Privacy & Cookie Policy

1. What Data We Collect

• Identity: your name
• Contact: email address, phone number, delivery address
• Transaction: details of orders and payments
• Technical: IP address, browser type, pages visited, device information
• Marketing: your preferences for receiving communications from us

2. How We Collect It

• When you place an order or create an account
• When you contact us by email, phone, or WhatsApp
• When you subscribe to our newsletter
• Automatically, via cookies and analytics tools when you browse our site

3. Lawful Basis for Processing

• Contract — to process and fulfil your orders
• Legal obligation — to comply with tax and accounting laws
• Legitimate interests — to improve our website and prevent fraud
• Consent — to send marketing emails (you can withdraw at any time)

4. How We Use Your Data

• To process and deliver your orders
• To respond to your enquiries
• To send marketing where you have opted in
• To improve our website and services
• To comply with legal obligations

5. Who We Share Your Data With

We only share your data where necessary:

• Shopify Inc — our e-commerce platform
• Payment processors (e.g. Stripe, PayPal) — we do not store card details
• Delivery couriers — your name and address only
• Email service providers — for order confirmations and marketing
• HMRC and regulators — where required by law

We do not sell your personal data to third parties.

6. International Transfers

Some service providers operate outside the UK and EU. Where this occurs, we ensure appropriate safeguards are in place (such as Standard Contractual Clauses or UK adequacy decisions) in accordance with UK GDPR and EU GDPR.

7. How Long We Keep Your Data

• Order records: 7 years (legal and tax obligation)
• Marketing preferences: until you unsubscribe or request deletion
• Account data: until you request deletion or after 3 years of inactivity

8. Your Rights

Under UK GDPR and EU GDPR, you have the right to:

• Access — request a copy of the data we hold about you
• Rectification — ask us to correct inaccurate data
• Erasure — ask us to delete your data (where no legal obligation to retain it applies)
• Restriction — ask us to pause processing of your data
• Portability — receive your data in a structured, machine-readable format
• Object — to processing based on legitimate interests or direct marketing
• Withdraw consent — at any time where processing is based on consent

To exercise any right, email support@lashheaven.co.uk. We will respond within 30 days.

9. Complaints

If you are unhappy with how we have handled your data, you may lodge a complaint with:

• UK: Information Commissioner’s Office (ICO) — ico.org.uk or call 0303 123 1113
• EU: Your local data protection supervisory authority

10. Cookie Policy

Cookies are small text files stored on your device when you visit our website. We use them to make the site work and to understand how it is used.

You can manage or withdraw cookie consent at any time by clearing your cookies and revisiting our site, or by adjusting your browser settings.

11. Changes to This Policy

We may update this policy periodically. The “Last updated” date at the top will reflect any changes. Continued use of our site after any update constitutes acceptance of the revised policy.