AURELION FASHION LTD Privacy Policy

Effective Date: January 2026

AURELION FASHION LTD (“we,” “our,” or “us”), operating under the brand name AURELION FASHION, respects your privacy and is fully committed to protecting your personal information. We comply with all applicable data protection laws, including the UK Data Protection Act 2018 and the General Data Protection Regulation (GDPR), as well as Stripe’s strict data security and privacy compliance guidelines—ensuring your information is handled securely, transparently, and responsibly.

This Privacy Policy explains in detail how we collect, use, store, and share your personal information when you visit our official website (aurelionfashion.com), purchase our products, or engage with our services. By accessing our website or using our services, you acknowledge and agree to the practices outlined in this policy.

1. Information We Collect

We collect only the personal information necessary to provide our services, process your orders, and comply with legal and Stripe’s compliance requirements. The types of information we may collect include the following:

a. Personal Information

This includes information you provide directly to us when placing an order or engaging with our services, such as your full name, billing address, shipping address, email address, phone number, and payment details (processed securely via Stripe and other trusted payment providers, with no storage of sensitive payment data on our servers).

b. Account Information

If you choose to create an account on aurelionfashion.com, we may collect your login credentials (secured with encryption), order history, purchase preferences, and any other details you choose to provide—all of which are stored in compliance with GDPR and Stripe’s data retention guidelines.

c. Technical Information

When you visit our website, we automatically collect certain technical data to enhance functionality, improve user experience, and maintain security (aligned with Stripe’s anti-fraud requirements). This includes your IP address, browser type and version, operating system, device model and specifications, website navigation patterns, and usage data—collected via cookies and trusted analytics tools.

d. Communication Information

We retain records of all correspondence between you and our customer service team, whether via email, phone, or other communication channels. These records are stored to provide timely support, resolve disputes (in line with Stripe’s dispute resolution process), and ensure compliance with legal obligations.

2. How We Use Your Information

We use your personal information solely for legitimate purposes, consistent with GDPR, UK data protection laws, and Stripe’s privacy and security guidelines. The key purposes for using your information are as follows:

  • To process, fulfill, and track your orders—including payment processing (via Stripe), shipping arrangements, and handling returns or exchanges (as outlined in our Returns & Exchanges Policy).
  • To provide responsive customer support, address your inquiries, resolve issues, and follow up on your orders or requests—ensuring transparency and alignment with Stripe’s customer service requirements.
  • To improve our website functionality, product offerings, and user experience—using non-identifiable technical data to identify areas for enhancement, without compromising your privacy.
  • To send marketing communications (only if you have explicitly consented to receive them), including updates on new products, promotions, or service changes. You may unsubscribe from these communications at any time.
  • To comply with legal obligations, prevent fraudulent activities (in collaboration with Stripe’s anti-fraud systems), and maintain the security of our website and services.

3. Legal Basis for Processing (GDPR)

In compliance with the GDPR, we process your personal data based on one or more of the following legal grounds—ensuring full transparency and compliance with Stripe’s privacy requirements:

  • Performance of a contract: Processing your personal information to fulfill our obligations under the contract between you and AURELION FASHION LTD (e.g., processing and delivering your order, processing payments via Stripe).
  • Compliance with legal obligations: Processing data where required by UK law, regulation, or legal process (e.g., retaining order records for tax purposes).
  • Legitimate interests: Processing data for our legitimate business interests, provided these interests do not override your privacy rights. This includes website security, fraud prevention (aligned with Stripe’s anti-fraud measures), and improving our services.
  • Consent: Where explicitly required (e.g., for sending marketing communications), we process your data only with your freely given, specific, and revocable consent.

4. Sharing Your Information

We take your privacy seriously and will never sell, rent, or disclose your personal information to third parties for marketing purposes without your explicit consent. We may share your information only in the following circumstances, consistent with GDPR and Stripe’s data sharing guidelines:

  • Trusted service providers: We share necessary information with third-party service providers who assist us in delivering our services, including payment processors (such as Stripe), shipping and logistics companies, IT service providers, and cloud hosting providers. All these providers are contractually obligated to maintain the confidentiality and security of your data, comply with applicable data protection laws, and only process data as instructed by us.
  • Legal authorities: We may disclose your information if required by law, regulation, legal process, or government request—only to the extent necessary to comply with such obligations.
  • Business transfers: In the event of a merger, acquisition, sale of assets, or other business reorganization, your personal information may be transferred to the new owner or operator—provided they agree to uphold the terms of this Privacy Policy and comply with GDPR and Stripe’s requirements.

5. Cookies and Tracking

We use cookies and similar tracking technologies to enhance your website experience, optimize functionality, and ensure compliance with Stripe’s security guidelines. Cookies are small text files stored on your device that help us recognize your browser, remember your preferences, and analyze website usage. We use cookies for the following purposes:

  • Essential cookies: Required for the proper functioning of our website (e.g., enabling checkout, processing payments via Stripe). These cookies cannot be disabled without affecting website functionality.
  • Performance and analytics cookies: Used to analyze website traffic, track usage patterns, and identify areas for improvement—helping us enhance user experience and comply with Stripe’s service optimization guidelines.
  • Marketing cookies: Used to deliver personalized marketing communications (only if you have consented). These cookies help us tailor promotions and updates to your preferences.

You can manage or disable non-essential cookies through your browser settings. However, disabling essential cookies may prevent you from using certain website features, including processing payments or placing orders.

6. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, or as required by law (e.g., tax or legal record-keeping obligations). This aligns with GDPR’s data minimization principle and Stripe’s data retention guidelines.

After the retention period expires, we securely delete or anonymize your personal data to ensure it can no longer be associated with you. Order records and payment-related data (processed via Stripe) are retained for the period required by law and Stripe’s audit requirements, after which they are securely disposed of.

7. Your Rights (GDPR)

Under the GDPR, you have the following rights regarding your personal information. We facilitate the exercise of these rights promptly, in compliance with statutory timeframes and Stripe’s customer data rights requirements:

  • Right of Access: You may request a copy of the personal data we hold about you, free of charge.
  • Right of Rectification: You may request correction of any inaccurate or incomplete personal data we hold about you.
  • Right of Erasure (Right to be Forgotten): You may request the deletion of your personal data, where we no longer have a legal basis to retain it.
  • Right to Restriction of Processing: You may request that we limit the processing of your personal data (e.g., if you dispute the accuracy of the data).
  • Right to Data Portability: You may request to receive your personal data in a structured, machine-readable format, which you can then transfer to another data controller.
  • Right to Object: You may object to the processing of your personal data for marketing purposes or based on our legitimate interests.

To exercise any of these rights, please contact us using the details provided in Section 12. We will respond to your request within 30 calendar days (or longer if necessary, with prior notification and explanation, as permitted by law).

8. Data Security

We implement robust technical and organizational security measures to protect your personal information against unauthorized access, disclosure, alteration, or destruction—consistent with GDPR, UK data protection laws, and Stripe’s strict data security standards. Key security measures include:

  • Encryption of sensitive data (including personal and payment information) during transmission and storage, using industry-standard encryption protocols (aligned with Stripe’s encryption requirements).
  • Secure payment processing via Stripe and other trusted third-party gateways—we do not store sensitive payment details (e.g., credit card numbers) on our servers.
  • Regular security audits, updates, and vulnerability assessments to ensure our systems remain secure.
  • Restricted access to personal data—only authorized personnel (who have signed confidentiality agreements) can access your information, and only for legitimate business purposes.

9. International Transfers

If your personal data needs to be transferred outside the United Kingdom (e.g., to our cloud hosting providers or service partners), we ensure that adequate safeguards are in place to protect your information—complying with GDPR’s requirements for international data transfers and Stripe’s cross-border data security guidelines. These safeguards may include using GDPR-approved standard contractual clauses, relying on the recipient country’s adequacy decision, or using other legally recognized mechanisms.

10. Children’s Privacy

Our website and services are not intended for, and do not target, individuals under the age of 18. We do not knowingly collect, store, or process personal information from minors. If we become aware that we have collected personal information from a child under 18 without parental/guardian consent, we will promptly delete that information in compliance with GDPR and Stripe’s child privacy guidelines.

11. Updates to this Privacy Policy

AURELION FASHION LTD reserves the right to update or modify this Privacy Policy from time to time, to align with changes in UK data protection laws, GDPR, Stripe’s compliance guidelines, or our business operations. Any changes will be posted prominently on this page, with an updated Effective Date—ensuring transparency as required by law and Stripe.

Continued use of our website (aurelionfashion.com) or our services after the changes are posted constitutes your acceptance of the revised Privacy Policy. We recommend reviewing this policy periodically to stay informed of any updates.

12. Contact Information

If you have any questions, concerns, or inquiries about this Privacy Policy, or if you wish to exercise your data protection rights (under GDPR), please contact our data protection team using the following official details (consistent with our company registration and Stripe’s requirement for verifiable customer support):

Company Name: AURELION FASHION LTD

Email: ambrin@aurelionfashion.com

Phone: +44 7521533692

Company Address: 465B GREEN LANES, LONDON, ENGLAND N13 4BS

We will respond to all inquiries and data rights requests promptly, within the statutory timeframes required by GDPR, and retain all communication records to support Stripe’s compliance and audit requirements.