1. Introduction
ROKA London Ltd ("we," "us," or "our") is committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, store, and disclose your information in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and the the Data (Use and Access) Act 2025 (DUAA). This policy applies to all visitors to our website, customers, and any individuals who interact with us.
2. Data Controller
ROKA London Ltd., 65 Howcroft Crescent, London N3 1PA, United Kingdom, is the data controller responsible for your personal data.
3. Information We Collect
We collect the following personal data:
-
Contact Information: Name, address, email address, telephone number.
-
Payment Information: Credit card details, transaction history.
-
Website Usage Data: IP address, browser type, operating system, pages visited, cookies, and other tracking data.
-
Order Information: Order details, shipping information.
-
Marketing Preferences: Communication preferences.
-
Any other information you choose to provide.
We collect this information:
-
Directly from you when you place an order, create an account, or contact us.
-
Automatically through cookies and similar technologies when you browse our website.
-
From third-party payment processors when you make a purchase.
4. Legal Basis for Processing
We process your personal data based on the following legal grounds:
-
Consent: When you provide explicit consent for marketing communications or the use of cookies.
-
Contractual Necessity: To fulfill orders and provide services you have requested.
-
Legal Obligations: To comply with legal and regulatory requirements.
-
Legitimate Interests: To improve our services, prevent fraud, and ensure website security.
5. How We Use Your Information
We use your personal data to:
-
Process and fulfill your orders.
-
Provide customer support.
-
Send marketing communications (with your consent).
-
Improve our website and services.
-
Prevent fraud and ensure security.
-
Comply with legal obligations.
6. Automated Decision-Making and Profiling
We use automated decision-making processes to protect our business and our customers from fraudulent transactions. Specifically, when you place an order on our website, our e-commerce platform and payment processor, Shopify Payments, automatically analyses your transaction data (such as your IP address, billing details, and device characteristics) to assess the risk of fraud.
-
Why we do this: This processing is necessary for the performance of our contract with you (to safely process your order) and is based on our legitimate interests in preventing financial fraud and ensuring website security.
-
How it affects you: If the automated system detects a high probability of fraud, it may automatically decline or hold your transaction. This means your order will not be processed or shipped until it is reviewed.
-
Your rights: Under the UK GDPR and the Data (Use and Access) Act, you have the right not to be subject to a decision based solely on automated processing which significantly affects you. If your transaction has been declined or flagged by our system, you have the right to contest the decision, express your point of view, and request a manual human review of the transaction by contacting us at privacy@rokalondon.com.
7. Data Sharing and Disclosure
We may share your personal data with:
-
Shopify, our e-commerce platform.
-
Third-party payment processors (e.g., Stripe, PayPal).
-
Shipping and delivery companies.
-
Marketing service providers (with your consent).
-
Legal authorities when required by law.
-
When data is transferred outside of the UK, we ensure appropriate safeguards are in place, such as standard contractual clauses.
8. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including:
-
Secure Socket Layer (SSL) encryption for data transmission.
-
Access controls to restrict unauthorized access.
-
Regular security assessments and updates.
9. Data Retention
We retain your personal data for as long as necessary to fulfill the purposes outlined in this policy, or as required by law. For example, order data is kept for the length of time required by UK tax law. Marketing data is kept until you withdraw your consent.
10. Your Rights
Under the UK GDPR and DUAA, you have the following rights:
-
Right to Access: In accordance with the Data (Use and Access) Act, we fulfill access requests through searches that are reasonable and proportionate. If a request involves an excessive volume of data, we may ask you to refine your scope so we can provide the most relevant data efficiently.
-
Right to Rectification: Correct inaccurate or incomplete data.
-
Right to Erasure (Right to be Forgotten): Request the deletion of your data.
-
Right to Restriction of Processing: Limit how we use your data.
-
Right to Data Portability: Receive your data in a machine-readable format.
-
Right to Object: Object to the processing of your data.
-
Right to Withdraw Consent: Withdraw your consent at any time.
-
Right to Lodge a Complaint: File a complaint with the Information Commissioner's Office (ICO).
To exercise these rights, please contact us at [email address removed].
11. Cookies and Tracking Technologies
We use cookies and similar technologies to enhance your browsing experience. Please refer to our separate Cookie Policy for detailed information.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on our website. This policy was last updated on [Date].
13. Contact Us
If you have any questions or concerns about this Privacy Policy, please contact us at: privacy@rokalondon.com or ROKA London Ltd., 65 Howcroft Crescent, London N3 1PA, United Kingdom.