Privacy and Security

This Privacy Notice tells you about who we are and how we collect, store and use your personal data when you interact with us.

This Privacy Notice is under continual review and may be updated.

Who are we and what is our contact information?

We are one company operating under several brands. These brands are:

  • Merlin Archery
  • Mybo
  • Timber Creek
  • Archery Legends Experience 

The official company name is Merlin Archery Limited.

We are a Private Limited Company, registration number 06930639.

Our VAT registration number is GB-507-8408-40

Our head office and main business premises is located at:

Merlin Archery Limited
329 Wetmore Road
Burton upon Trent
East Staffordshire
DE14 1SP

You can contact us by phone on 01283 296147 or by email [email protected] or by post at the address above.

What information do we store about you?

We store information that is relevant and necessary for the purpose it was intended.

If you have placed an order with us, then we will need to store the following:

  • Name
  • Invoice Address
  • Delivery Address
  • Email Address
  • Phone Number
  • Date of Birth if purchasing age restricted products
  • Proof of Age (Where the law requires it) if purchasing age restricted products

We also store your order history and account preferences.

If you visit our store or car parks, your image may be captured on CCTV.

If you wish to purchase an age restricted product we will need to obtain proof of age and will keep a copy of the document you provided.

If you send us an email, your email address and email correspondence will be stored.

If you sign a waiver to enable participation in an activity, your signature will be stored.

If you join our archery club, your name, address, contact details and date of birth (if under 18) will be stored.

If you have subscribed to our newsletter, your email address will be stored.

Other information collected when placing an order with us may include your IP address, browser type, geographical location, time and cookies.

We do not store or collect credit/debit card numbers.

How do we collect it?

The vast majority of personal data is collected when you explicitly give it to us. For example, when you:

  • Create an account on our website
  • Make a purchase over the phone, online or in-store
  • Contact us
  • Join our archery club
  • Sign up to our newsletter
  • Engage with us on social media
  • Sign a waiver

If you engage with us on social media, we may have access to information you have chosen to share with us via your social media settings.

When you browse our website, information is collected for statistical analysis. For example, browser type, items added to your shopping basket and geographical location.

What do we use it for?

We use it only for lawful and legitimate reasons. For example, to fulfil your order and to respond to your questions.

We operate a CCTV system for security and crime prevention reasons. Your image may be captured if visiting our stores or car parks.

We will only send you marketing information if you have explicitly agreed to receive it, and you can unsubscribe from our marketing activities at any time.

We will use your personal data internally to monitor sales trends, to improve our goods and services, and to comply with relevant law.

Who do we share it with?

It is necessary to share your personal data with third parties to fulfil our obligations to you.

For example:

Your data will be shared with third party logistics companies to deliver your order.

Your name and address may be shared with a company to verify a suspected fraudulent transaction.

We may be required to share your information with the police, or other regulatory body should a request be made.

In all cases it will be only with trusted third parties and only for the exact purpose it was intended for.

How do we keep it secure?

We know your personal data is sensitive and we take precautions to protect it.

Your personal data is password protected with restricted access granted only to the appropriate Merlin Archery employees.

We do not store any credit or debit card numbers. All payment processing is done by a third party, such as sagepay or paypal.

The check out areas of our website are secured with ‘SSL’ encryption technology.

Note: You can see when you are on a page using ‘SSL’ by looking for the ‘Golden Padlock’. It’s location may be different depending on the browser you use. e.g. Internet Explorer shows the padlock in the address bar, but Mozilla Firefox shows it in the bottom right hand corner.

We regularly review our security measures and take all reasonable precautions to keep your data secure.

How long do we keep it for?

We keep your data for as long as we have a relationship with you.

In some cases we are required to keep your information for minimum periods. For example, HMRC law requires us to maintain financial records for a minimum of 6 years.

Your rights and how to exercise them.

New GDPR regulations give you the right to request the information we hold on you as well as your right to have your personal data removed.

Right to Access: If you need to know what information we hold on you, please contact us.

Right to Correct: If the information we hold on you is incorrect, and you wish it to be corrected, please contact us.

Right to be Forgotten: If you wish for the information we hold on you to be deleted, please contact us. This is not always possible if, for legal or regulatory reasons, we are obliged to maintain records.

Contacting the Regulator.

If you have a concern about how we handle your data, you can report it to the Information Commissioner's Office by calling 0303 123 1113 or visiting their website at