Legal

DATA PROTECTION PROTOCOL (PRIVACY)

  • Access to www.rockgooey.com (the “Site”) is subject to the following data governance standards. This protocol governs all interactions with the Site, including browsing, account registration, and transactional engagements.
  • Utilization of the Site constitutes your acknowledgment and acceptance of these terms. If these standards are not compatible with your requirements, you must discontinue use immediately.
  • Your data is managed by Rockgooey and its designated operational partners. All processing is executed in strict compliance with the laws of England and Wales.

01. MANDATORY DATA MINIMIZATION

We strictly implement the principle of data minimization and functional necessity across all operations. Personal data is collected, processed, and retained only to the extent that it is directly relevant, adequate, and limited to what is necessary for the provision of our services, compliance with legal obligations, or fulfillment of contractual requirements.

All processing activities are conducted in compliance with applicable international data protection laws and frameworks, including the UK General Data Protection Regulation, the Data Protection Act 2018, and the General Data Protection Regulation. We also align our practices, where applicable, with global standards such as the California Consumer Privacy Act and guidance issued by the Information Commissioner's Office.

Personal data is processed lawfully, fairly, and transparently, and only for specified, explicit, and legitimate purposes. Any further processing is carried out only where it is compatible with the original purpose or where a valid lawful basis—such as consent, contractual necessity, legal obligation, vital interests, public task, or legitimate interests—is established in accordance with applicable laws.

Wherever feasible, anonymized, pseudonymized, or aggregated data is used in place of personally identifiable information to enhance privacy protection and reduce risk exposure. The processing of special category (sensitive) data is strictly controlled and undertaken only where additional legal conditions are satisfied.

We uphold and facilitate all applicable data subject rights, including but not limited to the right of access, rectification, erasure, restriction of processing, data portability, and the right to object to processing. Mechanisms are in place to respond to such requests within legally mandated timeframes.

Access to personal data is restricted under strict role-based access controls (RBAC) and the principle of least privilege. We implement robust technical and organizational measures, including encryption, secure data storage, access logging, and continuous monitoring, to protect data against unauthorized access, alteration, disclosure, or destruction.

Data retention is limited to defined periods based on legal, regulatory, and operational requirements. Upon expiry of retention periods, personal data is securely deleted, anonymized, or archived in accordance with approved data lifecycle management and disposal procedures.

For cross-border data transfers, we ensure that appropriate safeguards are implemented, including the use of Standard Contractual Clauses (SCCs), adequacy decisions, or other legally recognized transfer mechanisms to ensure an equivalent level of data protection.

We conduct regular audits, risk assessments, and compliance reviews to ensure continuous adherence to applicable laws and best practices. Any data breaches or incidents are handled in accordance with established incident response procedures and reported to relevant supervisory authorities, including the Information Commissioner's Office, where legally required.

02. OPERATIONAL PROCESSORS

For the purpose of commercial execution and service delivery, Rockgooey engages authorized third-party service providers (“Processors”) to perform specific functions on its behalf. These include, but are not limited to, e-commerce infrastructure providers such as Shopify, Inc., payment processors, cloud hosting providers, and logistics and distribution partners.

All Processors are carefully selected based on their ability to implement appropriate technical and organizational measures that ensure compliance with applicable data protection laws, including the UK General Data Protection Regulation and the Data Protection Act 2018. Processing by such entities is governed by legally binding agreements, including Data Processing Agreements (DPAs), which clearly define the scope, nature, purpose, and duration of processing activities.

Processors are contractually obligated to:

  • Process personal data solely on documented instructions from Rockgooey;
  • Maintain strict confidentiality and ensure that authorized personnel are subject to appropriate confidentiality obligations;
  • Implement and maintain industry-standard security measures to protect personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage;
  • Assist Rockgooey in fulfilling its legal obligations, including data subject rights requests, data protection impact assessments (DPIAs), and regulatory compliance requirements;
  • Notify Rockgooey without undue delay in the event of a personal data breach.

Rockgooey retains full control and accountability over all personal data processed on its behalf. Processors are strictly prohibited from using personal data for their own purposes or engaging sub-processors without prior written authorization and equivalent contractual safeguards.

Where Processors operate outside the United Kingdom or European Economic Area, Rockgooey ensures that appropriate international data transfer mechanisms are in place, including Standard Contractual Clauses (SCCs), adequacy regulations, or other lawful transfer safeguards, to ensure an equivalent level of data protection.

We conduct ongoing due diligence, audits, and performance reviews of all Processors to ensure continued compliance with applicable legal, regulatory, and security standards. Guidance and oversight are aligned with recommendations issued by the Information Commissioner's Office and other relevant supervisory authorities.

INTEGRITY, SECURITY, AND COMMERCIAL TERMS

A. Data Integrity & Security Controls

We implement and maintain robust technical and organizational measures to ensure the integrity, confidentiality, and availability of personal data. These measures are designed to prevent unauthorized or unlawful access, disclosure, alteration, loss, or destruction of data.

All security practices are aligned with the requirements of the UK General Data Protection Regulation and the Data Protection Act 2018, including Article 5(1)(f) (integrity and confidentiality) and Article 32 (security of processing).

Our safeguards include, but are not limited to:

  • End-to-end encryption and secure data transmission protocols
  • Role-based access controls (RBAC) and least-privilege principles
  • Continuous system monitoring, logging, and threat detection
  • Regular vulnerability assessments and security audits
  • Secure backup, recovery, and incident response mechanisms

Users are responsible for maintaining the security of their own devices and access credentials. This includes the use of updated antivirus software, secure internet connections, and safe browsing practices. Rockgooey shall not be held liable for security breaches resulting from user-side negligence or compromised devices beyond our reasonable control.

B. Rectification, Returns & Consumer Policy

All purchases made through Rockgooey are considered final unless explicitly stated otherwise under applicable consumer protection laws. Prices displayed include applicable duties, taxes, and customs charges where required.

In the event of a manufacturing defect or product fault, customers must notify us without undue delay via sales@rockgooey.com. All claims are subject to internal inspection, validation, and verification procedures prior to approval.

C. Return Conditions

To be eligible for return consideration, the following conditions must be strictly met:

  • Items must be unused, unwashed, and maintained in original condition
  • All tags, packaging, and branding must remain intact and untampered
  • Return requests must be initiated within seven (7) calendar days (168 hours) of delivery

Failure to meet these conditions may result in rejection of the return request.

D. Disposal Policy

Where returned goods fail to meet the required conditions or are deemed ineligible after inspection, Rockgooey reserves the right, at its sole discretion, to dispose of such items without further liability, obligation, or compensation to the customer, unless otherwise required by applicable law.

E. Refunds

Refunds, where approved, will be processed within three (3) business days following successful inspection and validation. Refunds will be issued via the original method of payment unless otherwise agreed.

All refund processes are handled in accordance with applicable financial regulations and consumer protection standards.

TERMS OF SALE

All orders placed with Rockgooey are subject to product availability, order acceptance, and verification procedures. We reserve the right, at our sole discretion, to refuse, cancel, or limit any order where fraud, unauthorized activity, or pricing or system errors are suspected.

Product descriptions, images, and specifications are provided for informational purposes only. Variations in color, texture, or appearance due to device display settings, screen resolution, or lighting conditions shall not constitute defects or grounds for return or dispute.

All prices are listed in United States Dollars (USD) unless otherwise expressly stated. Prices may be subject to change without prior notice; however, confirmed orders will not be affected by subsequent pricing adjustments.

Risk of loss and title to goods shall transfer to the customer at the point the goods are handed over to the designated shipping carrier. Rockgooey shall not be liable for delays, damage, or loss occurring during transit, except where required under applicable consumer protection laws.

Any disputes, claims, or legal proceedings arising out of or in connection with these Terms shall be governed by and construed in accordance with the laws of England and Wales, and shall be subject to the exclusive jurisdiction of the courts of England and Wales, without prejudice to any mandatory consumer protection rights applicable in the customer’s country of residence.

To the fullest extent permitted by applicable law, Rockgooey shall not be liable for any indirect, incidental, consequential, or special damages, including but not limited to loss of profits, business interruption, or loss of data, arising out of or in connection with the use of our products or services.

Rockgooey shall not be held responsible for any failure or delay in performance resulting from events beyond its reasonable control (“Force Majeure Events”), including but not limited to natural disasters, acts of government, war, terrorism, labor disputes, supply chain disruptions, pandemics, or failures of telecommunications or internet services.

Where personal data is processed in connection with sales transactions, such processing shall be conducted in accordance with the UK General Data Protection Regulation and the Data Protection Act 2018, ensuring that customer information is handled lawfully, fairly, and securely.

PLATFORM SECURITY & FRAUD PREVENTION CONTROLS

Technical Security Measures

Rockgooey implements industry-standard technical safeguards to ensure the security, integrity, and availability of its platform and customer data. These measures are aligned with the requirements of the UK General Data Protection Regulation and the Data Protection Act 2018, particularly in relation to the security of processing.

Our security framework includes, but is not limited to:

  • Mandatory use of Secure Socket Layer (SSL) encryption (HTTPS) across all web traffic
  • Deployment of a Web Application Firewall (WAF) to monitor and filter malicious traffic, including solutions provided by Cloudflare or equivalent providers
  • Distributed Denial-of-Service (DDoS) protection mechanisms to ensure service continuity
  • Bot detection and anti-scraping controls to prevent unauthorized automated access and data extraction

These measures are continuously monitored, tested, and updated to address evolving cybersecurity threats and vulnerabilities.

B. Platform-Specific Controls (Shopify Infrastructure)

Where Rockgooey utilizes third-party e-commerce infrastructure such as Shopify, Inc., additional built-in security and fraud prevention mechanisms are enforced, including:

  • Automated fraud analysis and transaction risk scoring
  • Activation of “Shopify Protect” (where eligibility criteria are met)
  • Implementation of payment fraud filters and transaction monitoring tools

These controls are supplemented by internal review processes to identify and prevent fraudulent or unauthorized transactions.

C. Account & User Security Obligations

Rockgooey enforces strict account security protocols to protect user access and prevent unauthorized activity. These include:

  • Mandatory strong password requirements aligned with industry best practices
  • Two-Factor Authentication (2FA) enforcement for administrative access and internal systems
  • Optional but recommended 2FA for customer accounts
  • Login attempt limitations and anti-brute force protection mechanisms

Users are solely responsible for maintaining the confidentiality of their login credentials and for all activities conducted under their accounts. Rockgooey shall not be liable for unauthorized access resulting from compromised credentials or user negligence.

D. Risk Transfer & Delivery Liability

Risk of loss or damage to goods shall generally transfer to the customer upon delivery of the products to the specified delivery address. However, this provision shall apply except where prohibited or limited by applicable consumer protection laws, including mandatory rights under UK and international consumer regulations.

In jurisdictions where seller liability extends until confirmed delivery, Rockgooey shall retain responsibility for goods in transit until successful delivery is completed. Nothing in this clause shall limit or exclude statutory consumer rights that cannot be lawfully waived.

E. Compliance & Continuous Improvement

Rockgooey adopts a risk-based approach to security and fraud prevention, including ongoing monitoring, audits, and system enhancements. All measures are designed to ensure compliance with applicable legal, regulatory, and industry standards, including guidance issued by the Information Commissioner's Office.

PAYMENTS, CHARGEBACKS & FRAUD LIABILITY

A. Accepted Payment Methods

Rockgooey accepts payments through secure and authorized third-party payment processors. All transactions are subject to verification, authorization, and fraud screening procedures. By submitting payment information, customers confirm that they are authorized to use the selected payment method and that all provided details are accurate and complete.

All payment processing is conducted in accordance with applicable financial regulations and data protection requirements, including the UK General Data Protection Regulation and the Data Protection Act 2018, ensuring secure handling of payment-related personal data.

B. Fraud Prevention & Transaction Monitoring

Rockgooey reserves the right to suspend, cancel, or refuse any order where fraudulent, unauthorized, or suspicious activity is suspected. Transactions may be subject to automated and manual review, including identity verification and payment authentication checks.

We utilize fraud detection tools, risk scoring systems, and security controls (including those provided by Shopify, Inc. and integrated payment gateways) to mitigate risks associated with unauthorized transactions.

Customers may be required to provide additional documentation or verification prior to order fulfillment. Failure to comply with verification requests may result in order cancellation without liability.

C. Chargebacks & Dispute Handling

Customers agree to contact Rockgooey directly to resolve any payment disputes before initiating a chargeback or payment reversal request with their financial institution.

Unauthorized or unjustified chargebacks may be contested with supporting evidence, including proof of delivery, transaction records, IP logs, and customer communication history. Rockgooey reserves the right to:

  • Recover associated costs, fees, and administrative charges arising from chargebacks
  • Restrict or permanently suspend customer accounts involved in fraudulent or abusive dispute activity

Repeated or bad-faith chargeback claims may result in legal action where permitted under applicable laws.

D. Refund Processing

Approved refunds shall be processed in accordance with our Refund Policy and issued via the original payment method unless otherwise agreed. Processing timelines may vary depending on the payment provider but are generally completed within a reasonable timeframe following approval.

Rockgooey is not responsible for delays caused by third-party payment processors or financial institutions.

E. Limitation of Payment Liability

To the fullest extent permitted by law, Rockgooey shall not be liable for any losses arising from:

  • Unauthorized use of payment methods where no fault is attributable to Rockgooey
  • Delays, failures, or errors caused by third-party payment processors
  • Customer-provided incorrect or incomplete payment information

Nothing in this section shall limit or exclude liability where such limitation is prohibited under applicable law, including statutory consumer rights.