Privacy Policy
How we collect, use, and protect your personal data
Last updated: April 2026
1. Information We Collect
Personal Information
When you place an order or create an account, we collect your name, email address, phone number, shipping address, and billing address.
Payment Data
Payment card information is processed directly by Stripe and is never stored on our servers. We only retain a tokenised reference for order processing.
Browsing Data
We collect information about how you interact with our website, including pages visited, time spent, and device information, to improve your shopping experience.
2. How We Use Your Information
Order Processing
To process and fulfil your orders, send order confirmations, and provide delivery updates.
Communication
To respond to your enquiries, send order updates, and, where you have opted in, promotional communications about new collections and special offers.
Improvement
To analyse website usage, improve our services, personalise your experience, and prevent fraud.
3. Legal Basis for Processing
We process your personal data in accordance with GDPR Article 6. Our legal bases include: (a) performance of a contract (order fulfilment), (b) legitimate interests (service improvement and fraud prevention), (c) consent (marketing communications), and (d) legal obligations (tax and accounting records).
4. Data Sharing
Stripe
For secure payment processing. Stripe is certified as a PCI Level 1 provider, the highest level of security certification available.
Firebase / Google Cloud
For hosting, database storage, and analytics. Data is stored in EU data centres in compliance with GDPR.
Analytics
We use privacy-focused analytics to understand how visitors use our site. All data is anonymised and aggregated.
5. Data Retention
We retain your personal data only for as long as necessary. Order records are kept for 7 years for tax and legal purposes. Account data is retained while your account is active. Marketing consent records are maintained until you withdraw consent. You can request deletion of your data at any time by contacting us.
6. Your Rights
Under GDPR, you have the right to: access your personal data, request rectification of inaccurate data, request erasure of your data (the "right to be forgotten"), data portability (receive your data in a structured format), object to processing, and withdraw consent at any time. To exercise any of these rights, contact us at hello@faizasboutique.com.
7. Cookies
Essential Cookies
Required for the website to function properly, including session management and cart functionality. These cannot be disabled.
Analytics Cookies
Help us understand how visitors interact with our website. All analytics data is anonymised and aggregated.
Marketing Cookies
Used to deliver relevant advertisements and track campaign effectiveness. These are only set with your explicit consent.
8. Security Measures
We implement industry-standard security measures to protect your data. All data transmission is encrypted using TLS 1.3. Payment processing is handled by Stripe with PCI DSS Level 1 compliance. Access to personal data is restricted to authorised personnel on a need-to-know basis. We conduct regular security reviews and update our practices to address emerging threats.
9. Contact Us
If you have any questions about this Privacy Policy or how we handle your data, please contact us:
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable regulations. We will notify you of any material changes by posting the updated policy on our website with a revised “Last updated” date. Your continued use of our services after any changes constitutes acceptance of the updated policy.