes your personal data through your interactions with our website. This includes any information you share when creating an account or participating in our competitions.
Our website is designed for adults, and we do not intentionally gather data from children. We carry out age verification checks to comply with legal requirements, and entrants or winners may need to provide photo identification to confirm their identity, age, and address.
Please read this policy alongside any other privacy notices we may issue on specific occasions. This document is supplementary and does not replace those notices.
X Comps acts as the controller responsible for your personal data (referred to as “we,” “us,” or “our” throughout this policy).
We have designated a Data Protection Officer (DPO) to oversee matters related to this policy. For any questions — including requests to exercise your legal rights — please reach out to the DPO using the details below.
You may also lodge a complaint with the Information Commissioner’s Office (ICO) at www.ico.org.uk at any time. We would appreciate the opportunity to address your concerns directly before you contact the ICO.
We review this policy periodically. Please ensure the personal data you provide us remains accurate and up to date throughout our relationship.
Our website may contain links to third-party sites, plug-ins, and applications. We have no control over these external sites and bear no responsibility for their privacy practices. We recommend reading the privacy policy of every website you visit after leaving ours.
Personal data means any information that can identify a living individual. It does not cover anonymised data. We may gather, use, store, and transfer the following categories of data:
We may also compile Aggregated Data (such as statistical or demographic information) for analytical purposes. This data does not directly identify you and is not treated as personal data unless combined with other information that could reveal your identity.
We do not collect Special Category Data (covering race, ethnicity, religion, sexual orientation, political views, trade union membership, health, or biometric information), nor do we gather data relating to criminal convictions.
If we are legally or contractually required to collect certain personal data and you do not supply it, we may be unable to fulfil our obligations — for instance, delivering goods or services. We will inform you if this situation arises.
We collect information through several methods:
We process your personal data only where the law permits. The most common grounds include:
We generally do not rely on consent as our processing basis, except for third-party direct marketing sent via email or text. You may withdraw marketing consent at any time by contacting us.
When you supply your contact details (including mobile number), we store this information to deliver email, SMS, and RCS communications covering service updates, competition notifications, and promotional messages in line with your consent preferences. You can opt out at any time by replying STOP or contacting us directly.
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Registering you as a customer | Identity, Contact | Contractual performance |
| Processing competition entries and managing payments | Identity, Contact, Financial, Transaction, Marketing & Communications | Contractual performance; legitimate interest (debt recovery) |
| Managing our relationship (e.g., notifying you of policy changes, requesting reviews) | Identity, Contact, Profile, Marketing & Communications | Contractual performance; legal obligation; legitimate interest (record-keeping, customer research) |
| Enabling participation in competitions or surveys | Identity, Contact, Profile, Usage, Marketing & Communications | Contractual performance; legitimate interest (customer research, business growth) |
| Administering and securing our business and website | Identity, Contact, Technical | Legitimate interest (IT services, network security, fraud prevention); legal obligation |
| Delivering relevant content and advertising | Identity, Contact, Profile, Usage, Marketing & Communications, Technical | Legitimate interest (customer research, marketing strategy) |
| Analysing data to improve our website and services | Technical, Usage | Legitimate interest (audience insight, business development) |
| Recommending competitions of interest | Identity, Contact, Technical, Usage, Profile, Marketing & Communications | Legitimate interest (product development, business growth) |
We may use your Identity, Contact, Technical, Usage, and Profile Data to identify competitions and services that may interest you. You will receive marketing if you have requested information or entered competitions and have not opted out.
We will obtain your explicit consent before sharing your data with any third party for their marketing purposes.
Contact us at any time to stop receiving marketing communications from us or from third parties.
You can configure your browser to block all or selected cookies, or to notify you when cookies are set. Disabling cookies may affect the functionality of certain parts of our website.
Cookies are small data files stored on your browser or device. We use them to distinguish you from other visitors, improve your browsing experience, and enhance our site. We employ the following types:
| Cookie Name | Purpose |
|---|---|
woocommerce_cart_hash |
Detects changes to cart contents |
woocommerce_items_in_cart |
Detects changes to cart contents |
wp_woocommerce_session_ |
Stores a unique code linking each customer to their cart data |
woocommerce_recently_viewed |
Supports the Recently Viewed Products feature |
store_notice[notice id] |
Lets customers dismiss the Store Notice |
wordpress_[hash] |
WordPress account management |
wordpress_logged_in_[hash] |
WordPress account management |
wordpress_test_cookie |
WordPress account management |
wp-settings-{time}-[UID] |
WordPress account management |
_ga |
Distinguishes users (Google Analytics, 2-year duration) |
_gid |
Distinguishes users (Google Analytics) |
_gat |
Manages request frequency (Google Analytics) |
AMP_TOKEN |
Retrieves Client IDs from the AMP Client ID service |
gac |
Stores campaign data; read by Google Ads conversion tags if Analytics and Ads accounts are linked |
| Facebook Pixel | Tracks Facebook ad conversions |
Cookie data is not shared with third parties. You can block cookies through your browser settings, though this may limit access to parts of our site. All non-essential cookies expire after 90 days.
We use your data only for the purposes for which it was originally collected, unless a new purpose is compatible with the original one. We will notify you and explain our legal basis if we need to process your data for an unrelated purpose. In certain cases, we may process data without your knowledge or consent where permitted or required by law.
We may disclose your personal data to the following external parties:
All third parties are required to protect your data and process it solely in accordance with our instructions.
We do not transfer your personal data outside the United Kingdom. Contact us if you require further details on any data transfer mechanisms.
We maintain appropriate security measures to guard against accidental loss, unauthorised access, alteration, or disclosure of your data. Access is restricted to employees, agents, contractors, and other parties with a legitimate business need, all of whom are bound by confidentiality obligations.
We have procedures in place to handle suspected data breaches and will notify you and relevant regulators where legally required.
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, regulatory, tax, and reporting obligations. Retention periods are determined by considering the nature and sensitivity of the data, the risk of harm from unauthorised use, the processing purposes, and applicable legal requirements.
We are legally required to keep basic customer information (Contact, Identity, Financial, and Transaction Data) for six years after the customer relationship ends, for tax purposes.
In certain cases, you may request deletion of your data (see Your Rights below). We may also anonymise your data for research or statistical use, in which case it may be retained indefinitely.
Under data protection law, you have the right to:
To exercise any of these rights, please contact us.
Access to your data and exercise of your rights is normally free. We may charge a reasonable fee for requests that are clearly unfounded, repetitive, or excessive, or we may decline such requests.
We may request information to confirm your identity before fulfilling a rights request. This is a security measure to prevent disclosure to unauthorised persons.
We aim to respond to all valid requests within one month. Complex or multiple requests may take longer, and we will keep you informed of any delays.