top of page

Privacy Policy

A Legal Disclaimer

Privacy Policy for theokretroera.shop

 

Last Updated: July 17, 2025

Welcome to theokretroera.shop. This Privacy Policy explains how we collect, use, share, and protect your personal data when you use our website, www.theokretroera.shop. We are committed to protecting your privacy and complying with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).  

Personal data is any information that can directly or indirectly identify you.  

 

1. Information We Collect

 

We collect various types of personal data when you visit our website, place an order, create an account, subscribe to our newsletter, contact us, or interact with our services.  

Categories of personal data collected:

  • Directly Identifiable Data: Name, email address, phone number, residential address, billing address, shipping address, payment details (e.g., credit card information).  

  • Indirectly Identifiable Data/Online Identifiers: IP addresses, cookie identifiers, location data, browsing behavior, device data (e.g., device type, browser information), and activity logs.  

  • Transactional Data: Order history, purchase details.  

 

2. How We Use Your Information and Legal Bases for Processing

 

We only collect and use your personal data when we have a legitimate reason to do so. In such instances, we only collect personal data that is reasonably necessary to provide our services to you.  

Purposes of data use and legal bases:

  • Order Fulfillment and Payment Processing: To process transactions, manage orders, and deliver products.

    • Legal Basis: Contractual necessity.  

  • Customer Service: To respond to inquiries, manage returns, and provide support.

    • Legal Basis: Contractual necessity, Legitimate interest.  

  • Account Management: To create and manage user accounts.

    • Legal Basis: Contractual necessity.  

  • Marketing and Advertising: Sending promotional materials, newsletters, personalized product recommendations, and targeted advertisements.

    • Legal Basis: Consent (for email marketing, personalized recommendations), Legitimate interest (for certain abandoned cart emails).  

  • Website Improvement and Analytics: To understand customer behavior, optimize website functionality, and enhance user experience.

    • Legal Basis: Consent (for analytics/advertising), Legitimate interest (for essential functionality).  

  • Security and Fraud Prevention: To protect against unauthorized access, detect fraudulent activities, and ensure transaction security.

    • Legal Basis: Legitimate interest, Legal obligation.  

  • Legal Compliance: Fulfilling legal obligations, such as maintaining tax records.

    • Legal Basis: Legal obligation.  

 

3. How We Share Your Information

 

We may disclose personal data to the following categories of third parties to enable them to provide services on our behalf or to fulfill legal obligations.  

Categories of recipients:

  • Third-party service providers (e.g., payment gateways, shipping providers, marketing platforms, cloud storage services, analytics providers).  

  • Our employees, contractors, and/or affiliated entities.  

  • Our existing or potential agents or business partners.  

  • Law enforcement or other regulatory bodies, if required by law.

Data Processing Agreements (DPAs) and Data Sharing Agreements (DSAs): We require all third-party service providers who process personal data on our behalf to enter into appropriate Data Processing Agreements (DPAs) with us. These agreements define the scope of data processing, the roles and responsibilities of each party, security measures, data breach notification procedures, and how data should be handled after processing is complete. Where we share data with other independent controllers, we may enter into Data Sharing Agreements (DSAs) to clearly define roles and responsibilities.  

International Data Transfers: If your personal data is transferred outside the UK or the European Economic Area (EEA), we ensure that such transfers are protected by appropriate safeguards, such as Standard Contractual Clauses or adequacy decisions, in compliance with the UK GDPR.  

 

4. Security of Your Personal Data

 

We implement appropriate technical and organizational security measures to protect your personal data from loss, theft, unauthorized access, disclosure, copying, use, or modification.  

Security measures include:

  • Encryption: Encrypting sensitive data both in transit (e.g., SSL/TLS for website traffic) and at rest (e.g., encrypted databases).  

  • Access Controls: Implementing strict, role-based access controls to limit who can view or modify customer data.  

  • Multi-Factor Authentication (MFA): Requiring additional verification steps to access sensitive systems or customer data.  

  • Secure Servers and Systems: Storing data on secure servers and protecting information with strong, hard-to-guess passwords and reliable antivirus software.  

Audits and Training: We regularly conduct security audits to identify vulnerabilities and ensure our security measures are up-to-date. Our staff are trained on best practices for handling personal data and recognizing security threats.  

 

5. How Long We Keep Your Personal Data

 

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected or to comply with legal obligations.  

Retention periods vary depending on the category of data and the purpose of its processing. For example, transactional data may be kept for the period required by tax regulations (e.g., 6-7 years), and user account data until the account is deleted.  

Once the retention period expires, your personal data will be securely deleted or anonymized.  

 

6. Your Data Protection Rights

 

Under the UK GDPR, you have the following rights regarding your personal data :  

  • Right to be informed: You have the right to be informed about how your personal data is collected and used.  

  • Right of access: You have the right to request confirmation of whether we are processing your personal data and to obtain a copy of your personal data (Subject Access Request - SAR).  

  • Right to rectification: You have the right to request the correction of inaccurate or incomplete personal data.  

  • Right to erasure (right to be forgotten): You have the right to request the deletion of your personal data under certain conditions (e.g., data no longer needed for the original purpose, withdrawal of consent, unlawful processing).  

  • Right to restrict processing: You have the right to request the restriction of processing of your data under certain conditions (e.g., questioning the accuracy of the data).  

  • Right to data portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it directly to another controller.  

  • Right to object: You have the right to object to the processing of data based on legitimate interests or for direct marketing purposes. The right to object to direct marketing is absolute.  

  • Rights in relation to automated decision-making and profiling: You have the right not to be subject to a decision based solely on automated processing (including profiling) which produces legal effects concerning you or similarly significantly affects you, unless it is necessary for entering into a contract, authorized by law, or based on explicit consent.  

How to exercise your rights: To exercise any of these rights, please contact us using the contact details provided in the "Contact Us" section. We will respond to your request without undue delay and at the latest within one month of receipt. For complex or multiple requests, this period may be extended by two further months, and you will be informed of this extension within the first month. We generally do not charge a fee for exercising your rights, unless the request is "manifestly unfounded or excessive".  

 

7. Cookies and Tracking Technologies

 

Our website uses cookies and similar tracking technologies to enhance your experience, analyze site traffic, and deliver personalized advertisements.  

Your consent: In accordance with PECR, we obtain your explicit consent before placing cookies on your device, except for those strictly necessary for the website's operation. This means we do not use pre-ticked checkboxes, and you must actively opt-in to the use of cookies.  

Types of cookies: We use various types of cookies, including essential cookies (for website functionality), analytics/performance cookies (to understand user behavior), functional cookies (to remember preferences), and targeting/advertising cookies (to deliver personalized ads).  

Managing your cookie preferences: You can manage your cookie preferences through our cookie preference center, which is accessible on our website. You can also opt-out of data collection by cookies by adjusting your browser settings.  

 

8. Children's Privacy

 

Our website is not intended for children under the age of 16. If we collect personal data from individuals under 16, we will obtain consent from a parent or legal guardian. Our privacy policy clearly outlines information about how data from minors is collected, what information it includes, how it is used, and whether it is shared with third parties.  

 

9. Changes to This Privacy Policy

 

We may update this Privacy Policy from time to time to reflect changes in our data practices or legal requirements. Any changes will be posted on this page, and the "Last Updated" date will be revised. We encourage you to review this Privacy Policy periodically for the latest information on our privacy practices.  

 

10. Contact Us

 

If you have any questions or concerns about this Privacy Policy or our data protection practices, please contact us at :  

Email Address: info.theokretroera@gmail.com

Privacy Policy - The Basics

What to Include in the Privacy Policy

bottom of page