Podium ← Back to home

Privacy Notice

Effective date: 28 May 2026

This notice covers the marketing site only. It explains how Virtually Earthed Ltd handles personal data you give us when you visit podium.virtuallyearthed.com or sign up to host a Podium shop. If you're a parent ordering a t-shirt from a Podium-powered shop, the privacy notice for that shop is on the shop itself, and the organiser running the shop is the data controller — not us. Written in plain English; not legal advice.

What's in this notice

  1. Who we are
  2. What personal data we collect, and why
  3. Lawful basis for processing
  4. Who we share data with
  5. Cookies and tracking
  6. How long we keep it
  7. Your rights
  8. Security
  9. Changes to this notice
  10. Contact us

1. Who we are

Virtually Earthed Ltd is the data controller for personal data collected through this marketing site. We are a company registered in England and Wales. Our contact details are at the end of this notice.

"We", "us", and "our" in this notice refer to Virtually Earthed Ltd. "You" refers to the visitor or prospect interacting with this site.

2. What personal data we collect, and why

We collect only what's needed to operate the marketing site and respond to sign-up enquiries. Specifically:

Data How we collect it Why
Contact details (name, email, optional phone) You enter them on the sign-up form So we can reply, set up your shop, and stay in touch about it
Organisation details (legal name, short name, brand colours, logo, cover image, hero copy) You enter / upload them on the sign-up form To provision your Podium instance with your branding
Admin email addresses for your future shop You enter them on the sign-up form To set as the authorised admin sign-in list on your shop
Operational details (first event date, expected order volume, fulfilment notes) You enter them on the sign-up form To plan your setup and seed your shop's defaults
Anti-spam signal (honeypot field) Submitted automatically by the form To filter automated submissions

We do not collect: payment details (Stripe handles those separately when you onboard later), analytics data, location data, or any data about you browsing the marketing pages.

3. Lawful basis for processing

Under the UK GDPR, we rely on the following lawful bases:

  • Article 6(1)(b) — performance of a contract / steps prior to entering one. When you submit the sign-up form, we use your details to take the steps you've asked us to take (set up your shop) and to enter into our Terms of Service with you.
  • Article 6(1)(f) — legitimate interests. We have a legitimate interest in operating an anti-spam mechanism on the form, and in keeping a record of who has signed up so we can support our customers. These interests don't override your privacy rights.

4. Who we share data with

We use a small number of data processors to operate the marketing site. They process your data on our behalf, under written terms, and only for the purposes we've set:

  • Netlify, Inc. (USA) — hosting, and the Forms service that receives and stores sign-up submissions. Netlify's DPA covers UK GDPR international transfer requirements via Standard Contractual Clauses.

We do not sell your data, and we don't share it with advertisers, data brokers, or marketing networks.

5. Cookies and tracking

This marketing site sets no cookies and uses no analytics. We don't run Google Analytics, Plausible, Fathom, Mixpanel, or any tracking pixel. We don't need a cookie banner because we don't set any cookies that would require consent.

Once you become a customer, your own Podium shop sets only a single functional cookie (the admin session for organiser sign-in) — that's covered in your shop's own privacy notice.

6. How long we keep it

We keep your sign-up submission and subsequent correspondence for as long as we have an ongoing relationship with you (i.e. while we operate your Podium shop, plus a reasonable wind-down period).

If you sign up and then decide not to proceed, we'll keep the submission for up to 12 months in case you come back, then delete it.

If you become a customer and later terminate, we follow the retention terms in our Terms of Service: a one-time data export within 14 days of request, then deletion from our systems within 30 days.

7. Your rights

Under UK GDPR you have the right to:

  • Access a copy of the personal data we hold about you.
  • Rectify inaccurate or incomplete data.
  • Erase your data ("right to be forgotten"), subject to lawful retention reasons.
  • Restrict how we process your data in some circumstances.
  • Object to processing based on legitimate interests.
  • Portability — receive your data in a structured, machine-readable format.
  • Complain to the UK Information Commissioner's Office (the ICO) at ico.org.uk if you think we've handled your data wrongly. We'd appreciate the chance to address your concern first, but you can go straight to the ICO if you prefer.

To exercise any of these rights, contact us using the details below. We'll respond within one calendar month.

8. Security

Form submissions are transmitted over TLS (HTTPS). Stored data sits inside Netlify's infrastructure, accessible only to authorised Virtually Earthed staff via Netlify's authenticated admin interface (two-factor authentication enforced). We follow standard practice for keeping account credentials secure.

No system is 100% secure. If we ever became aware of a personal data breach affecting you, we would notify you and the ICO as required by UK GDPR (within 72 hours where the breach is likely to result in a risk to your rights).

9. Changes to this notice

We may update this notice from time to time — for example, if we add a new sub-processor or change how the sign-up form works. We'll update the "Effective date" at the top, and notify customers by email if changes are material.

10. Contact us

For any privacy-related question — a request to exercise your rights, a concern about how we've handled your data, or just a question about this notice — email us at the contact address shown in the footer of the Virtually Earthed website.