GDPR and Data Protection Policy

Last updated: 20 January 2025

Introduction

Urban Oud ("we", "our", "us", "the Company") is committed to protecting and respecting your privacy and personal data. This policy outlines how we comply with GDPR (General Data Protection Regulation) and the UK Data Protection Act 2018.

Our Commitment

We are committed to:

  • Processing data lawfully, fairly, and transparently
  • Collecting data for specified, explicit, and legitimate purposes
  • Ensuring data is adequate, relevant, and limited to what's necessary
  • Keeping data accurate and up to date
  • Storing data for no longer than necessary
  • Maintaining data security and integrity

Data We Collect

Customer Data

  • Name and contact details
  • Delivery addresses
  • Payment information
  • Purchase history
  • Email correspondence
  • Marketing preferences

Website Visitors

  • IP addresses
  • Browser type and version
  • Operating system
  • Page views and navigation
  • Shopping cart contents
  • Cookie preferences

We process personal data under the following legal bases:

  1. Contract Performance

    • Processing orders
    • Delivering products
    • Managing customer accounts

  2. Legitimate Interests

    • Improving our services
    • Marketing to existing customers
    • Fraud prevention

  3. Legal Obligation

    • Tax records
    • Business accounting
    • Consumer protection

  4. Consent

    • Marketing communications
    • Cookie usage
    • Newsletter subscriptions

Your Rights Under GDPR

You have the following rights:

  1. Right to Access

    • Request copies of your personal data
    • Understand how we process your data

  2. Right to Rectification

    • Correct inaccurate data
    • Complete incomplete data

  3. Right to Erasure

    • Request deletion of your data
    • Also known as 'right to be forgotten'

  4. Right to Restrict Processing

    • Limit how we use your data
    • Temporarily or permanently

  5. Right to Data Portability

    • Receive your data in a structured format
    • Transfer data to another controller

  6. Right to Object

    • Object to direct marketing
    • Object to processing based on legitimate interests

  7. Rights Related to Automated Decision Making

    • Not be subject to decisions based solely on automated processing
    • Request human intervention in automated decisions

Data Security

We implement appropriate security measures including:

  • SSL encryption for all data transmission
  • Secure password protocols
  • Regular security assessments
  • Staff training on data protection
  • Access controls and authentication
  • Regular backup procedures
  • Incident response plans

Data Retention

We retain personal data only for as long as necessary:

Data Type Retention Period Reason
Order Information 7 years Tax compliance
Marketing Preferences Until opt-out Customer communication
Website Logs 90 days Security monitoring
Payment Details Not stored Payment processor handles

International Data Transfers

When we transfer data outside the UK/EEA, we ensure:

  • Adequate safeguards are in place
  • Standard contractual clauses are used
  • Privacy Shield certification where applicable
  • Data processing agreements are in place

Data Breaches

In the event of a data breach, we will:

  1. Notify the ICO within 72 hours
  2. Inform affected individuals if high risk
  3. Document all breaches and actions taken
  4. Review and update security measures

Marketing Communications

We will only send marketing communications if:

  • You have given explicit consent
  • You are an existing customer (soft opt-in)
  • You have not opted out

You can opt out at any time by:

  • Clicking unsubscribe in emails
  • Contacting our customer service
  • Updating your account preferences

Children's Privacy

We do not knowingly collect data from children under 16. If you believe we have collected such data, please contact us immediately.

Third-Party Processors

We use carefully selected third-party processors for:

  • Payment processing
  • Shipping and delivery
  • Email marketing
  • Website analytics

All processors are GDPR compliant and have appropriate data processing agreements.

Changes to This Policy

We may update this policy periodically. Significant changes will be communicated via:

  • Website notifications
  • Email updates
  • Account messages

Contact Information

Data Protection Officer:

  • Email: urbanoudltd@gmail.com
  • Phone: +44 7880 286117
  • Address: 57 Thornfield House, Rosefield Gardens, London, E14 8EP

Supervisory Authority: Information Commissioner's Office (ICO)

  • Website: www.ico.org.uk
  • Phone: 0303 123 1113

Questions About Your Data Rights

We are committed to addressing any questions or concerns you may have about your personal data. If you have any queries about how we handle your information, please contact our Data Protection Officer using the contact details provided above.

You also have the right to contact the Information Commissioner's Office (ICO) for guidance or questions about data protection:

  • Website: www.ico.org.uk
  • Phone: 0303 123 1113

This policy is reviewed annually and was last updated on 20 January 2025. It applies to all personal data processed by Urban Oud.