Privacy Policy

Last Updated: 4 June 2026

This Privacy Policy applies to all services provided by Sophia Rosemere, reachable via info@sophiarosemere.com

We respect the privacy of our customers and handle the personal information you provide to us confidentially and in accordance with the General Data Protection Regulation (GDPR).

1. Information We Collect

We collect personal data that you provide when placing an order, creating an account, or contacting our customer service team, including:

  • Full name

  • Billing and delivery address details

  • Email address

  • Telephone number

  • Payment information (processed by our payment providers and not stored on our servers)

  • IP address and device/browser information

  • Order and transaction history

  • Information regarding your activities and behaviour on our website (through cookies)

2. Purposes of Processing

We process your personal data for the following purposes:

  • To process, dispatch and invoice your orders.

  • To provide customer service and support.

  • To send order updates, tracking information and other relevant communications.

  • To improve our services, website and product range.

  • To prevent and detect fraud and misuse.

  • To send marketing communications, only where you have provided your consent.

3. Legal Bases for Processing

We process your personal data on the basis of:

  • The performance of a contract (your order).

  • Your consent (for example, for marketing communications).

  • Compliance with legal obligations (such as tax and accounting requirements).

  • Our legitimate interests (including fraud prevention and improving our services).

4. Sharing Personal Data with Third Parties

Your personal data will only be shared with third parties where necessary for the provision of our services, including:

  • Our payment providers: Apple Pay, Google Pay, Visa, Mastercard and Shop Pay.

  • Our shipping and delivery partners.

  • Our supplier(s) for the processing and fulfilment of your order.

  • Analytics and marketing service providers (where applicable and subject to your cookie preferences).

Where required, we have entered into appropriate data processing agreements with these parties.

We never sell your personal data to third parties.

As some orders may be fulfilled directly by suppliers located outside the European Economic Area (EEA), including China, your personal data may be transferred outside the EEA. In such cases, we ensure that appropriate safeguards are in place to protect your information.

5. Data Retention

We do not retain your personal data for longer than necessary for the purposes for which it was collected, or as required by applicable law (such as statutory accounting and tax retention obligations of up to seven years).

6. Cookies

Our website uses cookies to improve functionality, analyse visitor behaviour and support marketing activities.

Please refer to our separate Cookie Policy for further information. You may adjust your preferences at any time via our cookie banner or your browser settings.

7. Security

We take appropriate technical and organisational measures to protect your personal data against loss, misuse and unauthorised access.

All payments are processed through a secure SSL-encrypted connection.

8. Your Rights

Under the UK GDPR and applicable data protection laws, you have the right to:

  • Access the personal data we hold about you.

  • Request correction of inaccurate or incomplete personal data.

  • Request the deletion of your personal data where applicable.

  • Request restriction of the processing of your personal data.

  • Object to the processing of your personal data where we rely on legitimate interests.

  • Withdraw your consent at any time where processing is based on consent.

  • Request the transfer of your personal data to another organisation or directly to you (data portability).

To exercise any of these rights, please contact us at info@sophiarosemere.com.

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO), the UK's independent authority for data protection matters.