Privacy Policy

Last updated: 20 March 2026

At PINK FASHION, we take the protection of your personal data seriously. This Privacy Policy explains what personal information we collect, why and on what legal basis we process it, who we share it with (including Shopify and service providers), how international data transfers are handled, how long we retain data, and what rights you have.

1) Who We Are & How to Contact Us

Data Controller:
PINK FASHION

Business address:
2 Waring Rd
Sidcup DA14 6SH
United Kingdom

Email (support & privacy): info@pinkfashion.co.uk
Phone: +44 74 8886 4440

We operate our online store on Shopify. In relation to customer data, PINK FASHION acts as the data controller, while Shopify generally acts as a data processor. For certain enhanced services, Shopify may act as an independent or joint controller, as described in Shopify’s Data Processing Addendum. [help.shopify.com][shopify.com]

2) Personal Data We Collect & Purposes of Processing

Categories of Personal Data

  • Identification & contact data
    (name, email address, phone number, billing and delivery address)
  • Order & transaction data
    (ordered products, order ID, prices, delivery status)
  • Payment data
    (tokenised payment data processed by payment providers; we do not store full card details)
  • Technical data
    (IP address, browser/device information, cookie identifiers)
  • Communication data
    (emails, customer service enquiries, return requests)
  • Marketing & preference data
    (newsletter subscriptions, consent records, opt‑outs)

Shopify, as our e‑commerce platform, also processes device and browser data and cookies to ensure store functionality and security. Details are available in Shopify’s own cookie and privacy documentation. [shopify.com]

Purposes & Legal Bases (UK GDPR Article 6)

  • Processing and delivery of orders
    (performance of a contract – Art. 6(1)(b))
  • Customer support, returns and complaints
    (contract and/or legitimate interest – Art. 6(1)(b)/(f))
  • Accounting and legal obligations
    (legal obligation – Art. 6(1)(c))
  • Fraud prevention and security
    (legitimate interest – Art. 6(1)(f))
  • Marketing communications (e.g. newsletters)
    (consent – Art. 6(1)(a); withdrawable at any time)
  • Analytics and advertising cookies/pixels
    (consent – Art. 6(1)(a))

3) Cookies, Consent & Tracking Technologies

We use cookies and similar technologies on our website for the following purposes:

  1. Strictly necessary cookies – required for website functionality, security and fraud prevention
  2. Analytics cookies – to understand how visitors use our website and improve performance
  3. Marketing cookies – to deliver personalised advertising and measure campaign effectiveness

Non‑essential cookies (analytics and marketing) are only activated after you provide your explicit consent.

In accordance with UK GDPR and the Privacy and Electronic Communications Regulations (PECR):

  • Rejecting cookies must be as easy as accepting them
  • Consent can be withdrawn at any time
  • Cookies must not be set until valid consent is obtained

Cookie Categories Used by Shopify

Our online store is hosted on Shopify, which uses different types of cookies, including:

  • Functional cookies (store functionality and checkout)
  • Performance & analytics cookies
  • Advertising and social media cookies

Shopify regularly updates its cookie architecture and technologies. Changes to Shopify cookies and tracking tools are documented in Shopify’s official resources:

Managing Your Cookie Preferences

You can manage your cookie preferences at any time via the cookie banner or cookie settings link on our website.

For detailed information about each cookie category and the specific technologies we use, please see our Cookie Policy (available as a separate page).

Compliance Note (UK Best Practice)

To ensure compliance with UK data protection law:

  • Non‑essential cookies and tracking scripts are technically blocked until consent is given
  • Consent is recorded and can be withdrawn as easily as it is granted
  • Consent applies only to the specific browser and device used

This approach reflects guidance from the UK Information Commissioner’s Office (ICO) regarding cookies and online tracking.

ICO guidance:
https://ico.org.uk/for-organisations/guide-to-pecr/cookies-and-similar-technologies/

4) Third Parties & Recipients of Personal Data

We share personal data only where necessary and lawful, and strictly for the purposes described in this Privacy Policy.

Service Providers & Recipients

We may share personal data with the following categories of recipients:

Shopify (E‑commerce Platform & Hosting)

Our online store is hosted on Shopify, which provides website hosting, security, infrastructure, checkout functionality and store management tools.
Shopify generally acts as a data processor processing personal data on our behalf under its Data Processing Addendum (DPA).
For certain enhanced or optional services, Shopify may act as an independent or joint data controller, as described in Shopify’s documentation.

Relevant references:

Payment Service Providers

Payments are processed securely by authorised payment service providers such as:

  • Shopify Payments (powered by Stripe)
  • PayPal
  • Klarna (where offered)

These providers process payment data directly in accordance with their own privacy policies and regulatory obligations.
We do not receive or store full card details.

Reference:

Shipping & Logistics Partners

We share necessary delivery information (such as name, address and contact details) with shipping and logistics providers to fulfil delivery and returns.

Only the data strictly required to complete delivery services is shared.

Customer Support, Email & Marketing Tools

We may use third‑party tools for:

  • Customer support
  • Email communications
  • Marketing campaigns

Such tools are used only where necessary, and marketing or tracking technologies are applied only with valid consent, where required by law.

Legal & Regulatory Authorities

We may disclose personal data to public authorities, regulators, courts or professional advisers where required to comply with legal obligations or to protect our legal rights.

Data Processing Safeguards

Where required by law, we:

  • Enter into data processing agreements with service providers
  • Ensure clear allocation of controller / processor roles
  • Require appropriate technical and organisational safeguards

These measures are implemented in line with UK GDPR requirements and guidance issued by the UK Information Commissioner’s Office (ICO).

ICO reference:
https://ico.org.uk/for-organisations/uk-gdpr-guidance/

5) International Data Transfers

We may transfer personal data outside the United Kingdom in order to operate our online store and provide our services.

Our e‑commerce platform provider, Shopify, is headquartered in Canada and operates globally. As a result, personal information may be processed or accessed in countries outside the UK, including Canada and the United States.

Safeguards for International Transfers

Where personal data is transferred outside the UK, we ensure that appropriate safeguards are in place, including:

  • Transfers to countries that are subject to an adequacy decision recognised by the UK Government, and/or
  • The use of UK‑approved contractual safeguards, such as:
    • the UK International Data Transfer Agreement (IDTA), or
    • the UK Addendum to the EU Standard Contractual Clauses (SCCs)

These safeguards are designed to ensure that your personal data continues to receive a level of protection equivalent to that required under UK GDPR.

Shopify provides detailed information about its international data transfers, security measures and contractual protections in its official documentation:

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected. This includes, where applicable:

  • compliance with accounting and tax obligations,
  • establishing, exercising or defending legal claims, and
  • maintaining records of consents and opt‑outs, where required.

Once personal data is no longer required for these purposes, it is securely deleted or anonymised in accordance with applicable data protection requirements.

Shopify applies similar principles regarding data retention and deletion, as described in its Privacy Policy:
https://www.shopify.com/legal/privacy


Your Rights Under UK Data Protection Law

Under UK GDPR, you have the right to:

  • be informed about how your personal data is used,
  • access your personal data,
  • request correction of inaccurate or incomplete data,
  • request deletion of your personal data,
  • request restriction of processing,
  • receive your personal data in a portable format,
  • object to the processing of your personal data, including for direct marketing, and
  • not be subject to decisions based solely on automated processing, including profiling, where such decisions have legal or similarly significant effects.

We aim to respond to all valid requests within one month, in line with UK data protection law.

Limitations to These Rights

In certain circumstances, some data subject rights may be restricted where this is necessary and proportionate, as permitted by law — for example, to safeguard law enforcement activities, comply with legal obligations, or enable the establishment, exercise or defence of legal claims.

These restrictions are permitted under Article 23 of GDPR (as retained in UK GDPR) and do not affect the core principles of lawfulness, fairness and transparency.

Further explanation of these limitations can be found here:
https://gdprexplorer.com/gdpr-article-23-explained-restrictions-of-data-subject-rights-and-their-limits

How to Exercise Your Rights

To exercise your rights, please contact us at:
📧 info@pinkfashion.co.uk

If you have a customer account with us, you may be able to access or update certain personal details directly through your account.

Where your request relates to personal data processed independently by Shopify (acting as a separate data controller for certain services), Shopify also provides tools for submitting privacy requests:
https://privacy.shopify.com

8) Automated Decision‑Making & Profiling

We do not make decisions that have legal or similarly significant effects based solely on automated processing.

Where profiling is used for personalised marketing or recommendations, it is done only with your consent, which can be withdrawn at any time. [gdpr-info.eu]

9) Security Measures

We implement appropriate technical and organisational measures to protect personal data, including access controls, encryption where appropriate, and staff training.

We select service providers that provide adequate data protection guarantees. [dataprotection.ie][help.shopify.com]

10) Children’s Data

Our website is not intended for children. If we become aware that personal data of a child has been collected without appropriate consent, we will delete it promptly.

11) Complaints

If you have any concerns about how we handle or process your personal data, we encourage you to contact us first so that we can try to resolve the issue promptly.

If you are not satisfied with our response, you have the right to lodge a complaint with the UK supervisory authority:

Information Commissioner’s Office (ICO)
Website: https://ico.org.uk
Make a complaint: https://ico.org.uk/make-a-complaint/

12) Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, platform updates, or legal requirements.
The latest version will always be available on this page.

13) Contact

Email: info@pinkfashion.co.uk (You may also contact us via the form HERE.)
Telephone number: +44 74 8886 4440
Our customer service team is ready to assist you.

Customer service opening hours:
Monday - Friday: 10:00 – 18:00
Saturday and Sunday: Closed

Store name: PINK FASHION
Warehouse address: 2 Waring Rd, Sidcup DA14 6SH, United Kingdom
Company name: Ondřej Pilát
Company registration number (CZ): 07438427
Company address: Spojů 852/1, Ostrava, Czech Republic, 708 00