PrismWardrobe Privacy Policy

Who we are

Our website address is: https://prismwardrobe.com.
Effective Date: 1.1.2025
Governing Law: England and Wales

1. Data Controller

WatchOwl Ltd (Company No. , Registered Office: ).
Contact: info@prismwardrobe.com

2. Data We Collect

2.1 Personal Data:

• Identifiers: Name, email, shipping/billing address.
• Payment Data: Card details (processed by Stripe/PayPal; we do not store full card numbers).
• Technical Data: IP address, device type, browser, cookies.

2.2 Purpose of Collection:

• Order fulfillment, fraud prevention, customer support, marketing (with consent).

3. Legal Basis for Processing

3.1 Contractual Necessity: Processing data to fulfill orders.
3.2 Consent: For marketing emails (opt-in required).
3.3 Legal Obligation: Retaining invoices for HMRC compliance.

4. Data Sharing

4.1 Third Parties:

• Analytics: Google Analytics (anonymized data).
• Suppliers: Shipping addresses shared for order delivery.
• Payment Processors: Stripe, PayPal (PCI-DSS compliant).

4.2 Legal Disclosures: Data shared if required by law (e.g., fraud investigations).

5. International Data Transfers

• Data transferred to non-UK suppliers under UK GDPR Standard Contractual Clauses (SCCs).

6. Data Retention

• Order Data: 6 years (HMRC compliance).
• Marketing Consent: Until withdrawn (unsubscribe link in emails).
• Inactive Accounts: Deleted after 2 years of inactivity.

7. Your Rights

7.1 Access/Correction: Request a copy of your data or corrections via email.
7.2 Deletion: Request erasure (excludes data retained for legal reasons).
7.3 Objection: Opt out of marketing or data processing (except for orders).
7.4 Lodge Complaints: Contact the UK ICO (https://ico.org.uk).

8. Security Measures

• Encryption: SSL/TLS for data transmission.
• Access Controls: Limited to authorized personnel.
• Regular Audits: Vulnerability scans and staff training.

9. Cookies

9.1 Essential Cookies: Session management, cart functionality.
9.2 Analytics Cookies: Google Analytics (opt-out via browser settings).
9.3 Marketing Cookies: Facebook Pixel (consent required).

10. Children’s Privacy

Services not directed at under-18s. Parental consent required for minors.

11. Policy Updates

Changes notified via email or website banner. Continued use implies acceptance.