🔐 Privacy Policy

ONLY YOU FASHION LTD

1. Data Controller

The controller of your personal data is:

ONLY YOU FASHION LTD
1 Sunvale Close
Southampton, Hampshire
SO19 8LX
United Kingdom
Company Number: 16483144
Email: onlyyoufashion77@outlook.com

The Data Controller determines the purposes and means of processing personal data and ensures that such processing complies with applicable data protection legislation, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Categories of Personal Data

We may collect and process the following categories of personal data:

  • Identification Data: name and surname.
  • Contact Data: billing and delivery address, email address, telephone number.
  • Transaction Data: details of purchases, order history, and payment status.
  • Financial Data: limited payment information necessary to process transactions (processed primarily by external payment providers).
  • Technical Data: IP address, browser type, operating system, device identifiers.
  • Usage Data: information regarding how the website is accessed and used.
  • Marketing and Communication Data: preferences regarding the receipt of marketing communications.

3. Purposes and Legal Bases for Processing

Personal data are processed for the following purposes and on the respective legal bases:

Purpose of Processing Legal Basis (UK GDPR)
Processing and fulfilment of orders Article 6(1)(b) – performance of a contract
Customer service and communication Article 6(1)(b) – performance of a contract
Compliance with legal obligations (e.g., accounting and tax) Article 6(1)(c) – legal obligation
Fraud prevention and website security Article 6(1)(f) – legitimate interests
Marketing communications Article 6(1)(a) – consent
Analytics and service improvement Article 6(1)(f) – legitimate interests
Establishment, exercise, or defence of legal claims Article 6(1)(f) – legitimate interests

Where processing is based on legitimate interests, we ensure that such interests are not overridden by the rights and freedoms of the data subjects.

4. Recipients of Personal Data

Personal data may be disclosed to the following categories of recipients, strictly to the extent necessary for the purposes indicated:

4.1 Payment Service Providers

To process payments securely, we may share personal data with trusted payment operators, such as:

  • PayPal
  • Klarna
  • Stripe
  • Other payment providers available at checkout

These entities act as independent data controllers and process data in accordance with their own privacy policies.

4.2 Delivery and Logistics Providers

To fulfil orders, personal data may be shared with courier companies responsible for delivering shipments.

4.3 IT and Hosting Service Providers

We may engage third-party providers for website hosting, maintenance, analytics, and technical support.

4.4 Professional Advisors and Authorities

Where required by law, personal data may be disclosed to legal advisors, accountants, auditors, or public authorities.

5. International Transfers of Personal Data

Where personal data are transferred outside the United Kingdom, such transfers are carried out in compliance with applicable legal requirements. Appropriate safeguards are implemented, including:

  • Adequacy regulations issued by the UK government, or
  • Standard Contractual Clauses (SCCs) approved for international data transfers.

6. Data Retention

Personal data are retained only for as long as necessary to fulfil the purposes for which they were collected:

Category Retention Period
Order and financial records Up to 6 years (legal and tax obligations)
Customer service correspondence Up to 3 years
Marketing data Until consent is withdrawn
Technical and analytics data As required for analytical purposes

After the expiry of the applicable retention periods, personal data are securely deleted or anonymised.

7. Rights of Data Subjects

Under the UK GDPR, data subjects are entitled to exercise the following rights:

  1. Right of Access – to obtain confirmation as to whether personal data are being processed and to access those data.
  2. Right to Rectification – to request correction of inaccurate or incomplete data.
  3. Right to Erasure (“Right to be Forgotten”) – to request deletion of personal data where legally permissible.
  4. Right to Restriction of Processing – to limit the processing of personal data in certain circumstances.
  5. Right to Data Portability – to receive personal data in a structured, commonly used, and machine-readable format.
  6. Right to Object – to object to processing based on legitimate interests or for direct marketing purposes.
  7. Right to Withdraw Consent – where processing is based on consent, without affecting the lawfulness of prior processing.
  8. Right to Lodge a Complaint – with the Information Commissioner’s Office (ICO) if you believe that your data protection rights have been infringed.

ICO Contact Details:
Information Commissioner’s Office
Website: https://www.ico.org.uk
Helpline: 0303 123 1113

Requests relating to the exercise of these rights should be submitted to:
📧 onlyyoufashion77@outlook.com

8. Automated Decision-Making and Profiling

Personal data may be processed using automated tools for purposes such as fraud prevention, order risk assessment, or personalised marketing. Such processing does not produce legal effects concerning the data subject or similarly significantly affect them.

Where profiling is used for marketing purposes, it is based on legitimate interests or the user’s consent, and individuals have the right to object to such processing at any time.

9. Cookies and Similar Technologies

Our website uses cookies and similar technologies to ensure its proper functioning and to enhance user experience.

9.1 Types of Cookies

  • Strictly Necessary Cookies: essential for website operation (e.g., shopping cart functionality).
  • Analytical Cookies: used to analyse website traffic (e.g., Google Analytics).
  • Functional Cookies: remember user preferences.
  • Marketing Cookies: used for advertising and remarketing (e.g., Meta Pixel, Google Ads).

9.2 Legal Basis

  • Necessary cookies are processed based on legitimate interests.
  • Analytical and marketing cookies are used only with the user’s prior consent, in accordance with the Privacy and Electronic Communications Regulations (PECR).

Users can manage their cookie preferences through the cookie banner or browser settings.

10. Logic of Data Processing

Personal data are processed in a transparent and proportionate manner, limited to what is necessary to achieve the specified purposes. The logic of processing includes:

  • Order Fulfilment: Data provided during checkout are used to process payment, arrange delivery, and communicate order status.
  • Customer Support: Contact information is used to respond to enquiries and resolve issues.
  • Fraud Prevention: Transaction and technical data are analysed to detect and prevent fraudulent activities.
  • Marketing Communications: Where consent is given, contact details are used to send promotional information.
  • Website Analytics: Aggregated data are analysed to improve website performance and user experience.

No decisions producing legal or similarly significant effects are made solely on the basis of automated processing.

11. Data Security

The Data Controller implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

  • SSL encryption,
  • Access control mechanisms,
  • Secure data storage,
  • Regular security assessments.

12. Updates to This Privacy Policy

This Privacy Policy may be updated from time to time to reflect changes in legal requirements or operational practices. The latest version will always be available on our website and will indicate the effective date.

13. Contact

For any questions regarding this Privacy Policy or the processing of personal data, please contact:

ONLY YOU FASHION LTD
1 Sunvale Close
Southampton, Hampshire
SO19 8LX
United Kingdom
Company Number: 16483144
📧 Email: onlyyoufashion77@outlook.com