Privacy Policy – Soso Style

Privacy Policy – Soso Style Last updated: October 27, 2025

Who We Are

Soso Style is a small UK-based creative business run by Sofija West (aged 10) and managed by her father, Keiron West. Our website is https://sosostyle.co.uk. For privacy-related questions, contact us at: 📧 hello@sosostyle.co.uk 📍 Isle of Wight, United Kingdom

What Personal Data We Collect and Why

We collect personal data to provide our services, improve your experience, and meet legal obligations. Below, we explain what data we collect, why, and the lawful basis for processing under UK GDPR and EU GDPR.

Data Type	Purpose	Lawful Basis
Name, address, email, phone number	To process and fulfill orders, deliver products, and communicate with you	Contract fulfillment (Article 6(1)(b) GDPR)
Payment details	To process payments securely via third-party processors (e.g., Stripe, PayPal)	Contract fulfillment (Article 6(1)(b) GDPR)
Order details	To manage orders and comply with UK tax law	Legal obligation (Article 6(1)(c) GDPR)
Email, name	To send newsletters (if you subscribe)	Consent (Article 6(1)(a) GDPR)
IP address, browser user agent	For spam detection and site security (e.g., via Akismet)	Legitimate interest (Article 6(1)(f) GDPR)
Anonymized analytics data	To understand site traffic and improve performance (e.g., via Google Analytics)	Legitimate interest (Article 6(1)(f) GDPR)
Comments (name, email, comment content)	To display and moderate comments on our site	Consent (Article 6(1)(a) GDPR)

How We Collect Data

Orders and Customer Accounts When you place an order or create an account, you provide your name, address, email, phone number, and payment details. We use this data to fulfill your order, arrange delivery, and meet legal obligations (e.g., tax record-keeping). Payment details are processed securely by trusted third-party processors like Stripe or PayPal; we do not store full payment card details.
Comments If you leave a comment, we collect the data entered in the comment form, your IP address, and browser user agent string to detect spam. An anonymized string (hash) of your email may be sent to Gravatar to check for a profile image (see Gravatar’s privacy policy: https://automattic.com/privacy/). After approval, your comment and profile image (if applicable) are visible publicly.
Media Uploads If you upload images to our site, avoid including embedded location data (EXIF GPS). Visitors can download and extract location data from publicly posted images.
Cookies and Similar Technologies We use cookies to ensure our site works properly and to enhance your experience.
- Essential cookies: Enable core functionality (e.g., login, cart). These are necessary and cannot be disabled without affecting site performance.
- Non-essential cookies: Used for analytics (e.g., Google Analytics) and stored for 12 months. You can consent to or reject these via our cookie consent banner.
- If you leave a comment, you may opt-in to cookies saving your name, email, and website for convenience (stored for 1 year).
- Login cookies last 2 days (or 2 weeks if “Remember Me” is selected). Screen option cookies last 1 year. Logging out removes login cookies.
- Editing or publishing an article stores a cookie with the post ID for 1 day. You can manage cookies via our consent banner or your browser settings, but disabling essential cookies may affect site functionality.
Embedded Content from Other Websites Our site may include embedded content (e.g., YouTube videos, Pinterest pins, Instagram posts). These behave as if you visited the external site, which may collect data, use cookies, or track interactions. Review the privacy policies of these providers for details.
Newsletter and Marketing If you subscribe to our newsletter, we collect your name and email address. You can unsubscribe at any time by clicking “unsubscribe” in our emails or emailing hello@sosostyle.co.uk.
Analytics We use tools like Google Analytics to collect anonymized or pseudonymized data about site traffic (e.g., pages visited, device type). This helps us improve our site and does not identify you personally.

Who We Share Your Data With

We share personal data only with trusted service providers to operate our business:

Payment processors: Stripe, PayPal (for secure payment processing).
Shipping companies: Royal Mail, couriers (for order delivery).
Website hosting and analytics providers: For site functionality and performance.
Spam detection: Akismet (for comment moderation).

If you request a password reset, your IP address is included in the reset email. We never sell your data or share it for marketing purposes.

How Long We Retain Your Data

We keep personal data only as long as necessary:

Order data: 6 years to comply with UK tax law.
Customer account data: Until you request deletion or the account is inactive for 2 years.
Newsletter data: Until you unsubscribe.
Comments: Indefinitely, unless you request deletion.
Analytics data: 12 months in anonymized form.
Cookies: As outlined in the Cookies section (e.g., 1 year for comment cookies, 12 months for analytics).

If you request deletion, we will remove your data unless required for legal or security reasons.

Your Rights Over Your Data

You have the following rights under UK GDPR, EU GDPR, and CCPA/CPRA (where applicable):

Access: Request a copy of your personal data.
Rectification: Correct inaccurate data.
Erasure: Delete your data (subject to legal obligations).
Restriction: Limit how we process your data in certain cases.
Portability: Receive your data in a machine-readable format.
Objection: Object to processing for marketing or legitimate interests (e.g., analytics).
Automated decision-making: Not be subject to decisions based solely on automated processing.
CCPA-specific rights (California residents): Opt out of data sharing, limit use of sensitive personal information (e.g., payment details), and non-discrimination for exercising rights.

To exercise these rights, email hello@sosostyle.co.uk. We will respond within 30 days (or 45 days for CCPA requests, if extended) after verifying your identity. UK/EU residents may also complain to the UK’s Information Commissioner’s Office (ICO) or their local data protection authority.

California Residents (CCPA/CPRA)

We do not sell your personal information or share it for cross-context behavioral advertising. To opt out of analytics-related data sharing, use the “Do Not Share My Personal Information” link on our homepage or email us. You have the right to know what data we collect, request deletion, limit use of sensitive information, and not face discrimination for exercising these rights.

Children’s Privacy (COPPA and GDPR)

We do not knowingly collect data from children under 13 (or 16 in the EU/UK for certain services). Users must confirm they are 13 or older to create an account or place an order. If a child under 13 provides data, we require verifiable parental consent (e.g., via email or phone verification). Parents can contact hello@sosostyle.co.uk to review, delete, or refuse further collection of their child’s data. If we learn that a child’s data was collected without consent, we will delete it immediately.

Where Your Data Is Sent

Some service providers (e.g., Google Analytics, Stripe) may process data outside the UK/EU, such as in the U.S. We ensure compliance with UK/EU GDPR through Standard Contractual Clauses (SCCs) or equivalent safeguards. For details on third-party privacy practices, review their policies (e.g., Stripe, PayPal, Google Analytics).

Data Security

We protect your data using:

AES-256 encryption for data in transit (SSL/TLS).
Strong passwords and access controls.
Trusted hosting providers with GDPR-compliant security.
Secure third-party payment gateways (we do not store full payment card details). Our service providers are contractually obligated to maintain equivalent security standards.

Data Breach Notification

If a data breach occurs, we will notify affected users and relevant authorities (e.g., ICO for UK/EU, as required by law) within 72 hours of becoming aware, where feasible. We will inform you of the breach, its impact, and steps to protect your data.

Cookies Consent (UK/EU)

Under the UK’s PECR and EU ePrivacy Directive, we use a cookie consent banner to obtain your permission for non-essential cookies (e.g., analytics). You can manage your preferences at any time via the banner or by emailing us.

Changes to This Policy

We may update this policy to reflect legal or operational changes. The latest version will be posted here with the updated date. Significant changes will be communicated via email or a website notice.

Contact Us

For questions, requests, or complaints: 📧 hello@sosostyle.co.uk 📞 +44 (0)1983 123456 (for CCPA requests, if applicable) 📍 Isle of Wight, United Kingdom

For UK/EU users: You can contact the ICO (www.ico.org.uk) or your local data protection authority if dissatisfied.