Privacy Policy

1. Introduction

This Privacy Policy explains how Retailgraceful ("we," "us," or "our") collects, uses, discloses, and protects your personal information when you visit our website at https://retailgraceful.world or use our services. We are committed to protecting your privacy and ensuring that your personal data is handled in accordance with the General Data Protection Regulation (GDPR), the UK Data Protection Act 2018, and other applicable data protection laws.

By using our website or services, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your personal information as described herein.

2. Data Controller Information

The data controller responsible for your personal information is:

Retailgraceful
The Greenhouse, Gibb Street
Digbeth, Birmingham B9 4AA
United Kingdom
Phone: +44 121 212 1212
Email: ask@retailgraceful.world

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us using the information provided above.

3. Information We Collect

We collect various types of information to provide and improve our services to you. The categories of personal data we collect include:

3.1 Information You Provide Directly

When you interact with our website or place an order, you may provide us with the following information:

• Contact Information: Full name, email address, phone number, and postal address
• Order Information: Product selections, quantities, delivery preferences, and any special instructions or messages
• Payment Information: Billing address and payment method details (note: we do not store complete credit card numbers; payment processing is handled by secure third-party payment processors)
• Communication Data: Any correspondence you send to us via email, contact forms, or other communication channels, including the content of your messages and associated metadata
• Account Information: If you create an account, we collect username, password (stored in encrypted form), and account preferences

3.2 Information Collected Automatically

When you visit our website, we automatically collect certain technical information through cookies and similar technologies:

• Device Information: IP address, browser type and version, operating system, device type, and unique device identifiers
• Usage Data: Pages visited, time spent on pages, links clicked, referring website addresses, date and time of visits, and navigation paths through our website
• Location Data: Approximate geographic location based on IP address
• Cookie Data: Information stored in cookies and similar tracking technologies (see our Cookies Policy for more details)

3.3 Information from Third Parties

We may receive information about you from third-party sources, including:

• Payment processors who provide transaction confirmation and fraud prevention services
• Delivery service providers who update us on delivery status
• Analytics providers who help us understand website usage patterns
• Marketing platforms that help us manage customer communications

4. Legal Basis for Processing

Under GDPR, we must have a legal basis for processing your personal data. We process your personal information under the following legal grounds:

• Contractual Necessity: Processing is necessary to fulfill our contract with you, including processing orders, delivering products, and providing customer support
• Consent: You have given explicit consent for us to process your personal data for specific purposes, such as marketing communications or optional cookies
• Legitimate Interests: Processing is necessary for our legitimate business interests, such as fraud prevention, network security, improving our services, and direct marketing (where not requiring consent)
• Legal Obligation: Processing is necessary to comply with legal obligations, such as tax reporting, record-keeping requirements, and responding to lawful requests from authorities

5. How We Use Your Information

We use the personal information we collect for the following purposes:

5.1 Order Processing and Fulfillment

• Processing and fulfilling your orders
• Communicating with you about your orders, including order confirmation, shipping updates, and delivery notifications
• Processing payments and preventing fraudulent transactions
• Managing returns, refunds, and exchanges
• Providing customer support and responding to your inquiries

5.2 Service Improvement and Personalization

• Analyzing website usage to improve our website design, functionality, and user experience
• Understanding customer preferences and behavior to personalize your experience
• Conducting research and analysis to develop new products and services
• Testing new features and functionality

5.3 Marketing and Communications

• Sending you promotional emails about new products, special offers, and other information we think may interest you (only with your consent or where permitted by law)
• Displaying targeted advertisements on third-party platforms
• Conducting surveys and requesting feedback to improve our services
• Sending you important updates about our terms, policies, or services

5.4 Legal and Security Purposes

• Complying with legal obligations, including tax and accounting requirements
• Protecting against fraud, unauthorized transactions, claims, and other liabilities
• Enforcing our terms of service and other agreements
• Responding to legal requests from law enforcement or regulatory authorities
• Protecting the security and integrity of our website and systems

6. Data Sharing and Disclosure

We do not sell your personal information to third parties. However, we may share your information with the following categories of recipients:

6.1 Service Providers

We engage trusted third-party service providers to perform functions on our behalf, including:

• Payment processors to handle secure payment transactions
• Shipping and logistics companies to deliver your orders
• Email service providers to send communications
• Web hosting and cloud storage providers
• Analytics providers to help us understand website usage
• Customer relationship management (CRM) platforms
• Marketing and advertising platforms

These service providers are contractually obligated to use your personal information only for the purposes we specify and to implement appropriate security measures.

6.2 Legal Requirements

We may disclose your personal information if required to do so by law or in response to:

• Valid legal processes, such as court orders or subpoenas
• Requests from law enforcement or regulatory authorities
• Protection of our legal rights, property, or safety, or that of others
• Investigation of potential violations of our terms of service
• Prevention or investigation of fraud or security issues

6.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your personal information may be transferred to the successor entity. We will notify you of any such change and the choices you may have regarding your personal information.

6.4 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

7. International Data Transfers

Your personal information may be transferred to and processed in countries outside the United Kingdom and the European Economic Area (EEA) where our service providers are located. These countries may have data protection laws that differ from UK and EU laws.

When we transfer your personal data internationally, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions recognizing that certain countries provide adequate data protection
• Binding Corporate Rules for transfers within corporate groups
• Other legally approved transfer mechanisms

You may contact us to obtain more information about the specific safeguards we have implemented for international data transfers.

8. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal, accounting, or reporting requirements.

Our retention periods vary depending on the type of information and the purpose for which it is used:

• Order and Transaction Data: Retained for 7 years to comply with tax and accounting obligations
• Customer Account Information: Retained until you request deletion or close your account, plus any additional period required by law
• Marketing Communications Data: Retained until you unsubscribe or withdraw consent, after which we will retain only a record of your opt-out preference
• Website Usage Data: Typically retained for 26 months for analytics purposes
• Customer Support Communications: Retained for 3 years to maintain service quality and resolve disputes

When personal information is no longer needed, we will securely delete or anonymize it in accordance with our data retention and deletion policies.

9. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. Our security measures include:

• Encryption of data in transit using SSL/TLS protocols (HTTPS)
• Encryption of sensitive data at rest
• Regular security assessments and vulnerability testing
• Access controls and authentication mechanisms to limit access to personal data
• Employee training on data protection and security best practices
• Secure backup and disaster recovery procedures
• Monitoring and logging of system access and activities
• Contractual obligations requiring service providers to implement appropriate security measures

While we strive to protect your personal information, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security, but we continuously work to improve our security practices.

10. Your Rights Under GDPR

Under the General Data Protection Regulation (GDPR) and UK data protection laws, you have the following rights regarding your personal information:

10.1 Right of Access

You have the right to request a copy of the personal information we hold about you. We will provide this information in a structured, commonly used, and machine-readable format.

10.2 Right to Rectification

You have the right to request that we correct any inaccurate or incomplete personal information we hold about you.

10.3 Right to Erasure (Right to be Forgotten)

You have the right to request that we delete your personal information in certain circumstances, such as when it is no longer necessary for the purposes for which it was collected or if you withdraw your consent.

10.4 Right to Restriction of Processing

You have the right to request that we restrict the processing of your personal information in certain circumstances, such as when you contest the accuracy of the data or object to processing.

10.5 Right to Data Portability

You have the right to receive your personal information in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

10.6 Right to Object

You have the right to object to our processing of your personal information based on legitimate interests or for direct marketing purposes. If you object to direct marketing, we will stop processing your data for that purpose.

10.7 Right to Withdraw Consent

Where we rely on your consent to process your personal information, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.

10.8 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority, particularly in the EU member state or UK country of your habitual residence, place of work, or place of alleged infringement. In the UK, the supervisory authority is the Information Commissioner's Office (ICO), which can be contacted at https://ico.org.uk.

10.9 Exercising Your Rights

To exercise any of these rights, please contact us using the contact information provided in Section 2. We will respond to your request within one month, although this period may be extended by two additional months in complex cases. We may require verification of your identity before processing your request.

11. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect information about your browsing activities and to provide certain features on our website. For detailed information about the cookies we use, how we use them, and how you can manage your cookie preferences, please see our Cookies Policy.

12. Third-Party Links

Our website may contain links to third-party websites, applications, or services that are not operated by us. This Privacy Policy does not apply to those third-party sites. We are not responsible for the privacy practices of third parties, and we encourage you to review their privacy policies before providing any personal information.

13. Children's Privacy

Our website and services are not intended for children under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18 without parental consent, we will take steps to delete that information as soon as possible. If you believe we have collected information from a child under 18, please contact us immediately.

14. Marketing Communications

With your consent or where permitted by law, we may send you marketing communications about our products, services, and promotions. You can opt out of receiving marketing communications at any time by:

• Clicking the "unsubscribe" link in any marketing email we send you
• Contacting us using the contact information provided in Section 2
• Updating your communication preferences in your account settings (if applicable)

Please note that even if you opt out of marketing communications, we will still send you transactional and service-related communications, such as order confirmations and important updates about our services.

15. Automated Decision-Making and Profiling

We may use automated decision-making and profiling techniques to analyze your personal information and provide personalized experiences, such as product recommendations or targeted advertising. You have the right to object to automated decision-making that produces legal effects or similarly significantly affects you. If you wish to exercise this right, please contact us.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational, legal, or regulatory reasons. When we make material changes, we will notify you by:

• Posting the updated Privacy Policy on our website with a new "Last Updated" date
• Sending you an email notification (if you have provided us with your email address)
• Displaying a prominent notice on our website

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal information. Your continued use of our website or services after changes are posted constitutes your acceptance of the updated Privacy Policy.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data protection practices, please contact us:

Retailgraceful
The Greenhouse, Gibb Street
Digbeth, Birmingham B9 4AA
United Kingdom
Phone: +44 121 212 1212
Email: ask@retailgraceful.world

We are committed to working with you to resolve any privacy concerns you may have.