Privacy Policy
PRIVACY POLICY
Last updated: 15 July 2026
1. Who we are
Sofie London operates this online store and website (the “Store”). Shopify provides the ecommerce platform that enables us to offer our products and services.
For data protection purposes, Sofie London is the controller of the personal information described in this Privacy Policy, except where another company acts as an independent controller for its own services.
Contact:
Sofie London
Modra, Slovakia
Email: info@sofielondon.uk
This Privacy Policy explains how we collect, use, disclose and protect personal information when you visit the Store, place an order, contact us, sign up for marketing, or otherwise interact with us.
2. Personal information we collect
Depending on how you interact with the Store, we may collect or process:
• Identity and contact information, such as your name, email address, telephone number, billing address and delivery address.
• Order and transaction information, such as the products you view, add to your basket or purchase, order numbers, order value, payment status, returns, refunds and delivery information.
• Payment information. Payments are processed by Shopify and applicable payment providers. We generally do not receive or store your complete payment-card number.
• Account information, if you create a customer account, including login details, saved addresses and account preferences.
• Communications, such as emails, privacy requests, customer-service enquiries, complaints and other messages you send to us.
• Device and technical information, such as IP address, browser type, device type, operating system, language, approximate location, cookie identifiers and similar technical identifiers.
• Usage information, such as pages viewed, links clicked, products viewed, basket activity, referral information and how you interact with the Store.
• Marketing information, such as whether you have agreed to receive marketing and your communication preferences.
• Fraud and security information, such as information used to detect suspicious transactions, misuse or security incidents.
We do not intentionally collect special-category personal data, such as health, religious or political information, and you should not send such information to us unless it is genuinely necessary.
3. How we collect personal information
We collect personal information:
• Directly from you, including when you place an order, create an account, subscribe to marketing, contact us or submit a privacy request.
• Automatically when you use the Store, including through cookies and similar technologies.
• From Shopify and service providers that help us operate the Store.
• From payment, fulfilment, delivery, fraud-prevention, analytics, advertising and customer-support providers.
• From advertising platforms or referral partners when you interact with our advertisements or links.
4. Why we use personal information and our legal bases
We process personal information only where we have a lawful basis. Depending on the activity, we rely on:
Performance of a contract
We use personal information to:
• process and fulfil orders;
• take payment and issue refunds;
• provide order confirmations and delivery updates;
• manage returns, exchanges and customer accounts;
• provide customer service.
Legal obligations
We may use and retain information to:
• comply with tax, accounting, consumer-protection and other legal requirements;
• respond to valid requests from courts, regulators or law-enforcement authorities;
• keep records required by law.
Legitimate interests
Where our interests are not overridden by your rights, we may use information to:
• operate, secure and improve the Store;
• prevent fraud, misuse and security incidents;
• understand general Store performance;
• manage customer enquiries and business records;
• establish, exercise or defend legal claims.
Consent
Where consent is required, we rely on your consent to:
• place or use non-essential cookies and similar technologies;
• send certain forms of direct marketing;
• use information for personalised advertising or advertising measurement.
You may withdraw consent at any time. Withdrawal does not affect processing that took place before consent was withdrawn.
5. Cookies and similar technologies
We use necessary cookies and similar technologies to provide essential Store functions, including basket, checkout, security and account functionality.
With your consent where required, we may also use:
• Statistics technologies, to understand how visitors use the Store and to measure performance.
• Marketing technologies, to measure advertising, attribute conversions and support relevant advertising.
• Preference technologies, to remember choices and improve your experience.
We use a consent-management service, currently Consentmo, together with Shopify’s privacy controls to record and apply cookie choices. You can manage or withdraw optional-cookie consent through the cookie banner, the cookie-settings controls available on the Store, or our GDPR Privacy Requests page.
For more detail, please read our Cookie Policy.
6. Advertising measurement and WeTracked
When enabled, we use WeTracked to help measure advertising performance and attribute events such as product views, basket activity and purchases to advertising campaigns.
Depending on our configuration, WeTracked may process information such as:
• browser, device, IP address and technical identifiers;
• page, product, basket, checkout and purchase events;
• order number, order value, currency and purchased products;
• advertising or campaign identifiers;
• customer identifiers provided during checkout, which may be hashed or otherwise transformed where supported.
WeTracked may transmit relevant conversion information to advertising platforms that we connect to our Store. We use this information to measure advertising effectiveness, reduce duplicate reporting and understand which campaigns contribute to orders.
Where consent is legally required for browser-based advertising or analytics technologies, those technologies should remain disabled until consent is given. Some transaction and conversion information may also be processed where necessary for order administration, fraud prevention, legal compliance or our legitimate business interests, subject to applicable law.
If WeTracked is not active on the Store, this section does not mean that WeTracked is currently collecting information. We will review and update this Privacy Policy when our tracking configuration changes.
7. How we disclose personal information
We may disclose personal information to the following recipients where necessary:
• Shopify, which hosts and operates our ecommerce platform.
• Payment providers, banks and financial institutions that process payments, refunds and fraud checks.
• Fulfilment partners, suppliers, warehouses, couriers and delivery providers that need order and delivery details to fulfil purchases.
• Customer-support and communications providers, including Microsoft 365, which may process customer emails and support communications.
• Consent and privacy-management providers, including Consentmo.
• Analytics, advertising and conversion-measurement providers, including WeTracked when enabled, and advertising platforms connected to our Store.
• IT, hosting, security, fraud-prevention and cloud-storage providers.
• Accountants, insurers, legal advisers and other professional advisers.
• Courts, regulators, law-enforcement authorities and other parties where disclosure is required by law or necessary to protect legal rights.
• A buyer, investor or successor in connection with a proposed or completed sale, merger, restructuring or transfer of the business.
We do not sell personal information for money.
Service providers may use personal information only as permitted by their agreements with us, their own legal obligations and their applicable privacy notices.
8. Relationship with Shopify
The Store is hosted by Shopify. Shopify collects and processes information about your access to and use of the Store to provide, protect and improve its services.
Information submitted through the Store may be transmitted to Shopify and to service providers located outside your country. Shopify may also process information as an independent controller for certain features and purposes described in Shopify’s own privacy notices.
You can learn more through Shopify’s Consumer Privacy Policy and Shopify Privacy Portal.
9. International transfers
Some service providers may process personal information outside the United Kingdom, European Economic Area or the country where you live.
Where required, we and our service providers use legally recognised safeguards, such as adequacy regulations or decisions, standard contractual clauses, the UK International Data Transfer Agreement or appropriate contractual addenda.
You may contact us for further information about the safeguards relevant to your personal information.
10. How long we retain information
We retain personal information only for as long as reasonably necessary for the purposes described in this Privacy Policy.
Retention periods depend on factors including:
• how long we need the information to provide the Store and fulfil orders;
• whether you maintain a customer account;
• tax, accounting and record-keeping obligations;
• fraud-prevention and security needs;
• the time required to resolve disputes, complaints, returns, chargebacks or legal claims;
• requirements imposed by Shopify, payment providers or applicable law.
When information is no longer required, we will delete, anonymise or securely dispose of it, unless continued retention is permitted or required by law.
11. Marketing communications
We may send marketing communications where you have consented or where another lawful basis permits us to do so.
You can unsubscribe from promotional emails using the unsubscribe link in the message or by contacting info@sofielondon.uk.
Even if you unsubscribe from marketing, we may still send non-promotional communications concerning orders, refunds, account security or customer-service matters.
12. Your rights
Depending on where you live and the circumstances, you may have rights to:
• request access to personal information we hold about you;
• request correction of inaccurate or incomplete information;
• request deletion of personal information;
• request restriction of processing;
• object to certain processing, including direct marketing;
• receive certain information in a portable format;
• withdraw consent at any time where processing is based on consent;
• complain to a data-protection supervisory authority.
These rights are not absolute. We may retain or continue processing information where permitted or required by law, including for tax records, fraud prevention, order disputes or legal claims.
We may ask for reasonable information to verify your identity before responding to a request.
To exercise your rights, use our GDPR Privacy Requests page or email info@sofielondon.uk.
We normally respond within one month. Where permitted by law, the response period may be extended for complex or multiple requests, and we will inform you if an extension applies.
RIGHT TO OBJECT
You have the right to object to direct marketing at any time. You may also object to processing based on legitimate interests. To object, email info@sofielondon.uk with the subject “Privacy Request – Objection to Processing”.
13. Complaints
Please contact us first at info@sofielondon.uk so that we can try to address your concern.
You also have the right to lodge a complaint with the data-protection authority in the country where you live or work, or where you believe an infringement occurred.
For customers in the United Kingdom, the relevant supervisory authority is the Information Commissioner’s Office (ICO).
For customers in Ireland, the relevant supervisory authority is the Data Protection Commission (DPC).
14. Children
The Store is not intended for children, and we do not knowingly collect personal information from children who cannot lawfully consent to the processing of their information.
If you believe a child has provided personal information to us, please contact info@sofielondon.uk so that we can review and, where appropriate, delete it.
15. Security
We use reasonable administrative, technical and organisational measures designed to protect personal information.
However, no internet transmission or storage system is completely secure. Please do not send payment-card numbers, passwords or other highly sensitive information by ordinary email.
16. Third-party websites
The Store may contain links to websites or services operated by third parties. Their privacy practices are governed by their own notices, and we are not responsible for third-party websites that we do not control.
17. Changes to this Privacy Policy
We may update this Privacy Policy to reflect changes to our services, providers, technology, legal obligations or business practices.
We will publish the updated version on the Store and change the “Last updated” date. Where required by law, we will provide additional notice.
18. Contact
For questions about this Privacy Policy or our use of personal information, contact:
Sofie London
Email: info@sofielondon.uk
For privacy-rights requests, you may also use the GDPR Privacy Requests page available in the footer of the Store.