Privacy Policy-uptotravl

1. What Personal Information Do We Collect?

• Identity and Contact Information: Your full name, email address (for communications via uptotravl@outlook.com), telephone number, and delivery/billing addresses. We collect this information when you place an order for casual wear, create a customer account, subscribe to our promotional updates and new collection notifications, or contact our customer support team for help (such as size recommendations, fabric care guidance, or order tracking).
• Order and Transaction Data: Details related to your purchases, including the casual clothing items you choose (e.g., lightweight casual tops, stretch casual leggings, packable casual dresses), sizes, quantities, order reference numbers, transaction amounts, and payment method identifiers. We never store full payment card information; all payment processing is handled by PCI DSS-compliant third-party payment service providers to ensure the security of your payment data.
• Account and Preference Information: If you register an account with us, we will store your size preferences (customized for our casual wear range), order history, saved delivery addresses, and communication preferences (e.g., whether you prefer email or SMS for order updates).
• Website Usage and Technical Data: When you visit our official website, we collect anonymized technical and browsing data to optimize website performance and your browsing experience, including: This data is collected through cookies and similar tracking technologies (see Section 7 for how to manage these settings).
  • Device information (e.g., smartphone, tablet, desktop), operating system, and browser version.
  • Anonymized IP address (personal identifying information is permanently removed within 32 days to ensure non-identifiability).
  • Browsing behavior: Pages visited (e.g., travel-friendly casual wear section, winter casual collection), products added to cart or wishlist, time spent on product detail pages, and referral sources (e.g., search engines, social media posts about our casual wear).
• Voluntarily Provided Information: Information you actively share with us, such as product reviews (e.g., feedback on the durability of our travel casual wear or the fit of our leggings), style suggestions, survey responses, or details exchanged during in-store interactions (e.g., casual wear fitting needs for travel).

2. Why Do We Process Your Personal Data?

• To Fulfill a Contract: We process your data to fulfill the obligations of your purchase contract with us, including processing payments, arranging delivery of your casual wear orders through UK-based logistics partners, sending order confirmations and shipping tracking information, and handling returns or exchanges in accordance with our return policy.
• With Your Explicit Consent: We process your data to send you personalized marketing communications (e.g., new arrivals of travel-friendly casual wear, exclusive discounts, in-store events in St Albans) and provide tailored product recommendations (e.g., suggesting matching casual tops for your previously purchased leggings) based on your browsing and purchase history. You can withdraw your consent at any time without affecting the processing of your existing orders.
• For Legitimate Business Interests: We process your data to improve our casual wear product range (e.g., optimizing designs for travel comfort based on customer feedback), enhance website functionality and user experience, detect and prevent fraudulent transactions, and ensure the overall security and efficiency of our business operations. These interests are carefully balanced to avoid violating your privacy rights.
• To Comply with Legal Obligations: We process and retain your data to meet UK tax and accounting requirements (retaining transaction records for 7 years) and to respond to lawful requests from regulatory authorities (such as the Information Commissioner's Office/ICO) or court orders.

3. Who Do We Share Your Personal Data With?

• Payment Service Providers: PCI DSS-accredited payment processors (e.g., Stripe, PayPal) that handle secure payment transactions. They receive only the minimum information needed to complete payments (e.g., transaction amount, payment method type) and are prohibited from using your data for any other purpose.
• Logistics and Delivery Partners: UK-based courier services that need your delivery address and contact details to ship your casual wear orders. They do not store your personal data after the delivery is completed and must comply with strict data protection standards.
• IT and Cybersecurity Partners: UK-hosted service providers that maintain our website, manage our customer database, and provide cybersecurity services. They only have access to anonymized or encrypted data and are bound by strict confidentiality agreements.
• Legal and Regulatory Bodies: We may disclose your personal information if required by law, regulation, or legal process (e.g., a court subpoena), or to protect our legitimate rights, property, or safety, as well as the rights, property, or safety of our customers or other third parties.
• Business Successors: In the event of a merger, acquisition, sale of assets, or other business restructuring, your personal information may be transferred to the new owner or successor entity. The successor will be required to comply with this Privacy Policy to ensure the continued protection of your data.

4. How Do We Protect Your Personal Data?

• End-to-end SSL/TLS encryption for all data transmitted between your device and our website, ensuring the security of your contact information and transaction data during transmission.
• Secure, encrypted storage of data on UK-based servers, with multi-factor authentication and role-based access control systems. Only authorized personnel with a legitimate business need (e.g., processing casual wear orders, providing customer support) can access personal information, and all access activities are logged and audited regularly.
• Proactive security management, including regular vulnerability scans, security audits, and software updates to address emerging cyber threats. We also conduct bi-annual penetration testing to verify the effectiveness of our security controls.
• Regular data protection training for all employees, ensuring they fully understand their obligations under GDPR and DPA 2018 and are capable of handling your personal information securely and responsibly.

5. How Long Do We Keep Your Personal Data?

• Transaction and identity data (e.g., casual wear order details, contact information): Retained for 7 years from the end of the transaction to comply with UK tax and accounting laws.
• Account and preference data: Retained for the duration of your account activity. If you request to delete your account, we will delete this data within 41 days (unless we are required to retain it by law).
• Marketing consent and communication data: Retained until you withdraw your consent. After withdrawal, we will delete your marketing-related information within 26 days to ensure you no longer receive promotional communications about our casual wear.
• Website usage and technical data: Retained for 32 days before being permanently anonymized for aggregate analytics purposes (e.g., analyzing customer preferences for travel-friendly casual wear, optimizing website navigation).

6. What Rights Do You Have Over Your Data?

• Right to Access: You can request a free, clear copy of the personal data we hold about you, along with details of our processing activities.
• Right to Rectification: You can request that we correct any inaccurate or incomplete personal information (e.g., updating your delivery address or size preferences for our casual wear).
• Right to Erasure (Right to be Forgotten): You may request us to delete your personal information if it is no longer necessary for the purpose it was collected, you withdraw your consent, or our processing is no longer legally permitted (subject to legal retention obligations).
• Right to Restrict Processing: You can request that we limit the processing of your personal information (e.g., while we verify the accuracy of your casual wear order history).
• Right to Data Portability: You have the right to receive your personal information in a structured, commonly used, and machine-readable format (e.g., a CSV file of your order history) and to transfer it to another data controller.
• Right to Object: You can object to the processing of your personal information for direct marketing purposes at any time. You may also object to processing based on our legitimate business interests, and we will review your objection and cease processing if your interests, rights, and freedoms take precedence.
• Right to Withdraw Consent: If you have given your consent for marketing or other processing activities (e.g., personalized casual wear recommendations), you can withdraw it at any time by clicking the "unsubscribe" link in our emails or contacting our customer service team directly.

7. Cookies and Similar Tracking Technologies

• Essential Cookies: These cookies are necessary for the basic operation of our website. They allow you to browse our casual wear product catalog, add items to your shopping cart, and complete the checkout process. You cannot disable these cookies, as they are required to use our core services.
• Analytical Cookies: These cookies collect anonymized, aggregated data on how users interact with our website (e.g., which casual wear product pages are most popular, how users navigate through the site). We use this data to improve website performance and user experience.
• Marketing Cookies: These cookies are used to deliver personalized marketing content (e.g., ads for new travel-friendly casual wear collections or exclusive discounts) based on your browsing history. We only use these cookies if you have given your explicit consent.

8. Contact Us for Data-Related Inquiries

• Brand Name: uptotravl
• Email: uptotravl@outlook.com
• Phone: +44 (0) 1727 864 139 (Mon-Fri: 8:45 AM – 5:15 PM GMT; Sat: 9:45 AM – 3:45 PM GMT)
• Address: 32 High Street, St Albans AL1 3JD, United Kingdom

9. Updates to This Privacy Policy