Privacy policy
This Privacy Policy explains how SPACE BRO TRADING CO., LTD (the "Company"), registered at UNIT 1804, SOUTH BANK TOWER, 55 UPPER GROUND, LONDON, SE1 9EY, UNITED KINGDOM, collects, uses, stores, and protects your personal data when you access or use www.eveliliya.com (the "Website") and purchase women's clothing and accessories (the "Goods") from the Company. By accessing the Website, creating an account, or placing an order, you consent to the practices described in this Privacy Policy.
The Company complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, as well as the European Union (EU) General Data Protection Regulation (GDPR) for users within the EU. This Policy outlines your rights regarding your personal data and how you can exercise them.
1. Data Controller & Applicable Law
The data controller responsible for processing your personal data is SPACE BRO TRADING CO., LTD. Your personal data is processed in accordance with the UK GDPR, the Data Protection Act 2018, and the EU GDPR (for EU residents), and other applicable data protection laws.
2. Types of Personal Data We Collect
We collect personal data that you provide to us voluntarily, as well as data automatically collected when you use the Website. The types of personal data we collect include:
2.1 Personal Data You Provide
- Account information: Email address, password (encrypted), first and last name, and any other information you provide when creating an account on the Website.
- Order and shipping information: Shipping address, contact telephone number,收货人 name, and payment details (note: we do not store full payment card details; these are processed by our third-party payment providers).
- Communication data: Emails, messages, or other communications you send to our customer service team (e.g., queries about orders, returns, or support).
- Marketing preferences: Information about whether you wish to receive marketing communications from us (e.g., newsletters, promotional offers).
2.2 Automatically Collected Data
- Device and browser information: Device model, operating system, browser type and version, unique device identifiers, and IP address.
- Usage data: Pages you visit on the Website, products you view, search queries, time spent on the Website, and your browsing path. This data is collected using cookies and similar tracking technologies (see Section 7).
- Location data: Rough location based on your IP address (we do not collect precise location data unless you explicitly authorize it).
3. How We Collect Your Personal Data
We collect your personal data through the following methods:
- When you create an account on the Website;
- When you place an order for Goods on the Website;
- When you contact our customer service team (via email, or other communication channels);
- Through cookies and similar tracking technologies (see Section 7);
- From third-party sources (e.g., payment processors, who provide us with payment confirmation details; and shipping providers, who provide us with delivery status updates).
4. Purpose of Processing Your Personal Data
We process your personal data for the following legitimate purposes, in compliance with data protection laws:
- To create and manage your account, and provide you with access to the Website's features;
- To process and fulfill your orders (including verifying payment, arranging shipping, and sending order confirmations and delivery updates);
- To provide customer support and respond to your queries, complaints, or requests;
- To improve the Website, our products, and services (by analyzing usage data to identify trends and user preferences);
- To send you marketing communications (only if you have opted in to receive them; you can unsubscribe at any time);
- To prevent fraud, protect the security of the Website and your account, and comply with legal obligations (e.g., tax and accounting requirements).
5. Legal Basis for Processing
We process your personal data based on the following legal bases, as required by the UK GDPR and EU GDPR:
- Performance of a contract: To process your orders and provide the services you have requested (e.g., delivering Goods to your address).
- Legitimate interest: To improve our Website and services, prevent fraud, and send you marketing communications (where this does not override your privacy rights).
- Consent: To send you marketing communications (you can withdraw your consent at any time by clicking the "unsubscribe" link in our emails or contacting us).
- Compliance with legal obligations: To meet our legal, tax, and accounting requirements.
6. Sharing Your Personal Data
We do not sell, rent, or share your personal data with third parties for their own marketing purposes. We may share your personal data with the following third parties, who act as data processors on our behalf:
- Payment processors: To process your payment securely (they only receive the information necessary to complete the payment, such as your payment card details).
- Shipping and logistics providers: To deliver your orders and provide delivery updates (they receive your shipping address and contact details).
- IT and analytics providers: To maintain the Website, analyze usage data, and improve our services (they only process data in accordance with our instructions).
We ensure that all third-party processors comply with data protection laws and have appropriate security measures in place to protect your personal data. We do not share your personal data with any other third parties unless required by law (e.g., to comply with a court order or regulatory request).
7. Cookies and Similar Tracking Technologies
We use cookies and similar tracking technologies (e.g., web beacons, pixel tags) to collect usage data and improve your experience on the Website. Cookies are small text files stored on your device that allow us to recognize your browser and remember your preferences.
The types of cookies we use include:
- Strictly necessary cookies: Essential for the Website to function (e.g., to maintain your shopping cart or log-in status). These cookies cannot be disabled.
- Performance cookies: Collect data about how you use the Website (e.g., which pages you visit) to improve the Website's performance and user experience.
- Functional cookies: Remember your preferences (e.g., language, currency) to personalize your experience.
- Marketing cookies: Used to send you personalized marketing communications (only if you have opted in). These cookies can be disabled.
You can manage your cookie preferences through your browser settings (e.g., to block or delete cookies). However, disabling certain cookies may affect the functionality of the Website.
8. Data Storage and Security
We store your personal data securely in the European Union (EU) or the United Kingdom (UK), in compliance with data protection laws. We take appropriate technical and organizational security measures to protect your personal data from unauthorized access, loss, damage, or disclosure, including:
- Encrypting sensitive data (e.g., passwords, payment information);
- Restricting access to personal data to authorized personnel only;
- Regularly updating our security systems and protocols;
- Conducting security audits to identify and address potential vulnerabilities.
We retain your personal data for as long as necessary to fulfill the purposes for which it was collected, or as required by law. For example:
- Account information: Retained for as long as your account is active, plus 7 years after account closure (to comply with tax and accounting requirements);
- Order information: Retained for 7 years after the order is completed (to comply with legal and regulatory obligations);
- Marketing data: Retained until you unsubscribe or request deletion.
9. Your Data Rights
Under the UK GDPR and EU GDPR, you have the following rights regarding your personal data:
- Right to access: You can request a copy of the personal data we hold about you.
- Right to rectification: You can request that we correct any inaccurate or incomplete personal data we hold about you.
- Right to erasure (right to be forgotten): You can request that we delete your personal data, where it is no longer necessary for the purposes for which it was collected.
- Right to restriction of processing: You can request that we restrict the processing of your personal data (e.g., if you dispute the accuracy of the data).
- Right to data portability: You can request a copy of your personal data in a machine-readable format, to transfer to another data controller.
- Right to object: You can object to the processing of your personal data for marketing purposes or on grounds relating to your particular situation.
- Right to withdraw consent: If we process your data based on your consent (e.g., for marketing), you can withdraw your consent at any time.
To exercise any of these rights, please contact us at wayne@dramapapa.com. We will respond to your request within one month of receipt, and will not charge you for exercising your rights (unless your request is unfounded, excessive, or repetitive).
10. Third-Party Links
The Website may contain links to third-party websites (e.g., social media platforms, payment providers). This Privacy Policy does not apply to third-party websites, and we are not responsible for the privacy practices of these websites. We recommend that you review the privacy policies of any third-party websites you visit.
11. Policy Updates
We may update this Privacy Policy from time to time to reflect changes in data protection laws, our business practices, or the Website's features. Any updates will be posted on the Website, and the "Effective Date" at the top of this Policy will be updated. We encourage you to review this Policy regularly to stay informed about how we protect your personal data.
12. Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data, please contact us at:
Email: wayne@dramapapa.com
Website: www.eveliliya.com
If you are not satisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) or the relevant data protection authority in your EU member state.