Privacy Policy – Transform Any Event with Stylish Women's Fashion & Apparel

This Privacy Policy explains how Oh Polly Ltd collects, uses, stores, and protects your personal information when you access or interact with the website ohpolly.com, as well as any related services or situations where data is obtained through other means. This policy applies from 21 May 2018 and is intended to provide transparency about how personal data is handled throughout your interaction with the Service.

The data controller responsible for your information is Oh Polly Ltd, Floor 2, 175 West George Street, Glasgow, G2 3LB, United Kingdom, registered with the UK Information Commissioner’s Office under number ZA284602.

Information may be collected in several ways. This includes data you directly provide when placing an order, contacting customer support, registering an account, or subscribing to marketing communications. Additional information may be collected automatically when you use the website, including technical data, browsing activity, and cookie-based tracking. In some cases, limited information may also be received from third-party partners.

The types of personal data collected can include your name, contact details such as email address and phone number, billing and shipping addresses, IP address, device and browser information, browsing behavior on the website, purchase history, and interaction data such as pages viewed, items clicked, and time spent on specific sections. Where relevant, business-related details such as company name or VAT number may also be recorded.

This information is used for a range of operational purposes. These include processing and fulfilling orders, managing payments, providing customer support, improving website functionality, analyzing user behavior to enhance services, sending updates or marketing communications where permitted, and meeting legal and regulatory obligations. Data may also be used for fraud prevention, identity verification, and maintaining the security and integrity of the platform.

Personal data may be shared with trusted third-party service providers that support essential business operations. These include payment processors, hosting providers, analytics services, delivery partners, email marketing tools, and customer support platforms. Such providers are only given access to the information necessary to perform their specific functions and are required to handle data securely and in compliance with applicable laws. Information may also be disclosed when required by law or during corporate transactions such as mergers or acquisitions.

Cookies and similar technologies are used to improve website performance, analyze traffic, and personalize content or advertising. These technologies may track user activity across pages and devices, helping to understand user preferences and improve the overall experience. Some cookies are essential for website functionality, while others are optional and can be managed through browser settings.

Data may be stored and processed within the United Kingdom, the European Economic Area, and in some cases transferred to other countries where service providers operate. When data is transferred internationally, appropriate safeguards are applied to ensure it remains protected in accordance with data protection regulations.

Personal information is retained only for as long as necessary to fulfill the purposes for which it was collected. This includes meeting legal, tax, and accounting obligations, resolving disputes, and maintaining business records. Retention periods vary depending on the type of data and its intended use, after which it is securely deleted or anonymized.

Users have rights regarding their personal data, including the right to access, correct, delete, restrict processing, object to certain uses, and request data portability. Where processing is based on consent, users also have the right to withdraw that consent at any time. Requests related to data rights may require identity verification to ensure security.

The website uses technical and organizational measures to protect personal data, including encryption, secure servers, access controls, and monitoring systems. While reasonable steps are taken to safeguard information, no online system can guarantee absolute security, and users are advised to consider this when transmitting data electronically.

Automated processing and profiling may be used for purposes such as advertising and website optimization. This can include analyzing user behavior to deliver targeted content or advertisements. These processes are designed to improve relevance and efficiency without producing legally significant automated decisions affecting users.

The service does not knowingly collect sensitive personal data, such as information related to health, ethnicity, political beliefs, or similar categories. Users are advised not to submit such information. If it is unintentionally provided, it will be handled securely and deleted where appropriate.

This policy may be updated periodically to reflect changes in legal requirements, business practices, or service improvements. Minor updates will be reflected by revising the effective date, while significant changes may be communicated directly to users where required. Continued use of the website after updates indicates acceptance of the revised policy.