Privacy Policy

Iasdada ("we", "us", "our") is a women’s fashion brand focusing on casual wear and accessories, offering a curated collection of denim skirts, cardigan sweaters, shoes, and hair accessories—crafted to bring comfort, style, and practicality to your everyday wardrobe. We understand that your privacy is invaluable, and we are dedicated to safeguarding your personal data in every interaction, whether you shop our online store, visit our Birmingham boutique at 36 Corporation Street, subscribe to our product updates, or contact our customer support team. This Privacy Policy, generated to comply fully with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, clearly outlines how we collect, use, store, and disclose your personal information. By accessing our services, purchasing our products, or sharing your details with us, you acknowledge that you have read, understood, and agreed to the practices described herein.

1. Types of Personal Data We Collect

We strictly follow the data minimization principle, meaning we only gather personal information that is essential to deliver a smooth shopping experience, fulfill your orders, and improve our range of denim skirts, cardigan sweaters, shoes, and hair accessories. The personal data we collect falls into the following categories:
  • Identity and Contact Information: This includes your full name, email address (for all communications at iasdada@outlook.com), telephone number, and shipping/billing addresses. We collect this information when you create a customer account, place an order, subscribe to our marketing emails (e.g., new arrivals of denim skirts or hair accessories), or contact us for support—such as size guidance for cardigans, fit questions for shoes, or product availability inquiries.
  • Transaction and Order Details: Information related to your purchases, including unique order reference numbers, selected products (denim skirts, cardigan sweaters, shoes, hair accessories), sizes, quantities, transaction amounts, and payment method identifiers. Importantly, we do not store full payment card details; all payments are processed by PCI DSS-compliant third-party providers to ensure the security of your financial data.
  • Preference and Account Data: For registered customers, we store your product preferences (e.g., favorite denim skirt styles, cardigan sizes, shoe sizes, or hair accessory types), order history, and saved delivery addresses to streamline your future shopping experiences.
  • Technical and Browsing Data: When you visit our website, we automatically collect non-identifiable technical data to optimize your browsing experience and improve our online platform. This includes your device type, browser version, operating system, anonymized IP address (personal identifying components are removed within 28 days), pages visited (e.g., denim skirt category, cardigan collection), products viewed, and time spent on our site. This data is collected via cookies and similar tracking technologies (see Section 7 for management options).
  • Voluntarily Shared Information: Any additional details you choose to share with us, such as product reviews (e.g., feedback on denim skirt fit or cardigan quality), style suggestions, survey responses, or information exchanged during in-store interactions with our Birmingham team.

2. Legal Bases for Processing Your Data

We only process your personal data for lawful purposes, with each processing activity supported by a valid legal basis as required by UK GDPR. The key legal bases and their corresponding purposes are:
  • Performance of a Contract: To fulfill our obligations under the purchase contract formed when you buy our products. This includes processing payments, arranging delivery of your denim skirts, cardigans, shoes, or hair accessories, sending order confirmations and shipping tracking updates, and handling returns, exchanges, or refunds in line with our after-sales policy.
  • Consent: To send you personalized marketing communications, including new collection launches (e.g., new denim skirt styles, cardigan colors, shoe designs, or hair accessory ranges), exclusive discounts, and styling tips. We only send these communications if you have explicitly given your consent, and you may withdraw your consent at any time without affecting the processing of your existing orders.
  • Legitimate Interests: To improve our product range (using customer feedback on denim skirts, cardigans, shoes, and hair accessories), optimize website functionality and in-store user experience, detect and prevent fraudulent transactions, and ensure the secure and efficient operation of our business. These interests are carefully balanced to avoid overriding your privacy rights and freedoms.
  • Compliance with Legal Obligations: To retain transaction records for 7 years in accordance with UK tax and accounting regulations, and to respond to lawful requests from regulatory authorities (such as the Information Commissioner’s Office/ICO), courts, or law enforcement agencies.

3. Third-Party Data Sharing

We never sell, rent, or lease your personal data to third parties for their own marketing purposes. We only share your data with trusted third-party partners who assist us in delivering our services, and all such partners are contractually obligated to protect your personal information, use it solely for the purposes we authorize, and comply with UK GDPR. Our trusted third parties include:
  • Payment Service Providers: PCI DSS-accredited payment processors (e.g., Stripe, PayPal) that handle secure payment transactions. They receive only the minimum information necessary to process payments and are prohibited from using your data for any other purpose.
  • Delivery Partners: UK-based courier services that require your shipping address and contact details to deliver your orders (denim skirts, cardigans, shoes, hair accessories). They do not store your personal data beyond the completion of delivery.
  • IT and Cybersecurity Providers: Birmingham-based service providers responsible for website maintenance, customer database management, and cybersecurity. They only have access to anonymized or encrypted data and are bound by strict confidentiality agreements.
  • Legal and Regulatory Bodies: We may disclose your personal information if required by law, regulation, or legal process (e.g., court orders), or to protect our legitimate rights, property, or safety, as well as the rights, property, or safety of our customers or other third parties.

4. Data Security Safeguards

We take the security of your personal data very seriously and have implemented robust technical and organizational measures to protect your information from unauthorized access, disclosure, alteration, loss, or destruction. Our key security practices include:
  • End-to-end SSL/TLS encryption for all data transmitted between your device and our website, ensuring the secure transfer of personal and transactional information.
  • Encrypted storage of data on secure UK-based servers, with multi-factor authentication and role-based access controls. Only authorized personnel with a legitimate business need can access personal data, and all access activities are logged and audited regularly.
  • Regular security assessments, software updates, and bi-annual penetration testing to address emerging cyber threats and validate the effectiveness of our security controls.
  • Mandatory data protection training for all employees (both online and in-store), ensuring they fully understand their obligations under UK GDPR and handle your personal information securely.
While we strive to maintain the highest level of security, no method of data transmission over the internet or electronic storage is entirely risk-free. We cannot guarantee absolute security, but we will notify you and the ICO promptly in the event of a data breach that is likely to pose a high risk to your rights and freedoms, as required by law.

5. Data Retention Guidelines

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. After the retention period expires, we will securely delete or anonymize your data so that it can no longer be associated with you. Our specific retention periods are:
  • Transaction and identity data: Retained for 7 years from the date of transaction to comply with UK tax and accounting laws.
  • Account and preference data: Retained for the duration of your account activity. If you request to delete your account, we will remove this data within 35 days (unless we are legally required to retain it).
  • Marketing consent and communication data: Retained until you withdraw your consent. After withdrawal, we will delete your marketing-related information within 25 days to ensure you no longer receive promotional communications.
  • Technical and browsing data: Retained for 28 days before being permanently anonymized for aggregate analytics purposes, which helps us improve our website and product offerings (including denim skirts, cardigans, shoes, and hair accessories).

6. Your Data Protection Rights

Under UK GDPR, you hold enforceable rights regarding your personal data held by us. We make it easy for you to exercise these rights promptly and efficiently:
  • Right of Access: You have the right to request a free, clear copy of the personal data we hold about you, along with details of our processing activities.
  • Right to Rectification: You can request that we correct any inaccurate or incomplete personal information (e.g., updated delivery address, shoe size preferences, or contact details).
  • Right to Erasure (Right to be Forgotten): You may request the deletion of your personal data if it is no longer necessary for the purpose it was collected, you withdraw your consent, or our processing is unlawful (subject to legal retention obligations).
  • Right to Restriction of Processing: You can request that we limit the processing of your personal data (e.g., while we verify the accuracy of your order history for denim skirts or cardigans).
  • Right to Withdraw Consent: If you have given your consent for marketing or other processing activities, you can withdraw it at any time by clicking the "unsubscribe" link in our emails or contacting our customer service team directly.
To exercise any of these rights, please contact us using the details provided in Section 8. We may request proof of identity to ensure the security of your information. We will respond to your request within 30 days; if your request is complex, we may extend this period by an additional 30 days and will notify you of the extension and the reasons for it.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you are dissatisfied with how we handle your personal information. The ICO can be contacted via their official website (www.ico.org.uk) or by telephone at 0303 123 1113.

7. Cookies and Tracking Technologies

Our website uses cookies and similar tracking tools (e.g., web beacons, pixel tags) to enhance your browsing experience, analyze website traffic, and personalize content and offers for our range of denim skirts, cardigan sweaters, shoes, and hair accessories. Cookies are small text files stored on your device when you visit our website. We use three categories of cookies:
  • Essential Cookies: These cookies are necessary for the basic functionality of our website, enabling you to browse our product categories (denim skirts, cardigans, shoes, hair accessories), add items to your cart, and complete the checkout process. You cannot disable these cookies, as they are critical to our core services.
  • Analytical Cookies: These cookies collect anonymized, aggregated data on how users interact with our website to improve site performance, navigation, and user experience—such as which product categories are most visited.
  • Marketing Cookies: These cookies are used to deliver personalized marketing content and offers based on your browsing history (e.g., showing you new denim skirt styles if you previously viewed this category). We only use these cookies with your explicit consent.
You can manage or disable non-essential cookies (analytical and marketing) through your browser settings. The process for managing cookies varies by browser, so we recommend checking your browser's help center for specific instructions. Disabling non-essential cookies will not affect your ability to browse or purchase products on our website, but it may limit the personalization of content and offers.

8. Policy Updates

We may update this Privacy Policy from time to time to reflect changes in laws and regulations, business practices, or technological advancements. When we make updates, we will revise the "Last Updated" date at the bottom of this page. For significant changes (e.g., modifications to data collection scope, processing purposes, or disclosure practices), we will notify you via email (if we have your contact details) or by posting a prominent notice on our website at least 28 days before the changes take effect. We encourage you to review this Privacy Policy regularly to stay informed about how we protect your personal information.

9. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data, please contact our data protection team:
  • Brand Name: iasdada
  • Email: iasdada@outlook.com
  • Phone: +44 (0) 121 448 7930
  • Address: 36 Corporation Street, Birmingham B4 6AT