Privacy Policy

Last Updated: July 1, 2025, effective date August 1, 2025

We are Manhead Merchandise, a worldwide leader in the creation, design, and production of merchandise associated with some of the world's most-iconic musical artists and bands.

As part of these services, Manhead operates certain websites, stores, and other services (which we refer to in this privacy policy as "Sites") to help our artists and bands stay connected with their fans.

This privacy policy describes Manhead's data practices, including the collection, processing, use, and sharing of data through the Sites that link to this privacy policy, along with the choices and rights you have to control these data practices.

Our Company

The Sites that link to this privacy policy are operated by Manhead LLC, located at 953 Main Street, Suite 101, Nashville, TN 37206. As used in this policy, "Manhead," "we," "us," and "our" refers to this company, who acts as a data controller and is responsible for the processing of personal data by the Sites pursuant to applicable privacy and data protection laws.

We have produced this privacy notice in order to keep you informed of how we handle your personal data. All handling of your personal data is done in compliance with applicable data protection laws, including the General Data Protection Regulation ((EU) 2016/679) and the UK General Data Protection Regulation ("UK GDPR") (collectively, "GDPR"), and applicable U.S. federal and state privacy laws, including the California Privacy Rights Act ("CPRA").

The terms "Personal Data", "Special Categories of Personal Data", "Personal Data Breach", "Data Protection Officer", "Data Controller", "Data Processor", "Data Subject" and "process" (in the context of usage of Personal Data) shall have the meanings given to them under applicable data protection laws.

UK and EU Representative. As we are based in the United States, we have appointed a representative in the UK and EU to act as a direct point of contact for data protection authorities and for our UK and EU customers. Our UK and EU Data Privacy Contact can be contacted at uksupport@manheadmerch.com.

Our Data Privacy Contact can be contacted at support@manheadmerch.com.

What are your rights under GDPR?

When reading this notice, it might be helpful to understand that your rights arising under GDPR include:

The right to be informed of how your Personal Data is used (through this notice);
The right to access any personal data held about you;
The right to rectify any inaccurate or incomplete personal data held about you;
The right to erasure where it cannot be justified that the information held satisfies any of the criteria outlined in this policy;
The right to prevent processing for direct marketing purposes, scientific/historical research or in any such way that is likely to cause substantial damage to you or another, including through profile building; and
The right to object to processing that results in decisions being made about you by automated processes and prevent those decisions being enacted.

You can exercise your right to access personal data held about you by emailing support@manheadmerch.com with the subject line: "Subject Access Request". When you submit a 'subject access request', we will need to verify your identity to confirm that we are authorized to act upon the request. Accordingly, we will ask you to provide certain information or materials in order to verify your identity. We will only use the requested materials for purposes of verifying your identity in order to comply with the Subject Access Request. We do not charge any fee for purposes of complying with a Subject Access Request and our response will be made within thirty (30) days unless our Data Privacy Contact deems your request as being excessive or unfounded. If this is the case, we will inform you of our reasonable administration costs in advance and/or any associated delays, giving you the opportunity to choose whether you would like to pursue your request. If you believe we have made a mistake in evaluating your request, please see the section 'Who can you complain to?'.

If you have questions about any of the rights mentioned in this section, please contact our Data Privacy Contact at support@manheadmerch.com.

What are your rights under U.S. State Privacy Laws?

If you are a resident of a U.S. state with a comprehensive privacy law, such as California (California Privacy Rights Act or "CPRA"), Virginia (Virginia Consumer Data Protection Act or "VDCPA"), Colorado (Colorado Privacy Act or "CPA"), Connecticut, or Utah, you have specific rights regarding your personal information. These rights, which you may exercise free of charge, include:

Right	Description
Disclosure of Personal Information We Collect About You	You have the right to know: The categories of personal information we have collected about you; The categories of sources from which the personal information is collected; Our business or commercial purpose for collecting or selling personal information; The categories of third parties with whom we share personal information, if any; and The specific pieces of personal information we have collected about you. Please note that we are not required to: Retain any personal information about you that was collected for a single one-time transaction if, in the ordinary course of business, that information about you is not retained; Reidentify or otherwise link any data that, in the ordinary course of business, is not maintained in a manner that would be considered personal information; or Provide the personal information to you more than twice in a 12-month period.
Personal Information Sold or Used for a Business Purpose	In connection with any personal information we may sell or disclose to a third party for a business purpose, you have the right to know: The categories of personal information about you that we sold and the categories of third parties to whom the personal information was sold; and The categories of personal information that we disclosed about you for a business purpose. You have the right under the California Consumer Privacy Act of 2018 (CCPA) and certain other privacy and data protection laws, as applicable, to opt-out of the sale or disclosure of your personal information. If you exercise your right to opt-out of the sale or disclosure of your personal information, we will refrain from selling your personal information, unless you subsequently provide express authorization for the sale of your personal information. To opt-out of the sale or disclosure of your personal information, email our Data Protection Lead at support@manheadmerch.com.
Right to Correct Inaccurate Information	You have the right to request that we correct any inaccurate personal information we maintain about you.
Right to Deletion	Subject to certain exceptions set out below, on receipt of a verified request from you, we will: Delete your personal information from our records; and Direct any service providers to delete your personal information from their records. Please note that we may not delete your personal information if it is necessary to: Complete the transaction for which the personal information was collected, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between you and us; Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity; Debug to identify and repair errors that impair existing intended functionality; Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law; Comply with applicable state law or an existing legal obligation; Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when our deletion of the information is likely to render impossible or seriously impair the achievement of such research, provided we have obtained your informed consent; Enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us; Otherwise use your personal information, internally, in a lawful manner that is compatible with the context in which you provided the information.
Right to Opt-Out of the Sale or Sharing of Personal Information	You have the right to opt-out of the "sale" of your personal information or the "sharing" of your personal information for cross-context behavioral advertising. To exercise this right, please email us at support@manheadmerch.com or visit our "Do Not Sell or Share My Personal Information" link on our website homepage.
Right to Limit Use of Sensitive Personal Information	You have the right to direct us to limit our use of your sensitive personal information to only that which is necessary to perform the services or provide the goods reasonably expected by an average consumer. We do not intentionally collect sensitive personal information, except where necessary to process a transaction as described in this policy.
Protection Against Discrimination	You have the right to not be discriminated against by us because you exercised any of your rights under applicable state law. This means in connection with the exercise of your rights under applicable state law we cannot, among other things: Deny goods or services to you; Charge different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties; Provide a different level or quality of goods or services to you; or Suggest that you will receive a different price or rate for goods or services or a different level or quality of goods or services. Please note that we may charge a different price or rate or provide a different level or quality of goods and/or services to you, if that difference is reasonably related to the value provided to our business by your personal information.

How to Exercise Your Rights

If you would like to exercise any of your rights as described in this Privacy Policy, please notify us in writing. You may notify us via the following methods:

Email us at support@manheadmerch.com; or
Send correspondence to us via mail or courier at Manhead LLC, attn: Data Privacy Request, 953 Main St., Ste. 101, Nashville, TN 37206.

Please note that you may only make a data access or data portability disclosure request twice within a 12-month period.

Whether you contact us via email or in writing, you will need to provide us with:

Enough information to identify you [(e.g., your full name, address and customer or matter reference number)];
Proof of your identity and address (e.g., a copy of your driving license or passport and a recent utility or credit card bill); and
A description of what right you want to exercise and the information to which your request relates.

We are not obligated to make a data access or data portability disclosure if we cannot verify that the person making the request is the person about whom we collected information or is someone authorized to act on such person's behalf. Any personal information we collect from you to verify your identity in connection with you request will be used solely for the purposes of verification.

Who is the Data Controller?

We are the Data Controller for personal data collected from customers in the United States. For customers located in the United Kingdom or the European Union, the Data Controller is our UK subsidiary, Manhead UK Ltd., which determines the purposes and means of processing your data.

In certain situations, we may share your data with third parties, such as postal carriers, courier or delivery companies, or payment providers, for the purpose of fulfilling your order. In these cases, these third parties may act as independent Data Controllers for the data they process.

What are the lawful bases for processing personal data?

Under GDPR, there must be a 'lawful basis' for the use of your personal data. The lawful bases are outlined in Article 6, Section 1 of the GDPR, which include the sub-sections: 'Your consent'; 'Performance of a contract'; 'Compliance with a legal obligation'; 'Protection of your, or another's vital interests'; 'Public interest/official authority'; and 'Our legitimate interests'.

What are Manhead 'legitimate interests'?

Legitimate interests are a flexible basis upon which the law permits the processing of an individual's personal data. To determine whether we have a legitimate interest in processing your data, we balance the needs and benefits to us against the risks and benefits for you of us processing your data. This balancing is performed as objectively as possible by individuals within our company who handle matters related to Data Privacy. You are able to object to our processing and we will consider the extent to which this affects whether we have a legitimate interest. If you would like to find out more about our legitimate interests, please contact support@manheadmerch.com.

About our processing of your data

We might collect, process, use, store or otherwise transfer different kinds of Personal Data about you which we have grouped together as follows:

Identity Data such as names, usernames or similar; marital status; title; date of birth; sex and gender.

Contact Data such as addresses; email addresses and telephone numbers.

Financial Data such as bank account and/or payment card information.

Transaction Data such as information related to purchases you have made and the payments associated therewith.

Technical Data such as IP addresses; login data; browser info; time zone; geographic location; browser plug-ins; operating systems; platforms and other technology on the device used to access the Site.

Profile Data such as usernames; passwords; security answers; purchases/orders; interests; preferences; feedback and responses to surveys, blogs and messages.

Usage Data such as analytics relating to how you use the website.

Marketing and Communications Data such as your preferences about receiving communications from us or third parties.

We do not intentionally collect any Special Categories of Data about you or any information about criminal convictions/offences. Please be aware that if you provide such information in a public forum, such as a fan community chat room, we may inadvertently process it. We advise you not to share such data in public areas of our services. For purposes of this Privacy Policy, "Special Categories of Data" such as details about race or ethnic origins, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, genetic or biometric data.

We also collect, use and share Aggregated Data such as statistical or demographic data. Aggregated Data can be derived from your Personal Data but is not itself Personal Data as it cannot be used to reveal your identity. If Aggregated Data is ever used in combination with your Personal Data and becomes identifiable, it will be treated in accordance with this notice.

Reference	What categories of information about you do we process?	Why are we processing your data?	Where did we get your personal data from?
Fan Community Management (including sign-up mailing lists, chat rooms and forums)	Identity Data Contact Data Technical Data Profile Data Marketing and Communications Data	If you join one of our fan communities (for example, a newsletter, mailing list, or other community which you subscribe to), we will use your personal data to contact you with updates related to the subject of the fan community, as well as occasionally running competitions or other community events and offering exclusive content and offers to you. These messages and websites might contain cookies, web-beacons, unique identifiers or similar to monitor our marketing distribution. This processing is conducted lawfully on the basis of 'performance of a contract'.	Directly obtained at the point of sale.
Ecommerce Sales	Identity Data Contact Data Transaction Data	Whenever we sell you a product, such as music, merchandise or tickets, we use your personal data in order to manage your order, process payments and make sure that you receive the products purchased from us. This processing is conducted lawfully on the basis of 'performance of a contract'.	Directly obtained at sign-up.
Direct Marketing	Identity Data Contact Data Transaction Data Technical Data Marketing and Communications Data	If you are a current or previous customer - providing that you haven't opted-out before or since we collected your personal data - we may occasionally send you marketing related to the products that you purchased. These messages might contain cookies, web-beacons, unique identifiers or similar to monitor our marketing distribution. This processing is conducted lawfully on the basis of 'our legitimate interests'.	Directly obtained at the point of sale.
Customer Services	Identity Data Contact Data Transaction Data Any unsolicited data you provide as part of your query	If you wish to contact us regarding an aspect of our service, including complaints or enforcing your consumer rights in relation to a product or service that we have sold you, we will use your personal data in order to investigate a claim, evaluate your needs and/or possibly take action, such as sending you a replacement product. This processing is conducted lawfully on the basis of 'performance of a contract'.	Directly obtained at the point of sale, and at the time of inquiry (if applicable).
B2B Relations	Identity Data Contact Data	If you are a customer or contractor of one of our European business partners, we may use your personal data to communicate with you and your business about achieving our respective business objectives. This processing is conducted lawfully on the basis of 'performance of a contract'.	Directly obtained from you or referred to us by one of yours or our partners.

What happens if I refuse to give Manhead my personal data?

We process some personal information as part of a contractual relationship with a Data Controller. Any requests to restrict this type of processing should be forwarded to the Data Controller; they will be responsible for discussing your concerns and making any decisions.

What do we do with Cookies?

Our website uses cookies. A cookie is a small file of letters and numbers that is stored on your device when you visit a website. When you first visit our Site, we will ask for your explicit consent to place non-essential cookies on your device. We use a cookie banner or pop-up box where you can manage your cookie preferences. You can withdraw your consent at any time. Please note that information gathered by the cookies on our site is anonymous and cannot be used to identify you personally.

We use the following types of cookie:

Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website and to use a shopping cart. These cookies are active by default and do not require your consent.
Functionality cookies. These are used to recognize you when you return to our website. This enables us to personalize our content for you, greet you by name and remember your preferences. We will only use these cookies with your consent.
Analytical/performance cookies. They allow us to recognize and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily. Some of these are third party cookies which analyze website usage. We will only use these cookies with your consent.
Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We use this information to make our website and the advertising displayed on it more relevant to your interests. This information is anonymous and cannot identify you personally, but we may share it with third parties to help tailor advertising to your particular interests. We will only use these cookies with your consent.

You can block cookies by activating settings on the website browser that you are using. However, if you use the settings to block all cookies (including essential cookies) you may not be able to fully access all areas of our Site. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org.

How long will your personal data be kept?

Manhead holds different categories of personal data for different periods of time. Wherever possible, we will endeavor to minimize the amount of personal data that we hold and the length of time for which it is held.

Except as otherwise stated herein, we retain your personal data for no longer than is necessary for the purposes for which it was collected and processed. The length of time we retain personal data depends on the purposes for which we collect and use it, and/or as required to comply with applicable laws and to establish, exercise or defend our legal rights. For example, we will retain data related to your purchases to fulfill our contractual obligations, and for a period afterwards to comply with legal and tax requirements.

If we process your data on the basis of 'legitimate interests', we will retain your data for as long as the purpose for which it is processed remains active. We review the status of our legitimate interests every twelve (12) months and will update this notice whenever we determine that either a legitimate interest no longer exists or that a new one has been found.

Who else will receive your personal data?

Manhead passes your data to the third parties listed in the section 'Third Party Interests' below.

Does your data leave the UK/EU?

Yes. Details are included in the section 'Third Party Interests' below.

Third Party Interests

Our Data Processors

Name/Category of Third Party Processor	Purposes for carrying out processing	International Data Transfers & Safeguards
Web hosting providers	Website hosting, including the storage of data forming the website content and processing your Technical Data (and Profile Data, where applicable) in order to provide you with access to our websites.	Your personal data may be transferred to and processed in the United States. For transfers from the UK and EU, we rely on appropriate safeguards, such as certification to the EU-U.S. Data Privacy Framework (DPF) and the UK Extension to the DPF, and/or the use of Standard Contractual Clauses (SCCs), the UK's International Data Transfer Agreement (IDTA), or the UK Addendum.
Internal technology providers	Software providers, whose services we use in order to manage our business with you. Telephony providers. Office software providers, such as email clients.	Your personal data may be transferred to and processed in the United States. For transfers from the UK and EU, we rely on appropriate safeguards, such as certification to the EU-U.S. Data Privacy Framework (DPF) and the UK Extension to the DPF, and/or the use of Standard Contractual Clauses
Marketing technology providers	Providers who enable us to send you our marketing emails and push targeted web advertising.	Your personal data may be transferred to and processed in the United States. For transfers from the UK and EU, we rely on appropriate safeguards, such as certification to the EU-U.S. Data Privacy Framework (DPF) and the UK Extension to the DPF, and/or the use of Standard Contractual Clauses (SCCs), the UK's International Data Transfer Agreement (IDTA), or the UK Addendum.

Who can you complain to?

In addition to sending us your complaints directly to support@manheadmerch.com, you can send complaints to our supervisory authority. As Manhead processes the data of UK and EU residents, our lead supervisory authority is the UK's Information Commissioner's Office (ICO). If you believe that we have failed in our compliance with data protection legislation, complaints to this authority can be made by visiting https://ico.org.uk/concerns/. If you are a resident of the European Union, you also have the right to lodge a complaint with the data protection authority in your country of residence.

Text marketing: With your permission, we may send text messages or direct messages about our store, new products, and other updates. Updates include Checkout Reminders. Webhooks or other automated agents and/or programs may be used to trigger the Checkout Reminders messaging system, as well as other text messages or direct messages.