Privacy Policy

Introduction

At Seraphyra, we are committed to protecting your privacy and ensuring you have a positive experience on our website. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our e-commerce platform, including all associated pages, features, and services.

We comply with the General Data Protection Regulation (GDPR), the Data Protection Act 2018, and all applicable UK data protection laws. Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our website. Your continued use of Seraphyra following the posting of revised Privacy Policy means that you accept and agree to the changes.

1. Information We Collect

1.1 Information You Provide Directly

We collect information that you voluntarily provide to us when you interact with our website and services. This includes:

• Account Registration: When you create an account, we collect your name, email address, password, phone number, and delivery address.
• Purchase Information: When you make a purchase, we collect payment details (processed securely through third-party payment providers), billing address, shipping address, and order history.
• Communication Data: When you contact us via email, phone, or contact form, we collect your name, email address, phone number, and the content of your message.
• Newsletter Subscription: If you subscribe to our newsletter, we collect your email address and communication preferences.
• Product Reviews and Ratings: When you submit reviews or ratings, we collect your name, email, rating, review text, and any images you upload.
• Survey and Feedback: When you participate in surveys or provide feedback, we collect your responses and any personal information you choose to share.

1.2 Information Collected Automatically

When you visit our website, we automatically collect certain information about your device and browsing activities:

• Device Information: We collect information about the device you use to access our website, including device type, operating system, browser type, and unique device identifiers.
• Usage Data: We track how you interact with our website, including pages visited, time spent on pages, links clicked, searches performed, and products viewed.
• Location Data: We may collect approximate location information based on your IP address to provide localized content and services.
• Cookies and Tracking Technologies: We use cookies, web beacons, pixels, and similar technologies to enhance your experience and track user behavior. See our Cookie Policy for more details.
• Log Data: Our servers automatically record information when you access our website, including IP address, access times, browser type and language, and the pages you viewed.

1.3 Information from Third Parties

We may receive information about you from third parties, including:

• Payment Processors: Information about your transactions from payment service providers.
• Delivery Partners: Tracking and delivery information from our shipping and logistics partners.
• Marketing Partners: Information about your interactions with our marketing campaigns from advertising platforms.
• Social Media: If you link your social media accounts to your Seraphyra account, we receive basic profile information.
• Analytics Providers: Aggregated and anonymized data from analytics services we use.

2. How We Use Your Information

We use the information we collect for various purposes, all in compliance with GDPR and UK data protection laws:

2.1 Service Provision and Order Fulfillment

• Processing and fulfilling your orders
• Managing your account and providing customer support
• Sending order confirmations, shipping updates, and delivery notifications
• Processing payments and refunds
• Handling returns and complaints

2.2 Marketing and Communications

• Sending newsletters and promotional emails (with your consent)
• Notifying you about changes to our services or policies
• Personalizing your experience and recommending products
• Conducting marketing campaigns and special offers
• Responding to your inquiries and feedback

2.3 Website Improvement and Analytics

• Analyzing usage patterns to improve our website functionality
• Conducting research and development for new features
• Monitoring website performance and security
• Generating anonymized statistical reports

2.4 Legal and Compliance

• Complying with legal obligations and court orders
• Preventing fraud and abuse
• Protecting our rights, privacy, safety, and property
• Enforcing our Terms of Service and other agreements

3. Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to perform our contract with you (e.g., fulfilling orders, providing services).
• Consent: You have explicitly consented to the processing (e.g., for marketing emails, newsletter subscriptions).
• Legal Obligation: We are required by law to process your data (e.g., tax compliance, fraud prevention).
• Legitimate Interests: We have a legitimate interest in processing your data that is not overridden by your rights (e.g., improving our services, preventing fraud).
• Vital Interests: Processing is necessary to protect your vital interests or those of another person.

4. Sharing Your Information

We do not sell, trade, or rent your personal information to third parties. However, we may share your information in the following circumstances:

4.1 Service Providers

We share information with trusted third-party service providers who assist us in operating our website and conducting our business, including payment processors, shipping companies, email service providers, analytics platforms, and customer support tools. These providers are contractually obligated to use your information only to provide services to us and are required to maintain the confidentiality of your information.

4.2 Legal Requirements

We may disclose your information when required by law or when we believe in good faith that disclosure is necessary to comply with legal obligations, enforce our agreements, protect the safety of our users, or protect against fraud or security issues.

4.3 Business Transfers

If Seraphyra is involved in a merger, acquisition, bankruptcy, dissolution, reorganization, or similar transaction, your information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a different privacy policy.

4.4 Aggregated and De-identified Data

We may share aggregated and de-identified information that cannot reasonably be used to identify you with third parties for marketing, advertising, analytics, and other purposes.

5. International Data Transfers

Seraphyra is based in the United Kingdom and operates primarily within the UK and EU. However, your information may be transferred to, stored in, and processed in countries other than the UK, which may have data protection laws that differ from those in the UK.

When we transfer information internationally, we implement appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission, adequacy decisions, or your explicit consent. By using Seraphyra, you consent to the transfer of your information to countries outside the UK as described in this Privacy Policy.

If you have concerns about international data transfers, please contact us at [email protected].

6. Your Rights Under GDPR and UK Data Protection Law

You have the following rights regarding your personal data:

6.1 Right of Access

You have the right to request access to your personal data that we hold. We will provide you with a copy of your data in a structured, commonly used, and machine-readable format within 30 days of your request.

6.2 Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data. We will correct your information and notify relevant third parties of the correction where applicable.

6.3 Right to Erasure (Right to be Forgotten)

You have the right to request deletion of your personal data under certain circumstances, including when the data is no longer necessary for its original purpose or when you withdraw your consent. However, we may retain data when required by law or for legitimate business purposes.

6.4 Right to Restrict Processing

You have the right to request that we limit how we use your personal data while we verify its accuracy or assess the legitimacy of our processing.

6.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller without hindrance.

6.6 Right to Object

You have the right to object to processing of your personal data for direct marketing purposes, profiling, or processing based on legitimate interests. You can opt out of marketing communications at any time.

6.7 Right to Withdraw Consent

If we process your data based on your consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing before the withdrawal.

6.8 Right to Lodge a Complaint

You have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have violated your rights under data protection law. You can contact the ICO at ico.org.uk.

To exercise any of these rights, please contact us at [email protected] or call +44 20 7946 0958. We will respond to your request within 30 days.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our website, analyze usage patterns, and deliver personalized content. Cookies are small data files stored on your device that help us remember your preferences and track your activities.

7.1 Types of Cookies We Use

• Essential Cookies: Required for website functionality, such as authentication and security features.
• Performance Cookies: Help us understand how visitors use our website to improve performance and user experience.
• Functional Cookies: Remember your preferences and settings to provide a personalized experience.
• Marketing Cookies: Track your activity across websites to deliver targeted advertising and measure campaign effectiveness.

7.2 Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to refuse cookies or alert you when cookies are being sent. However, blocking cookies may affect website functionality. For detailed information about cookies and your choices, please refer to our Cookie Policy.

8. Data Security

We take the security of your personal information very seriously and implement comprehensive technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction.

8.1 Security Measures

• Encryption: We use SSL/TLS encryption to protect data in transit, especially for sensitive information like payment details.
• Secure Servers: Our servers are protected by firewalls, intrusion detection systems, and regular security updates.
• Access Controls: We restrict access to personal data to authorized employees, contractors, and service providers who need it for their work.
• Data Minimization: We collect and retain only the minimum amount of personal data necessary for our purposes.
• Regular Audits: We conduct regular security audits and vulnerability assessments to identify and address potential risks.
• Incident Response: We have procedures in place to respond to data breaches and notify affected individuals as required by law.

8.2 Your Responsibility

While we implement strong security measures, no system is completely secure. You are responsible for maintaining the confidentiality of your account credentials and notifying us immediately of any unauthorized access to your account.

9. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, and resolve disputes. The retention period varies depending on the type of data and the purpose of processing.

9.1 Retention Periods

• Account Information: Retained for the duration of your account and for 3 years after account closure for legal and tax purposes.
• Purchase Records: Retained for 7 years for tax compliance and dispute resolution.
• Marketing Data: Retained until you unsubscribe or withdraw consent.
• Website Usage Data: Typically retained for 12-24 months for analytics purposes.
• Customer Support Records: Retained for 3 years to handle follow-up inquiries and disputes.

When data is no longer needed, we securely delete or anonymize it. If deletion is not possible, we will securely store the data and restrict its use.

10. Children's Privacy

Seraphyra is not intended for children under the age of 13, and we do not knowingly collect personal information from children under 13. If we become aware that we have collected information from a child under 13, we will take steps to delete such information and terminate the child's account.

For users between 13 and 18 years old, we provide additional privacy protections and limit the collection and use of their information. Parents or guardians who believe their child has provided information to Seraphyra should contact us immediately at [email protected].

11. Third-Party Links and Services

Our website may contain links to third-party websites and services that are not operated by Seraphyra. This Privacy Policy applies only to information collected through our website. We are not responsible for the privacy practices of third-party websites, and we encourage you to review their privacy policies before providing any personal information.

When you click on links to external websites or use third-party services integrated with our website (such as payment processors or social media platforms), you are subject to their privacy policies and terms of service.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

We will respond to your inquiry within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO).

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, and other factors. We will notify you of any material changes by posting the updated Privacy Policy on our website and updating the "Last updated" date at the top of this page.

Your continued use of Seraphyra following the posting of revised Privacy Policy means that you accept and agree to the changes. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your privacy.