Privacy Policy
1. Who we are
This website is operated by Sampaguita-Jay Store (“SJS”, “we”, “us”).
Company details and legal information (name, address, registration and VAT number) will be added here once confirmed.
We are responsible for the personal data that we collect and process when you use this website or interact with us.
If you have any questions about this policy or how we handle your data, you can contact us at: [your contact email].
2. What data we collect
We only collect the data we need to run the store, fulfil orders and improve the experience. Depending on how you use the website, we may collect:
Information you provide directly
- Contact details: name, email address, delivery address, billing address, phone number.
- Order details: products purchased, sizes, quantities, payment method (last four digits only), transaction totals.
- Messages: any information you include when you contact us or reply to our emails.
- Marketing preferences: whether you have chosen to receive our newsletter or not.
Information collected automatically
- Basic technical data: IP address, browser type, device type, operating system.
- Usage data: pages visited, time on page, links clicked, referring URLs.
- Cookies and similar technologies used for essential site functions, analytics and (if enabled) marketing.
Information from partners
- Payment providers: confirmation that a payment was authorised or declined (we do not see your full card details).
- Analytics and marketing tools: aggregated information about how people interact with our website and campaigns.
3. Why we use your data (legal bases)
We use your data for specific purposes and only where we have a legal basis to do so under GDPR.
To process and deliver your orders
- Create and manage your order.
- Take payment and handle refunds.
- Send order and shipping confirmations.
Legal basis: performance of a contract.
To provide customer support
- Answer questions sent via our contact form or email.
- Handle issues, returns and complaints.
Legal basis: performance of a contract and legitimate interest.
To run and improve the website
- Monitor performance, detect errors and keep the site secure.
- Understand how people use the site so we can improve layout, content and navigation.
Legal basis: legitimate interest (operating and improving the service).
For marketing and communication
- Send newsletters and updates when you have opted in.
- Show or measure the effectiveness of campaigns (where tracking is enabled and consent is given).
Legal basis: consent (for email marketing and non-essential cookies).
To comply with legal obligations
- Keep records for accounting and tax purposes.
- Respond to lawful requests from authorities when required.
Legal basis: legal obligation.
4. How long we keep your data
We keep personal data only for as long as necessary for the purposes described above, then either delete it or anonymise it.
Examples:
- Order and invoice data: kept for the period required by applicable tax and accounting laws.
- Customer support emails: kept for as long as needed to handle your request and a reasonable period afterwards.
- Newsletter data: kept until you unsubscribe or we stop sending that type of communication.
- Analytics data: kept in aggregated or anonymised form where possible.
Exact retention times may vary depending on legal requirements in our country of registration.
5. Sharing your data
We do not sell your personal data. We share it only with trusted partners who help us run the store, and only to the extent necessary for their role:
- E-commerce platform: the service used to host and operate our online store.
- Payment providers: to process secure payments and refunds.
- Shipping and logistics partners: to prepare, ship and track your order.
- Email and marketing tools: to send transactional emails (order confirmation, shipping updates) and, if you consent, newsletters or campaigns.
- Analytics tools: to understand how the website is used and improve it.
- Professional advisers: such as accountants or legal advisers where necessary.
These partners are required to protect your data and use it only for the services they provide to us.
If we are required by law or by a valid legal request (for example from a court or authority) to share certain information, we may do so to comply with that obligation.
6. International transfers
Some of our service providers may process data outside your country, including potentially outside the European Economic Area (EEA). Where this happens, we aim to ensure that appropriate safeguards are in place (such as standard contractual clauses or equivalent protections) to keep your data secure and respect your rights.
7. Cookies and similar technologies
Cookies are small text files stored on your device when you visit our site. We use them to:
- Enable essential functions such as shopping cart and checkout.
- Remember certain settings and preferences.
- Analyse anonymous usage patterns to improve the site.
- If enabled, measure and optimise marketing campaigns.
When you first visit the site, you will see a cookie banner that allows you to accept or reject non-essential cookies. You can change your choices at any time via your browser settings or, where available, through our cookie settings tool.
A more detailed cookie description (types, names and lifetimes) may be provided in a separate Cookie Policy.
8. Your rights
Under GDPR and similar data protection laws, you may have the following rights:
- Access: to ask if we process your personal data and obtain a copy of it.
- Rectification: to correct inaccurate or incomplete data.
- Erasure: to request deletion of your data in certain circumstances.
- Restriction: to ask us to limit the processing of your data in certain cases.
- Portability: to receive certain data in a structured, commonly used format.
- Objection: to object to certain types of processing, especially direct marketing.
- Withdraw consent: where processing is based on consent, you can withdraw it at any time (for example by unsubscribing from a newsletter).
To exercise any of these rights, contact us at [your contact email]. We may need to verify your identity before responding. You also have the right to lodge a complaint with your local data protection authority if you are not satisfied with how we handle your data.
9. Security
We take reasonable technical and organisational measures to protect your personal data against loss, misuse, unauthorised access, disclosure, alteration or destruction.
However, no online service is completely risk-free, and we cannot guarantee absolute security. You can help by keeping your account and device secure, and by contacting us immediately if you suspect any unauthorised use of your data or account.
10. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our services, how we process data or applicable laws. When we make changes, we will update the “last updated” date at the top of this page. Significant changes may be communicated more prominently.
If you have any questions about this Privacy Policy or how we handle your data, please contact us before placing an order or submitting personal information.