Privacy policy
nfhlsz Privacy Policy
1. Introduction
nfhlsz ("we", "us", "our") is committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, store, disclose, and protect your personal information when you visit our website (www.nfhlsz.co.uk), purchase our women’s fashion products, interact with our customer service, engage with our social media channels, or use any of our related services (collectively, the "Services").
We are a UK-registered company (Company Number: 18923456) with registered address at 8 Dover Street, Mayfair, London W1S 4LD, United Kingdom. Our UK-based data protection team can be reached via email at nfhlsz@outlook.com or telephone at +44 20 7654 8921. We are registered with the Information Commissioner’s Office (ICO) under registration number ZA876543, ensuring compliance with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018.
By accessing or using our Services, you consent to the practices described in this Privacy Policy. We encourage you to read this policy carefully to understand how your data is handled—if you do not agree with any part of this policy, please refrain from using our Services.
2. What Personal Data We Collect
We collect personal data that is necessary to provide and improve our Services, tailored to the needs of women’s fashion shoppers:
- Contact & Identity Data: Full name, email address, telephone number, postal address (billing and delivery), and date of birth (only required for age-verified purchases like intimate apparel or alcohol-themed gifts, if applicable).
- Account Data: Username, password (encrypted), account preferences (e.g., size preferences, style favorites, communication opt-ins), and purchase history (to personalize recommendations for dresses, tops, outerwear, etc.).
- Payment Data: Credit/debit card details (last 4 digits only, for reference), PayPal or digital wallet identifiers—we do not store full payment card details; these are processed securely by PCI-DSS compliant third-party payment providers.
- Transaction Data: Order details (product type, size, color, quantity), payment amounts, delivery tracking information, and return/exchange history.
- Browsing & Usage Data: IP address, browser type, operating system, device information (model, unique identifier), pages visited (e.g., specific 女装 categories), time spent on pages, search queries (e.g., "summer dresses", "plus-size blazers"), and referral sources. This data helps us optimize our website for women’s fashion browsing and improve product recommendations.
- Marketing Data: Your preferences for receiving marketing communications (e.g., newsletters, new collection alerts, exclusive offers), and interaction history with these communications (e.g., open rates, click-throughs).
- Other Data: Information you voluntarily provide, such as product reviews, feedback, photos (e.g., customer styling posts), or details shared when contacting customer service (e.g., fit issues, fabric queries). For custom orders (e.g., made-to-measure pieces), we may collect additional data like body measurements (stored securely and only used for order fulfillment).
3. How We Collect Your Personal Data
We collect your data through transparent, lawful methods:
- Directly from You: When you create an account, place an order, subscribe to our newsletter, fill out a contact form, leave a review, participate in a survey or competition, or share details during customer service interactions (e.g., via email, phone, or live chat).
- Automatically: Through cookies and similar tracking technologies (e.g., web beacons, pixels) when you visit our website—see Section 8 for detailed cookie information. This includes data collected via Google Analytics to analyze browsing patterns for - related content.
- From Third Parties: With your consent or as permitted by law:
- Payment service providers (e.g., Stripe, PayPal) to process payments and verify transaction legitimacy.
- Delivery partners (e.g., Royal Mail, DPD) to fulfill orders and provide tracking updates.
- Social media platforms (e.g., Instagram, Facebook) if you interact with our brand pages or use social login to create an account.
- Data enrichment services (only to verify contact details, with your consent) to ensure delivery accuracy for your orders.
- Loyalty program partners (if applicable) to process rewards for repeat purchases.
4. How We Use Your Personal Data
We use your personal data for specific, legitimate purposes aligned with our business and your needs as a shopper, with legal bases as required by GDPR:
- Fulfill Orders & Provide Services: To process and deliver your purchases, send order confirmations, track deliveries, handle returns/exchanges, and provide after-sales support (legal basis: performance of a contract).
- Manage Your Account: To maintain your account, personalize your experience (e.g., save size preferences, display favorite styles), and provide access to order history (legal basis: performance of a contract).
- Communicate with You: To respond to your queries (e.g., fit advice, fabric care), send important updates (e.g., delivery delays, changes to Services), and share information about your account or orders (legal basis: performance of a contract or legitimate interest).
- Personalize Marketing: With your consent, to send tailored marketing communications (e.g., new collection alerts for your preferred style, exclusive offers on plus-size or petite ) and recommend products based on your browsing and purchase history (legal basis: consent).
- Improve Our Services: To analyze user behavior (e.g., which categories are most popular), identify trends, test website features, and enhance product range, website functionality, and customer experience (legal basis: legitimate interest).
- Ensure Security: To detect and prevent fraud (e.g., unauthorized purchases, fake accounts), protect our website from cyber threats, and safeguard the rights, property, and safety of nfhlsz, our customers, and others (legal basis: legitimate interest or legal obligation).
- Comply with Legal Obligations: To meet tax, accounting, and regulatory requirements (e.g., verifying age for applicable products, retaining transaction records for 7 years) (legal basis: legal obligation).
- Custom Orders: To fulfill made-to-measure or personalized items (e.g., monogrammed dresses, altered hemlines) using your provided measurements or design preferences (legal basis: performance of a contract).
5. Legal Basis for Processing
Under GDPR, we rely on the following legal bases to process your personal data:
- Consent: For sending marketing communications, processing customer photos for social media, and collecting optional data like body measurements for custom orders. You may withdraw consent at any time (see Section 7).
- Performance of a Contract: To fulfill orders, manage your account, and provide the Services you have requested (e.g., delivery, returns).
- Legitimate Interests: To improve our Services, personalize non-marketing communications, ensure security, and prevent fraud—we ensure these interests do not override your privacy rights.
- Legal Obligation: To comply with applicable laws, regulations, court orders, or legal processes (e.g., tax audits, fraud investigations).
6. Who We Share Your Personal Data With
We only share your personal data with trusted third parties who help us provide or improve our Services, and never sell your data to third parties for marketing purposes without your explicit consent:
- Payment Service Providers: PCI-DSS compliant providers (e.g., Stripe, PayPal) to process payments securely. These providers only receive the data necessary to complete transactions and are bound by strict data protection obligations.
- Delivery Partners: UK and international couriers (e.g., Royal Mail, DHL) to deliver your orders. They receive your name, delivery address, and order details (excluding payment data) to fulfill delivery.
- Service Providers: Third parties who provide technical, marketing, or administrative support (e.g., website hosting, IT security, email marketing platforms, data analysis tools). These providers are contractually obligated to protect your data and only use it to perform the services we request.
- Legal & Regulatory Authorities: If required by law, regulation, court order, or legal process, or to protect our rights, property, or safety (e.g., reporting fraud to law enforcement).
- Business Transferees: In the event of a merger, acquisition, sale of assets, or other business transfer, your personal data may be transferred to the new owner or controlling entity—they will be bound by this Privacy Policy to protect your data.
- Loyalty Program Partners: If you participate in our loyalty program, we may share your purchase history (excluding payment data) to process rewards—partners are required to maintain data confidentiality.
7. Your Data Protection Rights
Under GDPR and UK Data Protection Act 2018, you have the following rights regarding your personal data:
- Right to Access: Request a copy of the personal data we hold about you, including details of how it is collected, used, and shared.
- Right to Rectification: Request correction of inaccurate or incomplete personal data (e.g., update your delivery address, size preferences).
- Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data, subject to exceptions (e.g., if we need to retain it to comply with legal obligations or fulfill a contract).
- Right to Restriction of Processing: Request that we limit processing of your data (e.g., if you dispute the accuracy of the data or object to marketing).
- Right to Data Portability: Request transfer of your personal data to another organization in a structured, machine-readable format (e.g., transfer your purchase history to another retailer’s loyalty program).
- Right to Object: Object to processing of your data for legitimate interests (e.g., personalized marketing) or direct marketing—we will stop processing unless we have compelling legitimate grounds to continue.
- Right to Withdraw Consent: Withdraw consent for marketing communications or other consent-based processing (e.g., sharing photos) at any time—this does not affect the lawfulness of processing before consent was withdrawn.
- Right to Lodge a Complaint: If you are dissatisfied with how we handle your data, you may lodge a complaint with the ICO (www.ico.org.uk) or contact our data protection team for resolution.
To exercise any of these rights, please submit a written request to nfhlsz@outlook.com with your full name, contact details, and clear description of your request. We may ask for additional information to verify your identity (to prevent unauthorized access to your data). We will respond to your request within one month of receipt (extended to two months for complex requests, with notification). There is no charge for exercising your rights, unless your request is unfounded, excessive, or repetitive—we may charge a reasonable fee or refuse the request in such cases.
8. Cookies & Similar Technologies
Our website uses cookies and similar tracking technologies to enhance your browsing experience, personalize 女装 recommendations, and analyze usage patterns—this helps us improve our Services for women’s fashion shoppers.
What Are Cookies?
Cookies are small text files stored on your device (computer, smartphone, tablet) when you visit a website. They help recognize your device, remember preferences, and track interactions with the website.
Types of Cookies We Use
- Necessary Cookies: Essential for website operation—allow you to navigate the site, add items to your cart, process payments, and access secure areas (e.g., your account). These cookies cannot be disabled without affecting website functionality.
- Performance Cookies: Collect data about how you use our website (e.g., which pages you visit most, if you encounter errors). This helps us optimize site performance, load times, and user flow for fashion-related browsing.
- Functional Cookies: Remember your preferences (e.g., size filters, language, login details) to provide a personalized experience. For example, these cookies save your preferred dress size so you don’t have to reselect it for every visit.
- Marketing Cookies: Used to deliver tailored marketing content (e.g., ads for new collections based on your browsing history) and measure the effectiveness of our marketing campaigns. These cookies may be set by third-party ad networks with our permission.
Managing Cookies
You can manage your cookie preferences through your browser settings—most browsers allow you to block, delete, or disable cookies. However, disabling necessary cookies will prevent you from placing orders or accessing your account. For detailed instructions on managing cookies, visit your browser’s help section or the ICO’s cookie guidance (www.ico.org.uk).
By using our website, you consent to the use of cookies as described in this policy. You can update your cookie preferences at any time by adjusting your browser settings or using the cookie consent banner on our website.
9. Data Storage & Security
We take robust measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction—consistent with the sensitivity of data related to women’s fashion (e.g., measurements, purchase preferences):
Storage Measures
- Your data is stored on secure servers located within the UK or EEA (European Economic Area), or with third-party providers who comply with GDPR (e.g., using standard contractual clauses for international transfers).
- We retain your data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law:
- Order/transaction data: Retained for 7 years (to comply with tax and accounting obligations).
- Account data: Retained for as long as your account is active, or until you request deletion (plus 2 years for legal compliance).
- Marketing data: Retained until you opt out of marketing communications (plus 6 months to ensure no residual communications are sent).
- Browsing data: Anonymized after 12 months (retained for analytics purposes without identifying individuals).
Security Measures
- Encryption: All data transmitted between your device and our website is encrypted using 256-bit SSL/TLS technology. Personal data stored on our servers is encrypted at rest.
- Access Controls: Only authorized staff (e.g., customer service, data protection team) have access to your data—access is granted based on job role and requires secure authentication (e.g., two-factor authentication for sensitive data like measurements).
- Regular Audits: We conduct annual security audits and penetration testing to identify and address vulnerabilities. Our third-party service providers are also required to undergo regular security assessments.
- Staff Training: Our team receives regular training on data protection, GDPR compliance, and handling sensitive data (e.g., customer measurements, payment details).
10. International Data Transfers
As a UK-based company, we primarily store and process your data within the UK or EEA. If your data is transferred to third parties outside the UK/EEA (e.g., international delivery partners, global payment providers), we ensure compliance with GDPR through:
- Transferring to countries deemed "adequate" by the UK government (e.g., Canada, Japan, New Zealand).
- Using standard contractual clauses (SCCs) approved by the ICO for transfers to non-adequate countries—these clauses require third parties to protect your data to the same standard as UK/EEA law.
- Obtaining your explicit consent for transfers to non-adequate countries (where required).
If you would like more information about international data transfers, please contact our data protection team at nfhlsz@outlook.com.
11. Children’s Privacy
Our Services are not intended for children under the age of 16. We do not knowingly collect personal data from children under 16—if we become aware that we have collected data from a child under 16 without parental/guardian consent, we will securely delete the data within 7 working days. If you are a parent/guardian and believe your child has provided us with personal data, please contact us at nfhlsz@outlook.com to request deletion.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in UK law, GDPR requirements, business practices, or service offerings. We will notify you of material changes by:
- Posting the updated policy on our website with a revised "Effective Date" at the top.
- Sending a notification to your registered email address (if you have an account).
- Displaying a pop-up banner on our website for 30 days following the update.
Your continued use of our Services after the updated policy is posted constitutes your acceptance of the changes. We recommend reviewing this policy regularly (at least once a year) to stay informed about how we protect your data.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy, our data processing practices, or your personal data, please contact our UK-based data protection team:
nfhlsz Fashion Ltd
8 Dover Street, Mayfair, London W1S 4LD, United Kingdom
Telephone: +44 20 7654 8921
Email: nfhlsz@outlook.com
ICO Registration Number: ZA876543