Privacy Policy
Magical Attitude Fashion House London ("we," "us," or "our") is a UK-based ethical slow-fashion brand. We are committed to protecting your personal data and respecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
This policy sets out what information we collect, how we use it, and your rights over that information.
| Last Updated: | 31.10.2025 |
| Data Controller: | Magical Attitude Fashion House London (The entity determining how and why data is processed) |
| Contact Email: | [email protected] |
1. What Personal Data We Collect
We only collect the data necessary for the lawful operation of our business, which falls into two main categories:
| Category of Data | Examples of Data Collected | Legal Basis for Processing (UK GDPR) |
| Identity & Contact Data | Name, billing address, shipping address, email address, telephone number. | Contract: Necessary to process and deliver your made-to-order item. |
| Financial & Transaction Data | Payment card details (processed securely by a third-party, we do not store full card numbers), purchase history. | Contract: Necessary to complete the financial transaction. |
| Technical & Usage Data | IP address, browser type, operating system, pages viewed, time spent on the website (via cookies/analytics). | Legitimate Interest: To ensure the website is secure and improve your shopping experience. |
| Marketing Data | Your preferences for receiving marketing from us. | Consent: You must explicitly opt-in to receive marketing. |
2. How We Use Your Data and The Lawful Basis
We rely on the following lawful bases for processing your personal data:
| Purpose of Processing | Details | Lawful Basis |
| Order Fulfilment | To process your payment, create your made-to-order item, and ship the product to your address. | Contract |
| Customer Service | To manage your account, respond to enquiries, and handle returns, refunds, or exchanges. | Contract / Legitimate Interest |
| Marketing | To send you newsletters, promotions, and new product updates via email. | Consent (You can withdraw this anytime) |
| Website Security & Improvement | To monitor site usage, detect fraudulent activity, and ensure our site is working properly. | Legitimate Interest |
| Legal Compliance | To maintain records for tax, VAT, and accounting purposes (required by UK Law). | Legal Obligation |
3. Sharing Your Personal Data (Third-Party Processors)
We will not sell or lease your personal data to third parties. We only share data with trusted third parties who are essential for operating our e-commerce business and who are contractually required to treat your data securely and in line with the GDPR.
| Third-Party Category | Example Partners | Purpose for Sharing Data |
| Payment Processors | Shopify Payments, PayPal, Stripe, etc. | To securely process payment transactions. |
| Fulfilment & Shipping | Printful, Royal Mail, DHL, [Any Other Courier] | To produce and deliver your made-to-order items. |
| E-commerce Platform | Shopify, Squarespace, etc. | To host our online store and manage order details. |
| Website Analytics | Google Analytics | To understand customer behaviour and improve our website experience. |
4. International Data Transfers
As a UK-based business, some of our third-party service providers (like print-on-demand or marketing providers) may be based outside the UK and the European Economic Area (EEA).
Where data is transferred internationally, we ensure it is protected by appropriate safeguards, such as:
- Standard Contractual Clauses (SCCs).
- The recipient country being deemed adequate by the UK government.
5. Data Retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
- Order Data: We typically retain order and payment records for 6 years after the tax year end to comply with UK tax law.
- Marketing Data (Consent): We keep this until you withdraw your consent or if we have not heard from you for a period of [e.g., two years].
6. Your Rights Under UK GDPR
Under the UK GDPR, you have the following rights in relation to your personal data. To exercise any of these rights, please contact us at [Your Data Protection/Enquiries Email Address].
| Your Right | Description |
| Right to be Informed | The right to be informed about how your personal data is being used (covered by this policy). |
| Right of Access | The right to request a copy of the personal data we hold about you (Subject Access Request). |
| Right to Rectification | The right to require us to correct any mistakes in the personal data we hold about you. |
| Right to Erasure | The right to request that we delete your personal data (The 'Right to be Forgotten'). This is not absolute if we have a legal obligation to retain it. |
| Right to Restrict Processing | The right to request that we restrict the processing of your personal data in certain circumstances. |
| Right to Data Portability | The right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format. |
| Right to Object | The right to object to us processing your personal data for direct marketing purposes. |
7. Cookies
Our website uses cookies to distinguish you from other users. Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove or reject browser cookies. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of our Services.