Privacy Policy

MCILVEEN FUELS LTD ("we", "us", "our") is the data controller responsible for your personal data when you use mcesmr.com or purchase from us. This means we decide how and why your personal data is processed.

We trade as MCESMR. We are a company registered in Northern Ireland under company number NI617829, with our registered address at 17 Dunesmullan Road, Markethill, Co Armagh, BT60 1TJ, United Kingdom. Our VAT status is: Not VAT registered.

• Email (privacy and data-protection enquiries): contact@mcesmr.com
• Postal address: 17 Dunesmullan Road, Markethill, Co Armagh, BT60 1TJ, United Kingdom
• Our registration with the Information Commissioner's Office (ICO): to be confirmed

We have not appointed a statutory Data Protection Officer, as we are not legally required to do so. Our team handles data-protection matters and you can reach them using the contact details above. If we update these details, the current version will always appear on this page.

This policy applies to personal data we process about visitors to our website, customers who buy our digital prompt collections, people who register an account, and anyone who contacts us for support or other enquiries. It applies to UK and international users alike.

Our website and emails may contain links to third-party websites, plug-ins and services (for example, the third-party AI tools our prompts are designed to be used with). We do not control those third parties and are not responsible for their privacy practices. When you leave our site, we encourage you to read the privacy notice of every site you visit.

Personal data means any information from which a living individual can be identified. We collect, use and store the following categories of personal data about you:

• Identity and contact data — your name (where provided), your email address, and any billing details you enter at checkout.
• Order and transaction data — details of the products you have purchased, order numbers, purchase dates, prices paid, currency, the download links issued to you, and records of your delivery and support history.
• Payment data — your card payments are processed by our payment provider, Stripe. Stripe handles your full card number, expiry date and security code directly; we never see or store your full card details. We receive only limited information from Stripe such as a payment reference, the card type, the last four digits of the card, and whether a payment succeeded or failed.
• Account credentials — if you create or are issued an account, we hold your username and a securely hashed password, together with account preferences and settings.
• Technical and usage data — your IP address, approximate location, browser type and version, device type and operating system, the pages you view, referring and exit pages, the dates and times of your visits, and similar information collected automatically through cookies and analytics (see our Cookie Policy).
• Communications and support data — the content of messages, emails and support requests you send us, and our replies, including any information you choose to include in them.
• Marketing and preferences data — your preferences for receiving marketing from us and your communication preferences, including any consent you have given or withdrawn.

We do not deliberately collect any special category data (such as data about health, race, religion, or political opinions) and we ask that you do not send us such information. We also do not carry out profiling that produces legal or similarly significant effects, and we do not make solely automated decisions about you of that kind.

We collect personal data in three main ways:

• Directly from you — when you place an order, register an account, fill in a form, subscribe to marketing, or contact us by email or any other channel.
• Automatically — as you interact with our website, we automatically collect technical and usage data using cookies and similar technologies. See our Cookie Policy for full details.
• From third parties and trusted partners — we receive payment confirmation and limited transaction data from Stripe, hosting and security logs from our hosting provider, and aggregated or individual usage data from our analytics provider. We may also receive data from providers of fraud-prevention and email-delivery services.

Under UK GDPR we must have a valid lawful basis for each purpose for which we use your personal data. The bases we rely on are set out below, mapped to the relevant purpose. Where we rely on consent, you can withdraw it at any time (see Section 11, "Your rights under UK GDPR").

• Performance of a contract — to take and process your order, deliver your digital products and download links, manage your account, and provide customer support relating to your purchase. Without this data we cannot fulfil your order.
• Legitimate interests — to operate, secure, maintain and improve our website and services; to prevent and detect fraud and misuse; to keep records of our dealings with you; to understand how our site is used; and to send business-to-business marketing or marketing to existing customers about similar products (subject to your right to object at any time). When relying on legitimate interests, we balance our interests against your rights and freedoms.
• Consent — to set non-essential cookies (such as analytics and any marketing cookies) and to send marketing emails to individuals where consent is required. You may withdraw your consent at any time without affecting the lawfulness of earlier processing.
• Legal obligation — to keep accounting, tax and transaction records as required by law, to respond to lawful requests from public authorities, and to comply with our other legal and regulatory duties.

We use your personal data only for the purposes for which we collected it, including:

• Processing and confirming your order and taking payment via Stripe.
• Delivering your digital products — generating your download links, giving you instant access on the confirmation page, and emailing a copy of your access details.
• Providing customer support and responding to your enquiries, questions and complaints.
• Managing your account, if you have one, and authenticating you when you log in.
• Preventing, detecting and investigating fraud, abuse, security incidents and other unlawful activity, and keeping our website and your data secure.
• Complying with our legal and regulatory obligations, including keeping accounting and tax records and responding to lawful requests.
• Operating, analysing, maintaining and improving our website, products and services — including measuring performance, fixing problems and developing new features.
• Sending you service messages you would reasonably expect (such as order confirmations, download links, security notices and changes to our terms).
• Sending you optional marketing about our products where you have consented, or where you are an existing customer and we are relying on the soft opt-in — in every case you can opt out at any time using the unsubscribe link in our emails or by contacting us.

We will only use your personal data for a new, unrelated purpose where the law allows it and, where required, with your consent. We do not sell your personal data, and we never make any claim about income, earnings or guaranteed results from using our products.

We will send you marketing emails only where you have given your consent, or where you have bought a product from us and we are contacting you about our own similar products under the "soft opt-in" permitted by the Privacy and Electronic Communications Regulations 2003 (PECR). We gave you a clear chance to opt out when we collected your details, and we give you that chance in every message.

You can stop marketing at any time by clicking the unsubscribe link in any marketing email, by adjusting your preferences, or by emailing us at contact@mcesmr.com. Opting out of marketing will not stop service messages that are necessary to fulfil your order, such as download links and order confirmations.

We do not sell your personal data. We share it only with the trusted parties listed below, and only as far as is necessary for the purposes in this policy. Where a party acts as our processor, it acts only on our instructions and under a written contract that requires it to keep your data secure.

• Stripe — our payment processor, which processes your card payment and provides fraud-prevention services. Stripe acts as an independent controller for some of its own processing. See Stripe's privacy policy for details.
• Hostinger — our website hosting provider, which stores our website and associated data on its servers as our processor.
• Our email and delivery provider — used to send your download links, order confirmations, service messages and (where applicable) marketing, acting as our processor.
• Our analytics provider — which helps us understand how our website is used, acting as our processor and in accordance with your cookie choices.
• Professional advisers — such as our accountants, auditors, lawyers and insurers, where reasonably necessary, acting as controllers or processors as appropriate.
• Authorities, regulators and law enforcement — where we are required to disclose your data by law, or to establish, exercise or defend legal claims, or to protect the rights, property or safety of our business, our customers or others.
• A buyer or successor — if we sell, restructure or transfer our business or assets, your data may be transferred as part of that transaction, subject to appropriate confidentiality and data-protection safeguards.

Some of our providers (including payment, hosting, email-delivery and analytics services) may process or store personal data outside the United Kingdom. Whenever we transfer your personal data out of the UK, we make sure a similar degree of protection is given to it by relying on at least one of the following safeguards:

• Transferring to a country that the UK Government has confirmed provides an adequate level of protection (an "adequacy" decision or regulations);
• Using the UK International Data Transfer Agreement (IDTA), or the EU Standard Contractual Clauses together with the UK Addendum, with the receiving party; or
• Relying on another lawful transfer mechanism permitted under UK data-protection law.

If you would like more information about the specific safeguards we apply to a particular transfer, please contact us at contact@mcesmr.com.

We keep your personal data only for as long as we need it for the purposes set out in this policy, and to meet our legal, accounting and reporting obligations. Our general retention periods are:

• Order and transaction records — kept for the legally required accounting and tax period, which is currently around six years from the end of the relevant financial year.
• Account data — kept for as long as your account is active, and for a reasonable period afterwards, unless you ask us to delete it sooner and we have no overriding legal reason to retain it.
• Marketing data and preferences — kept until you withdraw your consent, object, or unsubscribe, after which we keep a minimal suppression record so we can honour your choice.
• Support and communications data — kept for as long as needed to handle your enquiry and for a reasonable period afterwards for our records.
• Cookies and analytics data — kept for the retention periods described in our Cookie Policy.

When we no longer need your personal data, we will securely delete or anonymise it. In some cases we may retain anonymised information, which can no longer be linked to you, for analysis and statistics indefinitely.

Subject to certain conditions and exemptions, you have the following rights over your personal data:

• Right to be informed — to know how we collect and use your personal data, as set out in this policy.
• Right of access — to request a copy of the personal data we hold about you.
• Right to rectification — to have inaccurate or incomplete data corrected.
• Right to erasure — to ask us to delete your personal data in certain circumstances (the "right to be forgotten").
• Right to restrict processing — to ask us to suspend the processing of your data in certain circumstances.
• Right to data portability — to receive certain data in a structured, commonly used, machine-readable format, or to have it transferred to another controller, where the processing is based on consent or contract and is carried out by automated means.
• Right to object — to object to processing based on our legitimate interests, and to object to direct marketing at any time.
• Right to withdraw consent — where we rely on your consent, you can withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.
• Rights related to automated decision-making and profiling — we do not make solely automated decisions that produce legal or similarly significant effects about you; if this ever changed, you would have the right to request human intervention and to contest the decision.

To exercise any of these rights, email us at contact@mcesmr.com. We will not charge a fee in normal circumstances and will respond within one month, which we may extend by up to two further months for complex requests (we will tell you if so). To protect your data, we may need to ask you for information to confirm your identity before we act.

We use cookies and similar technologies to make our website work, to remember your preferences, to keep it secure, and — with your consent — to measure how it is used and to support any marketing. Non-essential cookies are only set after you give your consent through our cookie banner, and you can change your choices at any time.

For a full list of the cookies we use, their purposes and durations, and how to manage them, please see our Cookie Policy at mcesmr.com/cookies.

We take the security of your personal data seriously and use appropriate technical and organisational measures to protect it against unauthorised or unlawful access, loss, alteration or disclosure. These measures include encryption of data in transit (HTTPS/TLS), secure and reputable hosting, restricting access to those who need it, hashing of account passwords, and processing payments through Stripe so that we never handle your full card details.

No method of transmission over the internet or of storage is completely secure, so while we strive to protect your personal data we cannot guarantee absolute security. We have procedures in place to deal with any suspected personal data breach and will notify you and the ICO where we are legally required to do so.

Our website and products are intended for businesses and professionals and are not directed at children. We do not knowingly collect personal data from anyone under the age of 18, and our services are not designed to be used by anyone under 16. If you believe a child has provided us with personal data, please contact us at contact@mcesmr.com and we will take steps to delete it.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements or for other operational reasons. When we make changes, we will revise the "Effective date" at the top of this page, and where the changes are significant we will take reasonable steps to bring them to your attention. Please check this page periodically to stay informed.

If you have any concern about how we handle your personal data, please contact us first at contact@mcesmr.com so we can try to put things right.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data-protection issues, at any time. You can reach the ICO at ico.org.uk, by calling 0303 123 1113, or by writing to: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. We would, however, appreciate the chance to address your concerns before you approach the ICO.