Data Deletion Policy - Oh So Luxe

Data Deletion Policy

Last Updated: August 14, 2025

At Oh So Luxe (www.ohsoluxe.co.uk), we are committed to protecting your privacy and ensuring transparency in how we handle your personal data. This Data Deletion Policy explains your rights to request the deletion of your personal data and the process we follow to honor such requests. We comply with the UK General Data Protection Regulation (UK GDPR), EU General Data Protection Regulation (EU GDPR), Data Protection Act 2018, and other applicable laws, including the California Consumer Privacy Act (CCPA) for California residents.

1. Your Right to Request Data Deletion

As a customer of Oh So Luxe, you have the right to request the deletion of your personal data under certain circumstances, including:

When your data is no longer necessary for the purposes for which it was collected (e.g., order fulfillment).
If you withdraw your consent for data processing (e.g., marketing communications).
If you object to the processing of your data, and we have no overriding legitimate interest to continue processing it.
If your data must be deleted to comply with a legal obligation.
If you believe your data has been processed unlawfully.

This right is subject to exceptions, such as legal obligations to retain certain data (see Section 5).

2. Personal Data We Collect

Oh So Luxe collects and processes the following categories of personal data through our Shopify-powered website:

Identity and Contact Data: First name, last name, email address, phone number (if provided), and account creation date.
Address Information: Billing address (for payment processing) and shipping address (for order delivery). Customers may save multiple addresses.
Purchase History: Order history, total amount spent, number of orders, purchase frequency, and lifetime customer value.
Marketing and Communication Data: Marketing consent status (opt-in/out for emails or SMS), email marketing status (subscribed/unsubscribed), and communication preferences.
Additional Data: Customer notes, tags used to organize customers, and account status (active, disabled, etc.).
Facebook Login Data: Email address (only when customers sign in using Facebook Login).
Technical Data: IP address, browser type, device information, and website usage data (via cookies or Shopify's analytics tools).

3. Where Your Data Is Stored

Your personal data is stored securely as follows:

Primary Storage: All customer data is stored on Shopify's secure cloud infrastructure, which operates in multiple data centers globally for performance and redundancy. Shopify is PCI DSS compliant, and data is encrypted both in transit and at rest.
Third-Party Storage:
- Payment Processors: Credit card and payment information is securely stored by our payment gateways (e.g., Shopify Payments, Stripe).
- Email Marketing Apps: If you opt in to marketing, your email address and related data may be synced with third-party apps like Mailchimp or Klaviyo.
- Other Shopify Apps: Any installed Shopify apps may store relevant customer data on their servers, subject to their privacy policies.
- Facebook/Meta: If you use Facebook Login, only your email address is shared with our store.

4. How to Submit a Deletion Request

To request the deletion of your personal data, please contact us at:

Email: info@ohsoluxe.co.uk

Address: Oh So Luxe, 1 St Georges Avenue, Endon, Stoke on Trent, ST9 9EQ, United Kingdom

Please include your full name, email address, and order number (if applicable) to help us verify your identity and locate your data. We aim to acknowledge your request within 72 hours.

5. Our Process for Handling Deletion Requests

Verification: We will verify your identity to ensure the request is legitimate. This may involve requesting additional information, such as your account email or order details.
Review: We will assess whether your data can be deleted or if retention is required for legal or operational purposes (see Section 6).
Deletion: If approved, we will delete your personal data from our Shopify admin and instruct relevant third-party service providers to delete your data, where applicable. Deletion is performed using secure methods to ensure data cannot be recovered.
Confirmation: We will notify you via email once your request is processed, typically within 30 days (in line with UK GDPR and EU GDPR requirements). For California residents under CCPA, we will comply within 45 days, with an extension if needed. If additional time is required, we will inform you within the initial period.

6. Exceptions to Data Deletion

We may retain certain personal data in the following cases:

Legal Obligations: Data required for tax, accounting, or audit purposes (e.g., order history for 6 years under UK tax law).
Fraud Prevention and Security: Data needed to protect against fraudulent activities or ensure the security of our systems.
Legal Claims: Data necessary for resolving ongoing disputes or legal claims.
Anonymized Data: Data that has been anonymized and cannot be linked to you may be retained for analytics or business purposes.

If we cannot delete certain data, we will provide a clear explanation and the expected retention period.

7. Third-Party Data Sharing

Oh So Luxe shares limited personal data with third parties to operate our business, including:

Shopify: Hosts our website and stores customer data on its secure servers.
Payment Processors: Handle payment information securely (e.g., Shopify Payments, Stripe).
Email Marketing Platforms: Sync email data for marketing purposes (if you've opted in).
Shipping Providers: Receive shipping address data to fulfill orders.
Other Shopify Apps: May access data based on their functionality.

When processing a deletion request, we will instruct these third parties to delete your data, unless they are required to retain it for their own legal or operational purposes.

8. Data Security and Deletion Methods

Oh So Luxe relies on Shopify's enterprise-level security measures, including:

Encryption: Data is encrypted in transit and at rest.
Access Controls: Only authorized personnel can access customer data.
Secure Deletion: When deleting data, Shopify uses secure methods to ensure it cannot be recovered.
Regular Backups: Shopify maintains backups, but deleted data is removed from active systems and backups per their retention policies.

You can export your data from our Shopify admin at any time to review what we hold.

9. Cookies and Tracking Technologies

We use cookies and Shopify's analytics tools to collect technical data (e.g., IP address, browsing behavior). You can manage your cookie preferences through our website's cookie consent tool. If you request data deletion, we will remove identifiable technical data, but anonymized data may be retained for analytics.

10. International Customers

Oh So Luxe serves customers in the UK, EU, USA, and other regions. We comply with:

UK GDPR and Data Protection Act 2018 for UK customers.
EU GDPR for EU customers.
CCPA for California residents, ensuring your rights to know, delete, and opt out of data sales (note: we do not sell your data).

If you are located outside these regions, we will comply with applicable local laws to the extent possible.

11. Contact Us

For questions about this Data Deletion Policy or to exercise your data protection rights (e.g., access, correction, or deletion), please contact our Data Protection Officer: