Privacy Policy-jsfkeji

Jsfkeji ("we", "us", "our") is a women's casual clothing brand focused on delivering comfortable, on-trend and functional pieces for everyday living. We take the privacy and security of your ("you", "your") personal information seriously, regardless of how you engage with our brand—whether shopping our online store, visiting our Newcastle boutique on Grainger Street, contacting customer service, following us on social media, or interacting with our team in person. This Privacy Policy outlines our practices for collecting, using, storing, disclosing and protecting your personal data, in full compliance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA 2018) of the United Kingdom. By accessing our services, purchasing our products, or sharing your personal details, you confirm you have read, understood and agreed to all terms herein.

1. What Personal Data Do We Collect?

We operate on the "data minimization" principle—collecting only what is necessary to deliver a great shopping experience, fulfill your orders, communicate effectively, and improve our casualwear offerings. Below are the types of data we gather and when:
  • Identity & Contact Details: Full name, email address (for communications via jsfkeji12@outlook.com), phone number, and delivery/billing addresses. Collected when you place an order, create an account, subscribe to new arrival alerts or exclusive deals, or seek support (size advice, order tracking, product care, after-sales help).
  • Transaction & Order Data: Order reference numbers, selected items, sizes, quantities, transaction amounts, and payment method identifiers. We never store full payment card details—all payments are processed by PCI DSS-accredited third parties for maximum financial security.
  • Account & Preferences: For registered users, we store size preferences, order history, saved addresses, and communication choices (e.g., opting in/out of styling tips, seasonal promotions, or new collection updates via email).
  • Website Usage & Technical Data: Anonymized data to optimize site performance, including: This data is collected via cookies (see Section 7 for management options).
    • Device type, operating system, and browser version.
    • Anonymized IP address (personal identifiers removed within 45 days to ensure non-identifiability).
    • Browsing activity: Pages visited, products viewed/added to cart/wishlist, time on site, and referral sources (search engines, social media, in-store referrals, or Newcastle local promotions).
  • Voluntarily Shared Info: Product reviews, feedback, survey responses, style suggestions, or details exchanged during in-store interactions with our Newcastle team.

2. Why We Process Your Data & Legal Bases

We only process your data for lawful purposes, each supported by a valid legal basis under GDPR. Key purposes and justifications:
  • Contract Fulfillment: To honor your purchase—processing payments, arranging delivery, sending confirmations/tracking updates, and handling returns/refunds per our after-sales policy.
  • Your Consent: To send personalized marketing (new collections, discounts, Newcastle in-store event invitations, tailored recommendations). You can withdraw consent anytime without impacting existing orders.
  • Legitimate Interests: To improve our casualwear range and services (using feedback), optimize website functionality, prevent fraud, and run our business efficiently—balanced to not override your privacy rights.
  • Legal Compliance: To retain transaction records for 7 years (UK tax/accounting rules) and respond to lawful requests from regulators (ICO), courts, or law enforcement.

3. Third-Party Data Sharing

We never sell, rent, or lease your data to third parties for their marketing. We only share with trusted partners who assist our operations, all contractually bound to protect your data and comply with GDPR/DPA 2018:
  • Payment Processors: PCI DSS-compliant providers (e.g., Stripe, PayPal) handling secure transactions—only receive minimal data needed for payments.
  • Delivery Partners: UK couriers requiring your address/contact to ship orders—no post-delivery data storage.
  • IT & Cybersecurity Providers: UK-hosted services for website maintenance, database management, and security—access only anonymized/encrypted data.
  • Legal/Regulatory Bodies: Disclosure if required by law, legal process, or to protect our rights, property, safety, or that of customers/third parties.
  • Business Successors: Data may transfer in mergers/acquisitions—successors must uphold this policy.

4. Data Security Measures

We implement strict technical and organizational safeguards to protect your data from unauthorized access, disclosure, alteration, or loss:
  • End-to-end SSL/TLS encryption for data transmitted between your device and our website.
  • Encrypted storage on UK-based servers, with multi-factor authentication and role-based access controls—only authorized staff with a legitimate need can access data, and all access is logged/audited.
  • Proactive security: regular vulnerability scans, software updates, and annual penetration testing to address cyber threats.
  • Mandatory GDPR training for all employees—ensuring secure data handling online and in-store.
No internet transmission is 100% secure, but we take all reasonable steps to minimize breach risks. We’ll notify you and the ICO promptly if a breach threatens your rights, as required by law.

5. How Long We Retain Your Data

Data is retained only as long as needed for its purpose or legal compliance, then securely deleted/anonymized:
  • Transaction/identity data: 7 years from transaction date (UK tax/accounting compliance).
  • Account/preference data: Retained while your account is active—deleted within 52 days of account deletion (unless legally required).
  • Marketing consent data: Retained until consent is withdrawn—deleted within 36 days to stop promotions.
  • Website/technical data: Retained for 45 days before permanent anonymization for analytics.

6. Your Data Protection Rights

Under GDPR/DPA 2018, you have enforceable rights—we support you in exercising them promptly:
  • Access: Request a free copy of your data and processing details.
  • Rectification: Correct inaccurate/incomplete data (e.g., updated address/size preferences).
  • Erasure: Request deletion if data is no longer needed, consent is withdrawn, or processing is unlawful (subject to legal retention).
  • Restriction: Request limited processing (e.g., while verifying order details).
  • Portability: Receive data in a structured format for transfer to another provider.
  • Objection: Object to marketing processing anytime, or legitimate interest processing (we cease if your interests prevail).
  • Withdraw Consent: Use email "unsubscribe" links or contact us directly.
To exercise these rights, contact us (Section 8). We may request ID to protect your data. Responses within 30 days (extendable by 30 days for complex requests, with notification).
You can complain to the ICO via www.ico.org.uk or 0303 123 1113 if dissatisfied with our data handling.

7. Cookies & Tracking

Our website uses cookies (small text files) to enhance browsing, analyze traffic, and personalize offers. Three cookie categories:
  • Essential Cookies: Required for core functions (cart, checkout)—cannot be disabled.
  • Analytical Cookies: Anonymized, aggregated data to improve site performance.
  • Marketing Cookies: Personalized marketing based on browsing history—used only with your consent.
Manage/disable non-essential cookies via browser settings (process varies by browser). Disabling them won’t affect shopping but may limit personalization.

8. Contact for Data Queries

For questions, concerns, or requests about this policy or your data, contact our data protection team:
  • Brand Name: jsfkeji
  • Email: jsfkeji12@outlook.com
  • Phone: +44 (0) 191 236 8741 (Mon-Fri: 9:00 AM – 5:30 PM GMT; Sat: 10:00 AM – 3:00 PM GMT)
  • Address: 24 Grainger Street, Newcastle NE1 5JG, United Kingdom

9. Policy Updates

We may update this policy to reflect legal changes, business updates, or tech advancements. Updated policies will have a revised "Last Updated" date. For significant changes, we’ll notify you via email (if we have your details) or website notice at least 34 days before implementation.
Review this policy regularly to stay informed about our data practices.