Privacy policy
Privacy Policy
Last Updated: April 7, 2026
Aloyoga ("we", "us", "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you visit our website, place an order, or otherwise interact with our services.
This policy is provided in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Data Controller
The data controller responsible for your personal data is:
Aloyoga 47 Camden High Street London, NW1 7JE United Kingdom
Email: aloyoga-shop@outlook.com Phone: +44 20 7946 0958
2. Information We Collect
We may collect and process the following categories of personal data:
2.1 Information You Provide Directly
- Identity Data: First name, last name, title.
- Contact Data: Email address, telephone number, billing address, delivery address.
- Account Data: Username, password, account preferences.
- Transaction Data: Payment card details (processed securely via our third-party payment processor), order history, purchase amounts.
- Communication Data: Any correspondence you send to us, including emails, live chat messages, and customer service enquiries.
- Review & Feedback Data: Product reviews, ratings, or survey responses you submit.
2.2 Information Collected Automatically
- Technical Data: IP address, browser type and version, operating system, device type, screen resolution, time zone setting.
- Usage Data: Pages visited, time spent on pages, click patterns, referring website, exit pages, date and time of visit.
- Cookie Data: Information collected through cookies and similar tracking technologies (see Section 9).
- Location Data: Approximate geographic location derived from your IP address.
2.3 Information from Third Parties
- Payment Providers: Transaction confirmation and fraud prevention data from payment processors such as Stripe, PayPal, Klarna, or Clearpay.
- Social Media Platforms: If you interact with us through social media, we may receive your public profile information, depending on your privacy settings on those platforms.
- Analytics Providers: Aggregated and anonymised data from services such as Google Analytics.
3. How We Use Your Information
We process your personal data for the following purposes and on the following legal bases:
| Purpose | Legal Basis (UK GDPR) |
|---|---|
| To process and fulfil your orders | Performance of a contract (Art. 6(1)(b)) |
| To manage your account | Performance of a contract (Art. 6(1)(b)) |
| To communicate with you about your orders | Performance of a contract (Art. 6(1)(b)) |
| To send marketing communications (with consent) | Consent (Art. 6(1)(a)) |
| To improve our website and services | Legitimate interests (Art. 6(1)(f)) |
| To detect and prevent fraud | Legitimate interests (Art. 6(1)(f)) |
| To comply with legal obligations | Legal obligation (Art. 6(1)(c)) |
| To personalise your shopping experience | Legitimate interests (Art. 6(1)(f)) |
| To conduct analytics and research | Legitimate interests (Art. 6(1)(f)) |
| To manage returns and refunds | Performance of a contract (Art. 6(1)(b)) |
4. Marketing Communications
We may send you marketing emails about our products, promotions, and news if you have given us your explicit consent or if you have previously purchased from us and have not opted out (soft opt-in under the Privacy and Electronic Communications Regulations 2003).
You have the right to withdraw your consent or opt out of marketing communications at any time by:
- Clicking the "unsubscribe" link in any marketing email.
- Contacting us at aloyoga-shop@outlook.com.
Opting out of marketing will not affect communications related to your orders or account.
5. Data Sharing
We may share your personal data with the following categories of third parties:
- Delivery Partners: Royal Mail, DPD, and other courier services to fulfil and deliver your orders.
- Payment Processors: Stripe, PayPal, Klarna, Clearpay for secure payment processing. We do not store your full payment card details on our servers.
- IT & Hosting Providers: Secure hosting, cloud storage, and website maintenance providers.
- Analytics Providers: Google Analytics and similar services for aggregated, anonymised website analytics.
- Marketing Platforms: Email marketing services (e.g., Mailchimp, Klaviyo) to send communications you have consented to receive.
- Legal & Regulatory Authorities: Where required by law, regulation, or legal proceedings.
- Professional Advisors: Accountants, auditors, and legal advisors where necessary for business operations.
We require all third parties to respect the security of your personal data and to treat it in accordance with applicable data protection laws. We do not permit third parties to use your personal data for their own marketing purposes.
6. International Data Transfers
Some of our third-party service providers may be based outside the United Kingdom. Where personal data is transferred outside the UK, we ensure that appropriate safeguards are in place, such as:
- The recipient country has been deemed to provide an adequate level of data protection by the UK Government.
- Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office (ICO) are in place.
- The recipient is certified under an approved certification mechanism.
7. Data Retention
We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected. Our general retention periods are:
| Data Type | Retention Period |
|---|---|
| Order and transaction data | 6 years (for tax and legal compliance) |
| Account data | Duration of account plus 2 years after closure |
| Marketing consent records | Duration of consent plus 1 year after withdrawal |
| Customer service communications | 3 years from last interaction |
| Website analytics data | 26 months (anonymised) |
| Cookie data | See Section 9 |
After the applicable retention period, personal data will be securely deleted or anonymised.
8. Your Rights
Under the UK GDPR, you have the following rights in relation to your personal data:
- Right of Access: You may request a copy of the personal data we hold about you (Subject Access Request).
- Right to Rectification: You may request correction of inaccurate or incomplete personal data.
- Right to Erasure: You may request deletion of your personal data where there is no compelling reason for its continued processing.
- Right to Restrict Processing: You may request that we limit how we use your data in certain circumstances.
- Right to Data Portability: You may request to receive your personal data in a structured, commonly used, machine-readable format.
- Right to Object: You may object to the processing of your personal data where we rely on legitimate interests, including direct marketing.
- Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
- Right Not to Be Subject to Automated Decision-Making: You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects.
To exercise any of these rights, please contact us at aloyoga-shop@outlook.com. We will respond to your request within one calendar month. In certain circumstances, we may extend this period by a further two months, in which case we will inform you of the extension and the reasons for it.
9. Cookies
Our website uses cookies and similar tracking technologies to enhance your browsing experience. Cookies are small text files placed on your device when you visit our website.
9.1 Types of Cookies We Use
| Cookie Type | Purpose | Duration |
|---|---|---|
| Strictly Necessary | Essential for website functionality, shopping basket, checkout | Session / up to 1 year |
| Performance & Analytics | Understand how visitors use our site (e.g., Google Analytics) | Up to 2 years |
| Functional | Remember your preferences (e.g., language, currency) | Up to 1 year |
| Marketing & Targeting | Deliver relevant advertisements and measure campaign effectiveness | Up to 2 years |
9.2 Managing Cookies
You can manage your cookie preferences at any time through our cookie consent banner or by adjusting your browser settings. Please note that disabling certain cookies may affect the functionality of our website.
10. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:
- SSL/TLS encryption for all data transmitted between your browser and our website.
- Secure, encrypted storage of personal data.
- Regular security assessments and vulnerability testing.
- Access controls limiting employee access to personal data on a need-to-know basis.
- PCI DSS-compliant payment processing through our third-party payment providers.
While we take all reasonable steps to protect your data, no method of transmission over the Internet is 100% secure. We cannot guarantee the absolute security of your personal data.
11. Children's Privacy
Our website and services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16 without appropriate parental consent, we will take steps to delete that information promptly.
12. Third-Party Links
Our website may contain links to third-party websites, plugins, or applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy policies. We encourage you to read the privacy policy of every website you visit.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Any changes will be posted on this page with an updated "Last Updated" date. We encourage you to review this policy periodically. Where changes are significant, we may notify you by email or through a prominent notice on our website.
14. Complaints
If you are not satisfied with our response to a privacy concern, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
- Website: https://ico.org.uk
- Helpline: 0303 123 1113
15. Contact Us
For any questions or concerns about this Privacy Policy or how we handle your personal data, please contact us:
- Email: aloyoga-shop@outlook.com
- Phone: +44 20 7946 0958
- Address: Alyoga, 47 Camden High Street, London, NW1 7JE, United Kingdom
Business hours: Monday to Friday, 9:00 AM – 5:30 PM (GMT)