Privacy Policy for Aleksandra's Store

Last Updated: 15 November 2025  

Aleksandra's Store ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website, make a purchase, or otherwise interact with our services. We sell physical Christmas and personal products exclusively to customers in the United Kingdom (UK).
By using our website or services, you agree to the terms of this Privacy Policy. If you do not agree, please do not use our services.

We collect the following types of information:

Information You Provide Directly
Personal details: Name, billing/shipping address, email address, phone number.
Payment information: Credit/debit card details or other payment method information (processed securely via third-party payment processors; we do not store full card details).
Account information: If you create an account, your username and encrypted password.
Order details: Products purchased, order history, and any notes or preferences.

Information Collected Automatically
Device and usage data: IP address, browser type, operating system, referral source, pages viewed, time spent on pages, and clickstream data.
Cookies and similar technologies: We use essential, functional, and analytics cookies

Information from Third Parties
Delivery partners: Address verification or delivery updates from Royal Mail or courier services.
Payment processors: Confirmation of successful payment (no full card details).

How We Use Your Information
Order fulfilment: Process and ship your orders, provide tracking, and handle returns/refunds.
Customer service: Respond to enquiries, complaints, or support requests.
Account management: Create and maintain customer accounts.
Marketing: Send promotional emails about new products, sales, or Christmas offers (you can opt out at any time).
Legal compliance: Meet tax, accounting, and consumer protection obligations under UK law.
Website improvement: Analyse usage to enhance functionality, security, and user experience.
Fraud prevention: Detect and prevent fraudulent transactions.

Legal Basis for Processing (UK GDPR)

We process personal data based on:
Contract: To fulfil your order and provide services.
Consent: For marketing communications (where you opt in).
Legal obligation: Tax records, consumer rights, product safety.
Legitimate interests: Fraud prevention, website security, service improvement (provided these do not override your rights).

Sharing Your Information
Service providers (processors):
  - Payment gateways (e.g., Stripe, PayPal) – for secure transactions.
  - Shipping carriers (e.g., Royal Mail, DPD) – for delivery.
  - IT/hosting providers – for website operation and data storage.
  - Email service providers – for order confirmations and marketing (with consent).
  - Legal authorities – When required by UK law (e.g., HMRC, police, court order).
  - Business transfers – In the event of a merger, acquisition, or sale of assets (your data would remain protected).
All third parties are bound by UK GDPR-compliant contracts.

Data Retention

We keep your data only as long as necessary:

| Data Type                                              | Retention Period                     |
|----------------------------------------|--------------------------------------|
| Order & payment records             | 7 years (UK tax law requirement)     |
| Account information                       | Until account deletion + 90 days     |
| Marketing preferences                  | Until you unsubscribe                |
| Website logs                                       | Up to 12 months                      |

After retention periods, data is securely deleted or anonymised.

Your Rights Under UK GDPR

You have the right to:

Access your personal data.
Correct inaccurate data.
Delete your data ("right to be forgotten") where no legal reason exists to retain it.
Restrict processing in certain cases.
Object to processing based on legitimate interests or marketing.
Data portability receive your data in a structured format.
Withdraw consent for marketing at any time.
Complain to the UK Information Commissioner’s Office (ICO) at [ico.org.uk](https://ico.org.uk).

Cookies and Tracking

We use:

Essential cookies: Required for website functionality (e.g., adding items to basket).
Functional cookies: Remember preferences (e.g., language).
Analytics cookies: Google Analytics (anonymised IP) to understand site usage.

You can manage cookies via your browser settings or our cookie banner. Disabling cookies may affect site functionality.

Data Security

We implement appropriate technical and organisational measures, including:

- SSL encryption for data in transit.
- Secure payment processing (PCI DSS compliant).
- Access controls and staff training.
- Regular security audits.

While we take all reasonable steps, no online system is 100% secure.

International Transfers

All data is processed and stored within the UK or EEA. We do not transfer data outside these regions unless adequacy decisions apply or standard contractual clauses are in place.

Contact Us

For privacy enquiries, rights requests, or complaints:

Email: alexandra75mac@gmail.com

Aleksandra's Store  
Data Protection Officer  
United Kingdom  

We aim to respond within 30 days.

Changes to This Policy

We may update this policy periodically. Changes will be posted on this page with a new "Last Updated" date. Significant changes will be notified via email or website banner.

Aleksandra's Store
Registered in England