This Privacy Policy explains how Simulant Systems Ltd (“we”, “us”, “our”) collects and uses personal data when you use Addict Media (the “Website”), including when you browse, place an order, download digital products, create an account, or subscribe to ongoing billing.
We use Stripe as our payment merchant/provider to process payments on the Website.
When you pay at checkout, your payment is processed securely by Stripe. We do not receive or store your full card number. Your card/payment details are entered into Stripe’s secure payment process.
If you purchase a subscription (or any product/service with ongoing billing) you may be offered the option to save a payment method for future subscription charges. If you choose to do this, Stripe stores a tokenised version of your payment method. Tokenisation means your payment details are replaced with a secure reference (“token”), allowing future charges without us storing your raw card details.
Where you have authorised ongoing billing, we (via Stripe) may charge the saved payment method:
at release of a new magazine if an active ongoing subscription order is open or the agreed renewal schedule,
for subscription renewals and related invoices, and/or
for subscription changes you request (e.g., upgrades/downgrades) where a charge applies.
You can choose not to save a payment method (where available), but that may limit or prevent ongoing subscription billing.
We typically receive limited information such as:
payment status (successful/failed) and timestamps,
billing name and basic billing details (such as postcode/country),
the payment method type/brand (e.g., card brand) and a masked identifier,
Stripe reference IDs for the customer/payment,
fraud/risk signals (in some cases).
Stripe processes personal data to provide payment services, maintain security, prevent fraud, and comply with law. Stripe may process some data for its own purposes (for example, fraud prevention). Please refer to Stripe’s own privacy information on their website for full details.
Data controller: Simulant Systems Ltd (trading as Addict Media)
Contact (privacy enquiries): Please use our Contact Form.
We do not publish a postal address in this policy. If we need to verify identity for a data request, we will explain the process when you contact us.
Depending on what you do on the Website, we may collect:
Identity/contact data: name, email address, phone number (if provided)
Account data: username/login details, password (stored as a secure hash), account preferences
Order data: items purchased, order history, invoices/receipts, returns/refunds, customer notes
Delivery & billing data: shipping address, billing address
Digital fulfilment data: confirmation of digital purchase, download entitlement/access logs (where applicable)
Communications: messages sent via contact form or email, support requests
When you use the Website, we may collect:
Technical data: IP address, device/browser type, pages viewed, referral/source information, approximate location (derived from IP)
Cookie and similar technology data: see Cookies section below
Payment confirmations and references from Stripe (see section 1)
Delivery services data (e.g., shipping labels/tracking references) where applicable
We only use personal data where we have a lawful basis under UK GDPR.
Purpose: site operation, account login, customer service
Lawful basis: Legitimate interests (running and improving our Website) and Contract (where you create an account)
Purpose: take and manage orders, send order confirmations, provide digital products, ship physical products, handle returns/refunds
Lawful basis: Contract (to perform the sale contract)
Purpose: payment processing, subscription renewals, handling failed payments, invoicing
Lawful basis: Contract and Legitimate interests (ensuring payment and preventing abuse)
Saved payment methods: where you choose to save a payment method for subscriptions, Stripe stores a tokenised payment method based on your authorisation.
Purpose: accounting, tax/VAT records, responding to lawful requests
Lawful basis: Legal obligation
Purpose: protect accounts, prevent fraud, secure the Website and transactions
Lawful basis: Legitimate interests (and in some cases Legal obligation)
Purpose: sending newsletters or updates
Lawful basis: Consent (where required) and/or Legitimate interests (limited, where permitted)
You can opt out at any time by using the unsubscribe link (if provided) or contacting us via the Website Contact Form.
We share personal data only where necessary to operate the store and deliver your order:
Stripe (payment processing and subscription billing)
Royal Mail (shipping and delivery of physical orders: name/address and, where needed, contact details for delivery)
Service providers who help us run the Website (hosting, security, email delivery/support tooling), acting as processors under appropriate terms
Professional advisers (accountants/legal) when needed for compliance and business administration
Analytics providers (only if/when enabled). If enabled, we use analytics to understand website usage and improve performance.
We do not sell your personal data.
Some service providers may process data outside the UK. Where this happens, we use appropriate safeguards required under UK GDPR (for example, adequacy regulations or contractual protections).
We keep personal data only as long as necessary for the purposes described:
Orders, invoices, and tax records: retained for the period required for accounting/tax compliance and legitimate business needs
Account data: retained while your account is active; deleted or anonymised within a reasonable period after closure (unless we must retain certain records)
Support messages: retained as needed to resolve issues and maintain service history
Marketing list details: retained until you unsubscribe or ask us to stop
Technical logs/security records: retained for limited periods for troubleshooting and security
If you request deletion, we will comply where we can, but we may need to retain some information for legal obligations (e.g., tax) or to establish/exercise/defend legal claims.
We use cookies and similar technologies for:
essential website functions (e.g., cart, checkout, login),
security,
preferences,
and potentially analytics (if enabled).
Where required, we will request consent before using non-essential cookies/technologies. You can also control cookies through your browser settings.
You may have the right to:
request access to your personal data,
request correction of inaccurate data,
request deletion (in certain circumstances),
request restriction of processing (in certain circumstances),
object to processing (in certain circumstances, including direct marketing),
request data portability (in certain circumstances),
withdraw consent (where we rely on consent).
To exercise your rights, contact us via the Website Contact Form.
You also have the right to complain to the Information Commissioner’s Office (ICO) if you believe your data has been handled improperly.
We use appropriate technical and organisational measures to protect personal data. Payment card details are handled by Stripe; we do not store full card numbers on our servers.
No online service is completely secure, but we work to protect your information and reduce risk.
Our Website is not intended for children. If you believe a child has provided personal data to us, please contact us via our Contact Form and we will take appropriate steps.
We reserve the right to periodically update this Privacy Policy.