Privacy Policy - Owlondon

1. Introduction

At OW London (“we,” “our,” or “us”), we are committed to protecting the privacy, confidentiality, and integrity of the personal data of our users. This Privacy Policy outlines how OW London collects, processes, stores, and safeguards your information when you access or interact with our website, owlondon.com (the “Site”). Our practices are designed to comply with applicable privacy laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), with a privacy-first commitment at the core of our operations.

Please read this Policy carefully to understand your rights and how we handle your personal data.

2. Scope of Policy and Data Controller Role

This Privacy Policy applies to all users of owlondon.com, including customers, prospective customers, registered account holders, and website visitors.

For the purposes of the GDPR and other applicable data protection laws, OW London is the data controller of your personal data collected through the Site. As data controller, we determine the purposes and means by which your information is processed. All inquiries or communications concerning this Policy should be directed to [email protected].

3. Categories of Data Processed

We collect and process the following categories of personal data:

a. Usage Data: This includes details about your interactions with our Site, such as IP address, browser type and version, geographic location, operating system, referral source, session duration, pages viewed, and browsing patterns. This data helps us optimize site functionality and analyze usage trends.

b. Account Data: Information you provide when creating an account or making a purchase, such as your full name, billing and shipping addresses, email address, and telephone number.

c. Profile Data: Data related to your user profile and activity, including purchase history, saved items, customer reviews, and personal preferences.

d. Communication Data: Records of communications with us, including customer service inquiries, contact forms, complaints, and support history.

e. Technical Data: Device identifiers, mobile operating system, browser fingerprinting, language settings, screen resolution, and system configuration information used to access the Site.

f. Transaction Data: Information related to purchases made on owlondon.com, including payment method, order history, delivery tracking details, and transaction/reference numbers. We do not store full payment card details; our third-party payment processors handle this securely.

g. Preference Data: Your communication preferences, subscription opt-ins, marketing consent status, product interest selections, and responses to promotional campaigns or surveys.

4. Legal Bases for Processing Data

We rely on the following legal bases for processing your personal data:

– Contractual Necessity: When processing is required to fulfill our contractual obligations to you, such as completing transactions, managing deliveries, or providing account-related services.

– Legitimate Interests: For operational and business needs including fraud detection, website analytics, securing our services, and improving our offerings, provided these interests do not override your fundamental rights and freedoms.

– Consent: Where required by law (e.g., sending marketing emails), we rely on your clear, informed consent. You may withdraw your consent at any time by contacting us or adjusting your preferences.

– Legal Obligation: To comply with legal requirements, regulatory investigations, or enforceable governmental requests.

5. Your Rights

Subject to applicable law, you have the following rights concerning your personal data:

– Right of Access: You may request a copy of your personal data held by us.
– Right to Rectification: You may correct or update inaccurate or incomplete information.
– Right to Erasure (“Right to Be Forgotten”): You may request deletion of your personal data where legally permissible.
– Right to Restrict Processing: You may request that we limit the processing of your data in certain cases.
– Right to Data Portability: You may request a copy of your data in a structured, commonly used, machine-readable format.
– Right to Object: You may object to processing based on our legitimate interests or for direct marketing purposes.
– Right to Non-Discrimination: Under CCPA, you are entitled to exercise your privacy rights without discrimination.

To exercise any of your rights, please contact us at [email protected]. We may need to verify your identity before processing your request.

6. Security Measures

We are deeply committed to implementing industry-recognized security measures to protect your information. These include:

– Data encryption during transit and at rest where applicable
– Role-based access controls and administrative safeguards
– Regular security training for staff
– Periodic security reviews and vulnerability assessments
– System monitoring and risk-based authentication
– Secure storage and scheduled data backups

While we take appropriate steps to secure your data, no transmission over the internet or electronic storage method is fully secure. You are responsible for keeping your login credentials confidential.

7. International Transfers

Your personal data may be transferred to, and processed in, countries other than your own. Where such transfers occur, we ensure appropriate safeguards are in place, including:

– Use of Standard Contractual Clauses approved by the European Commission
– Transfer mechanisms compliant with regional legislation (e.g., GDPR adequacy decisions)
– Binding corporate rules or other recognized legal assurances where required

All transfers are made with a view to maintaining an equivalent level of data protection as required under EU and international standards.

8. Data Retention

We retain personal data only as long as necessary for the purposes outlined in this Privacy Policy or as required by applicable law. Typical retention periods include:

– Account Data: For the life of your account and up to 7 years after closure, subject to legal or regulatory requirements
– Transaction Data: Retained for 7 years for tax and financial compliance
– Communication and Support Data: Retained for up to 3 years for quality assurance
– Marketing Consent Records: Retained until consent is withdrawn or deemed inactive
– Technical and Usage Data: Retained for 26 months for analytics and troubleshooting

When retention is no longer required, data is securely deleted or anonymized.

9. Cookie Policy

We use cookies and similar tracking technologies to improve your browsing experience. Cookies are small text files placed on your device to collect standard internet log data and visitor behavior information.

Our Site uses the following categories of cookies:

– Essential Cookies: Necessary for Site functionality, such as user authentication and shopping cart features.
– Functional Cookies: Remember your preferences and settings to improve usability.
– Performance Cookies: Collect anonymized data to help us understand how visitors interact with our Site (e.g., page load times, bounce rates).
– Analytical Cookies: Allow analysis of aggregate Site usage through tools like Google Analytics.

10. Cookie Management & Compliance with GDPR and CCPA

When you first visit owlondon.com, you will be presented with a cookie banner that allows you to manage your preferences in accordance with privacy laws. You may accept, reject, or configure your cookie settings at any time through the cookie consent tool accessible on our website footer.

Under GDPR, we do not place non-essential cookies on your device unless you have given informed consent. Under CCPA, you may opt out of “sale” of personal information (as defined under CCPA) and control cookie usage via browser settings or our cookie management tool.

11. Children’s Privacy

Our services are not directed to, and we do not knowingly collect personal data from, individuals under the age of 13. If you believe that a child under 13 has provided us with personal information without parental consent, please contact us immediately at [email protected], and we will take prompt steps to delete such data.

12. Policy Updates and User Notifications

We reserve the right to update this Privacy Policy at our discretion in response to evolving legal, technical, or business developments. We encourage you to review this Policy periodically for any changes. Whenever significant changes occur, we will notify you via on-site announcements, email notices, or other appropriate channels.

Your continued use of owlondon.com following any amendments constitutes your acceptance of the updated Policy.

13. Contact Information

If you have any questions about this Privacy Policy, your rights under applicable privacy laws, or how we process your personal data, you may contact us at:

Email: [email protected]

We are committed to ensuring your data is handled confidentially, transparently, and in full compliance with international privacy standards. Please reach out to us if you have any concerns related to your personal information or require assistance in exercising your privacy rights.