Privacy Policy

Privacy Policy for Zebaa.co.uk

At Zebaa.co.uk, we are committed to protecting your privacy and ensuring that your personal data is handled responsibly and transparently. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website, make a purchase, or interact with our services. It also outlines your rights under the **UK General Data Protection Regulation (UK GDPR)** and the Data Protection Act 2018.

Data Controller Status

Zebaa.co.uk is a UK-based home décor retail business operating an e-commerce platform that allows customers to browse and purchase products online. For the purposes of data protection law, we act as the **“data controller”** of the personal data you provide to us.

Personal Data We Collect

We may collect and process various categories of personal data, including:

**Identity & Contact Data:** Name, email address, phone number, billing and shipping addresses.
**Financial Data:** Payment details (processed securely via third-party providers; we do not store full payment card details).
**Technical & Usage Data:** IP address, browser type, time zone setting, device type, operating system, purchase history, and interactions with our website and marketing.
**Social Media Data:** Username and public profile information if you engage with us via social media.

**Note:** We do not collect special category data (such as health or ethnicity) unless explicitly provided by you for a specific purpose and with your consent.

How We Collect Your Data

Your personal data is collected through:

**Direct Interactions:** When you place an order, register an account, or contact us.
**Automated Technologies:** Cookies and analytics tools (e.g., Google Analytics).
**Third-Party Sources:** Trusted partners including payment processors, delivery partners, and marketing platforms.

How We Use Your Personal Data

We use your personal data for the following purposes:

To **process and fulfil orders** and manage your account.
To provide customer support and send **transactional communications** (e.g., order and shipping confirmations).
To **personalise your shopping experience** and recommend products.
To send **marketing communications** (if you have explicitly opted in).
To improve our website and services, detect and prevent fraud, and comply with legal obligations.

Legal Basis for Processing

Our legal basis for processing your personal data depends on the context:

**Consent:** For marketing communications and optional data collection.
**Contractual Necessity:** To fulfil orders and provide services you have requested.
**Legal Obligation:** To comply with laws (e.g., tax and accounting).
**Legitimate Interests:** Such as improving our services, preventing fraud, and managing our business effectively, provided these interests do not override your rights.

We may share your personal data with trusted third parties who help us operate our business. These include:

Payment processors (e.g., Stripe, PayPal)
Delivery partners (e.g., Royal Mail, DPD)
IT and hosting providers
Marketing platforms (e.g., Mailchimp)
Professional advisers (e.g., accountants and legal counsel)
Regulatory authorities when required by law.

All third parties are required to comply with data protection laws and process your data only for specified purposes.

International Data Transfer

In some cases, your data may be transferred outside the UK or European Economic Area (EEA). When this occurs, we ensure that appropriate safeguards are in place, such as **Standard Contractual Clauses** or adequacy decisions approved by the UK government, to protect your data.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, or reporting requirements. For instance, we retain order and transaction data for **six years** to comply with tax and accounting regulations. Once your data is no longer needed, it is securely deleted or anonymised.

Your Rights Under UK GDPR

Under UK GDPR, you have several important rights regarding your personal data. These include:

The right to **access** your data.
The right to **correct** inaccuracies.
The right to **request deletion** of your data.
The right to **restrict** processing.
The right to **object** to certain uses (e.g., direct marketing).
The right to **withdraw consent**.
The right to data **portability**.

You also have the right to lodge a **complaint with the Information Commissioner’s Office (ICO)** if you believe your data has been mishandled. To exercise any of these rights, please contact us using the details below.

Cookies and Tracking

Our website uses **cookies** and similar technologies to enhance your browsing experience, analyse traffic, and personalise content. You can manage your cookie preferences through your browser settings. For more information, please refer to our Cookie Policy.

Data Security

We take data security seriously and implement appropriate **technical and organisational measures** to protect your personal data from unauthorised access, loss, misuse, or alteration. These measures include SSL encryption, secure payment gateways, access controls, and regular security audits. While we strive to protect your data, no system is completely secure, and we encourage you to take precautions when sharing personal information online.

Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of those sites. We encourage you to read their privacy policies before providing any personal data.

Children's Privacy

Zebaa.co.uk is not intended for children under the age of 13. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us so we can remove it.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Any updates will be posted on this page with a revised effective date. We encourage you to review this policy periodically.