This Privacy Policy is intended to comply with the General Data Protection Regulation ("GDPR"), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 ("PECR").

CROWNSILK LTD operates an online retail business selling wigs, hair products, hair accessories and related beauty products. Customers can browse products, place orders and make payments through our e-commerce website hosted at crown-silk.com.

Our store is powered by the Shopify e-commerce platform, which enables us to safely provide the Services to you. Please read this Privacy Policy carefully. By using, accessing, browsing, or interacting with any of our Services, you acknowledge that you have read this Privacy Policy and fully understand how we handle your information as detailed herein.

1. Personal Data We Collect

Depending on how you interact with us, we may collect and process the following categories of personal data:

• Identity data: name and surname;
• Contact data: email address, telephone number, billing address and delivery address;
• Order data: products purchased, order number, delivery details, returns, exchanges and refund history;
• Payment-related data: payment status, payment method, transaction reference and billing information;
• Account data: account login details, encrypted password, preferences and saved settings, where applicable;
• Customer service data: enquiries, messages, complaints, support requests, reviews and related communications;
• Technical data: IP address, device type, browser type, operating system, website usage data and cookie identifiers;
• Marketing data: marketing preferences, communication preferences and subscription status.

We do not store full payment card details, card security codes or full card numbers on our own systems. Full payment card details are processed securely by third-party payment providers.

2. Special Category Data

We do not request or intentionally collect special category data, such as health information.

Because our products may be purchased by customers experiencing hair loss or other personal circumstances, you may voluntarily provide health-related information when asking for product advice, fit, comfort, styling or customer support.

If you choose to provide such information, we will only use it to respond to your enquiry and provide customer support. Please do not provide health-related information unless it is necessary for your request. Where required by law, we will rely on your explicit consent to process such information.

3. How We Collect Personal Data

We collect personal data in the following ways:

• Directly from you when you place an order, create an account, contact us, subscribe to marketing or submit a support request;
• Automatically when you use our website, through cookies, analytics tools, pixels, logs and similar technologies;
• From third-party service providers, such as payment processors, delivery providers, e-commerce platforms and fraud prevention tools.

4. Purposes and Lawful Bases for Processing

We only process personal data where we have a lawful basis to do so. The table below explains the main purposes for which we use personal data and the lawful bases we rely on:

5. Legitimate Interests

Where we rely on legitimate interests, our interests may include operating our online store, improving our services, preventing fraud, securing transactions, responding to enquiries, managing customer relationships, handling disputes, protecting our legal rights and improving our website performance.

We only rely on legitimate interests where we consider that our interests are not overridden by your rights, freedoms or interests.

6. Marketing Communications

We may send you marketing communications about our products, offers, updates and promotions if you have subscribed or where we are otherwise permitted by law to do so.

You can opt out of marketing communications at any time by clicking the unsubscribe link in our emails or by contacting us at sales@crownsilk.ltd.

We will still send essential service messages relating to active orders, payments, delivery, returns or customer support matters.

We do not sell your personal data to third parties for their own marketing purposes.

7. Cookies and Similar Technologies

Our website uses cookies and similar technologies to operate the website, remember preferences, manage shopping carts, improve performance, analyse traffic and support marketing activities.

We may use the following types of cookies:

• Essential cookies: required for website operation, checkout, shopping cart functionality, payment security and fraud prevention;
• Preference cookies: used to remember your settings and preferences;
• Analytics cookies: used to understand website traffic and improve our website;
• Marketing cookies: used for advertising, retargeting and measuring marketing performance.

Essential cookies may be used without consent because they are necessary to provide the service you request. Non-essential cookies, including analytics and marketing cookies, will only be used where required consent has been obtained.

You can manage or withdraw your cookie preferences through the cookie banner, the Cookie Preferences link on our website, or your browser settings. Blocking some cookies may affect the functionality of the website.

8. Shopify and Third-Party Providers

Our online store is hosted and operated using Shopify. Shopify collects, handles, and processes your personal data relating to your visit and usage of our Services. Data submitted to our website is transmitted to, stored, and processed by Shopify on global servers to operate and maintain our storefront safely. To review Shopify's data terms, please view the Shopify Consumer Privacy Policy.

Payments are processed securely by authorised third-party payment providers. We may receive limited payment-related information, such as payment status, payment method, transaction reference, billing details and payment confirmation. We do not store full payment card details on our own systems.

9. Who We Share Personal Data With

We may share personal data with the following categories of third parties where necessary:

• E-commerce platform providers, including website hosting and store management providers;
• Payment processors and fraud prevention providers;
• Delivery companies, couriers, logistics providers and fulfilment partners;
• Suppliers and product fulfilment partners where required to process and deliver orders;
• Customer support, email, marketing and communication service providers;
• Analytics, advertising and technical service providers;
• Accountants, legal advisers, insurers and professional service providers;
• Regulators, public authorities or law enforcement agencies where required by law.

We only share the personal data necessary for the relevant purpose.

10. International Transfers

Some of our service providers, suppliers, fulfilment partners or technology providers may process personal data outside your region.

Where personal data is transferred outside your country of residence, we will take appropriate steps to protect it, such as relying on adequacy regulations, standard contractual clauses, international data transfer agreements, transfer risk assessments or other safeguards permitted under applicable data protection laws.

11. Data Retention & Security

We keep personal data only for as long as necessary for the purposes described in this Privacy Policy, unless a longer period is required or permitted by law. Our usual retention periods are:

• Order, invoice, accounting and tax records: generally retained for up to 6 years where required for tax, accounting and legal record-keeping purposes;
• Customer support communications: retained for as long as necessary to manage the enquiry, complaint, refund, exchange or dispute;
• Returns, refunds and chargeback records: retained for as long as necessary to manage the claim and protect our legal rights;
• Marketing data: retained until you unsubscribe, withdraw consent or the data is no longer needed for marketing purposes;
• Cookie and analytics data: retained according to the relevant cookie settings and analytics tool retention periods;
• Security and fraud prevention records: retained for as long as reasonably necessary to protect our website, customers and business.

We use technical and organisational measures to protect personal data against unauthorised access, misuse, loss, alteration, disclosure or destruction. However, no method of electronic transmission or storage is completely secure, and we cannot guarantee absolute security.

12. Your Data Protection Rights

Subject to applicable law, you have the following rights under data protection laws:

• The right to access your personal data;
• The right to correct inaccurate or incomplete personal data;
• The right to request deletion of your personal data;
• The right to request restriction of processing;
• The right to object to processing based on legitimate interests;
• The right to object to direct marketing at any time;
• The right to data portability where applicable;
• The right to withdraw consent where processing is based on consent;
• The right to lodge a complaint with the relevant data protection authority.

To exercise your rights, please contact us at sales@crownsilk.ltd. We may need to verify your identity before responding to your request. We will respond within the timeframe required by applicable law.

13. Automated Decision-Making & Children's Privacy

We do not use solely automated decision-making that produces legal effects concerning you or similarly significantly affects you. Some payment processors, fraud prevention providers or security tools may use automated checks to detect suspicious activity, prevent fraud and protect transactions.

Our website and services are not intended for children under the age of 16. We do not knowingly collect personal data from children. If you believe that a child has provided personal data to us, please contact us and we will take appropriate steps to delete it where required.

14. Obligation to Provide Personal Data & Policy Changes

Certain personal data is necessary to place an order, process payment, arrange delivery, handle returns, manage refunds or provide customer support. If you do not provide the required information, we may be unable to process your order, deliver products, issue refunds, respond to your request or comply with legal obligations.

We may update this Privacy Policy from time to time to reflect changes in our business, website, legal requirements, technologies or data processing practices. Updated versions will be published on this page with a revised “Last updated” date.