Privacy Policy – seroraboutique.com

Effective Date: 5 April, 2026
Website: Seroraboutique
Website URL: https://seroraboutique.com/
Company: SERORA BOUTIQUE LTD
Company Number: 17040935
Registered Office: 25 Effie Road, London, United Kingdom, SW6 1EL
Email: [email protected]

1. Introduction

This Privacy Policy explains how SERORA BOUTIQUE LTD, trading as Seroraboutique (“Company”, “we”, “us”, or “our”), collects, uses, stores, shares, and protects your personal data when you visit our Website, place an order, contact us, create an account, subscribe to marketing communications, or otherwise interact with us.

We are committed to handling personal data responsibly, transparently, and in accordance with applicable data protection laws, including the UK GDPR, the Data Protection Act 2018, and other applicable privacy and electronic communications laws in the United Kingdom. The ICO states that privacy information should be clear, concise, and explain the key features of processing, including lawful bases and individual rights. your personal data to us, you acknowledge that your information will be processed in accordance with this Privacy Policy.

2. Who We Are

For the purposes of applicable data protection law, the data controller responsible for your personal data is:

SERORA BOUTIQUE LTD
25 Effie Road, London, United Kingdom, SW6 1EL
Email: [email protected]

If you have any questions about this Privacy Policy or how we process your personal data, you may contact us using the details above.

3. Personal Data We Collect

We may collect and process different categories of personal data depending on how you interact with our Website and services.

These categories may include:

Identity Data, such as your name, surname, title, or similar identifiers.

Contact Data, such as your email address, billing address, shipping address, telephone number, or other contact details you provide.

Account Data, such as login credentials, account preferences, saved information, and purchase history connected to your account.

Order Data, such as products purchased, order value, delivery selections, order status, refund requests, and customer service history.

Communication Data, such as messages you send to us by email, website forms, or customer service channels, and records of our correspondence with you.

Technical Data, such as IP address, browser type, device information, operating system, time zone settings, referring pages, and other information collected through cookies, log files, or similar technologies.

Usage Data, such as information about how you browse and interact with our Website, including pages viewed, products visited, and session activity.

Marketing Data, such as your subscription preferences, consent choices, and interactions with promotional emails or campaigns.

We collect only the information reasonably necessary for the purposes described in this Privacy Policy and in line with the data minimisation and purpose limitation principles under the UK GDPR.

4. Panot collect, store, or process your full payment card details on our Website.

All payments are made through third-party payment providers. When you make a payment, your payment details are submitted directly to the relevant payment processor and are handled under that provider’s own privacy notice, terms, and security framework.

We may receive limited transaction-related information from those providers, such as payment status, partial card identifiers, billing confirmation, or transaction reference information, where necessary to confirm payment, fulfill your order, prevent fraud, manage refunds, or maintain records.

5. How We Collect Personal Data

We may collect personal data:

directly from you when you place an order;
when you create or use an account;
when you contact us by email or through website forms;
when you subscribe to newsletters or marketing communications;
when you request information, support, or a return;
automatically through cookies, analytics tools, and technical tracking technologies when you use the Website;
from service providers that support payments, fraud checks, shipping, analytics, email delivery, and website functionality.

6. How We Use Your Personal Data

We use your personal data only where we have a valid legal basis and a legitimate business reason to do so.

We may use your personal data for the following purposes:

to operate, maintain, and improve our Website;
to process and fulfill orders;
to communicate with you about orders, shipping, returns, and customer service matters;
to create and manage your account;
to process cancellation requests, returns, exchanges, and refunds;
to detect, prevent, and investigate fraud, misuse, suspicious activity, or unlawful conduct;
to send service-related communications;
to send marketing communications where permitted by law or where you have consented;
to comply with legal, tax, accounting, regulatory, and reporting obligations;
to enforce our Terms and Conditions and protect our legal rights.

7. Cookies and Similar Technologies

We may use cookies, pixels, tags, scripts, and similar technologies to operate the Website, understand user activity, improve performance, remember preferences, and support analytics and marketing functions.

Some cookies are strictly necessary for the Website to function properly. Other cookies may be optional and used only where permitted under applicable law.

For more detailed information about our use of cookies and similar technologies, please see our Cookies Policy.

8. Sharing Your Personal Data

We may share your personal data with trusted third parties where necessary for the purposes described in this Privacy Policy.

These recipients may include:

payment service providers;
shipping, delivery, and logistics providers;
website hosting and technology providers;
analytics, security, and fraud-prevention providers;
email and communication service providers;
professional advisers, such as lawyers, accountants, auditors, and insurers;
regulators, law enforcement bodies, courts, tax authorities, or other authorities where disclosure is required by law or necessary to protect legal rights.

We do not sell your personal data to third parties.

Where third-party service providers process personal data on our behalf, we take reasonable steps to ensure that appropriate contractual and security measures are in place.

9. Data Security

We use a range of technical and organisational safeguards designed to protect personal data against unauthorised access, misuse, alteration, disclosure, loss, or destruction.

These safeguards may include data encryption, restricted access controls, authentication measures, internal confidentiality controls, system monitoring, periodic security reviews, and other protective measures appropriate to the nature of the information and the risks involved.

We also assess our security practices on an ongoing basis and update them where appropriate to help maintain the integrity and confidentiality of personal data. ICO guidance emphasises that organisations must use “appropriate technical and organisational measures” and consider risk, policies, and physical and technical protections. res to safeguard personal data, no website, storage environment, or electronic transmission system can be guaranteed to be completely secure. You are also responsible for taking reasonable steps to protect your account credentials and devices.

10. UK GDPR and Data Protection Compliance

We process personal data in accordance with the core principles of the UK GDPR, including lawfulness, fairness and transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality, and accountability. These principles sit at the centre of UK GDPR compliance.

To suppont appropriate internal procedures and controls, which may include periodic reviews of our data practices, staff awareness measures, access restrictions, and organisational safeguards intended to maintain the confidentiality, integrity, and proper handling of personal data.

We also seek to ensure that personal data is used only for specified purposes, kept no longer than necessary, and handled in a way that respects individuals’ rights.

11. International Transfers of Personal Data

Your personal data may be stored, accessed, or processed outside the United Kingdom and, where relevant, outside the European Economic Area, including where we use third-party service providers operating internationally.

Where we make restricted transfers of personal data, we take steps intended to ensure that such transfers comply with applicable data protection law and that an adequate level of protection is maintained. Depending on the circumstances, this may include the use of the UK International Data Transfer Agreement (IDTA), the UK Addendum to approved standard contractual clauses, adequacy regulations, or other legally recognised safeguards. The ICO identifies the IDTA and the UK Addendum as standard safeguards for restricted transfers and notes that international transfers must be assessed and protected appropriately. e circumstances of the transfer and implement supplementary measures where reasonably necessary.

12. Strong Customer Authentication and PSD2-Related Payment Security

We do not process card payments ourselves. Payments are handled by third-party payment providers that may apply security and authentication measures required under applicable payment regulations.

Where applicable, those providers may use Strong Customer Authentication (SCA) or equivalent payment verification procedures to help confirm that the person making the payment is authorised to do so. These checks may involve two or more authentication elements, such as something the customer knows, possesses, or is. FCA guidance explains that SCA rules are intended to enhance payment security and reduce fraud during authentication. ayment arrangements, we work with payment providers that are expected to operate in line with relevant legal and regulatory requirements, including PSD2-related standards as implemented in the UK payment framework.

13. Data Retention

We retain personal data only for as long as reasonably necessary for the purposes for which it was collected, including to fulfill orders, provide support, maintain records, meet legal and tax obligations, resolve disputes, and enforce our agreements.

Retention periods may vary depending on the type of data and the reason we hold it. For example, order and transaction records may be retained for accounting, tax, fraud-prevention, and legal compliance purposes for as long as required by applicable law or legitimate business needs.

When personal data is no longer required, we will delete it, anonymise it, or securely store it in a form that prevents further active use, unless continued retention is required by law.

14. Your Rights

Under applicable data protection law, you may have the right to:

request access to the personal data we hold about you;
request correction of inaccurate or incomplete data;
request deletion of your personal data in certain circumstances;
request restriction of processing in certain circumstances;
object to processing based on legitimate interests;
withdraw consent where processing is based on consent;
request portability of certain data, where applicable;
lodge a complaint with the relevant supervisory authority.

These rights are not absolute and may be subject to legal exceptions or limitations.

To exercise any of your rights, please contact us at [email protected].

15. Complaints

If you have concerns about how we handle your personal data, we encourage you to contact us first so that we can try to resolve the issue.

You also have the right to make a complaint to the Information Commissioner’s Office (ICO), which is the UK supervisory authority for data protection matters. ICO guidance states that privacy information should explain how people can complain if they have concerns about data use.

16. Services

Our Website may contain links to third-party websites, tools, applications, or services. We are not responsible for the privacy practices, content, or security of those third parties.

If you follow a link to a third-party website or use a third-party service, your personal data will be governed by that third party’s own terms and privacy practices.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in law, regulation, business operations, technology, or our data practices.

Any updated version will be posted on this Website with a revised effective date. We encourage you to review this Privacy Policy periodically to stay informed about how we process personal data.