Privacy Policy

Last updated: June 2025 Website: www.sophiayork.com Email: hello@sophiayork.com

At Sofia York, we are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains what information we collect, how we use it, and what rights you have in relation to your data. By using sophiayork.com, you agree to the practices described in this policy.

1. Who We Are Sofia York is an online cosmetics and skincare store operating at www.sophiayork.com. Our billing address is located in São Paulo, Brazil, CEP 18325-033. If you have any questions about this policy or how we handle your data, please contact us at hello@sophiayork.com.

2. What Information We Collect We may collect the following personal information when you use our website or place an order:

— Full name — Email address — Delivery and billing address — Phone number — Payment information (processed securely by our payment providers) — IP address and browser information — Browsing behaviour on our website via cookies and analytics tools

We do not store your full payment card details. All payment transactions are processed securely by our payment providers, including PayPal and Klarna.

3. How We Collect Your Information We collect your personal data in the following ways:

— When you place an order on our website — When you create an account or subscribe to our newsletter — When you contact us by email or through our contact form — Automatically through cookies and analytics tools when you browse our website

4. How We Use Your Information We use your personal data for the following purposes:

— To process and fulfil your orders — To send order confirmations, shipping updates, and tracking information — To respond to your enquiries and provide customer support — To send marketing emails and promotions, if you have opted in — To improve our website, products, and customer experience — To comply with legal and regulatory obligations — To prevent fraud and ensure the security of our website

5. Legal Basis for Processing We process your personal data on the following legal bases under UK GDPR:

— Contract: processing is necessary to fulfil your order — Legitimate Interests: to improve our services and prevent fraud — Consent: for marketing communications and non-essential cookies — Legal Obligation: to comply with applicable laws and regulations

6. Sharing Your Information Sofia York does not sell or rent your personal data to third parties. We may share your information only with trusted service providers who assist us in operating our business, including:

— Shipping and logistics partners, to deliver your orders — Payment processors such as PayPal and Klarna — Marketing platforms such as Google and Facebook, for advertising purposes — Analytics providers such as Google Analytics — Email marketing platforms, if you have subscribed to our newsletter

All third parties are required to handle your data securely and in accordance with applicable data protection laws.

7. International Data Transfers As Sofia York operates internationally, your personal data may be transferred to and processed in countries outside the United Kingdom or European Economic Area. Where this occurs, we ensure that appropriate safeguards are in place in accordance with UK GDPR requirements.

8. How Long We Keep Your Data We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, and reporting requirements. Order data is typically retained for up to 7 years in accordance with applicable law. Marketing data is retained until you unsubscribe or request deletion.

9. Your Rights Under UK GDPR, you have the following rights in relation to your personal data:

— Right to access: you can request a copy of the data we hold about you — Right to rectification: you can ask us to correct inaccurate or incomplete data — Right to erasure: you can request that we delete your personal data — Right to restrict processing: you can ask us to limit how we use your data — Right to data portability: you can request your data in a portable format — Right to object: you can object to our processing of your data for marketing purposes — Right to withdraw consent: you can withdraw consent for marketing at any time

To exercise any of these rights, please contact us at hello@sophiayork.com. We will respond to your request within 30 days.

10. Marketing Communications If you have opted in to receive marketing emails from Sofia York, you may unsubscribe at any time by clicking the unsubscribe link in any of our emails or by contacting us directly at hello@sophiayork.com. We will never send you marketing communications without your consent.

11. Cookies We use cookies and similar tracking technologies on our website. For full details on how we use cookies and how to manage your preferences, please refer to our Cookie Policy available at www.sophiayork.com.

12. Data Security Sofia York takes the security of your personal data seriously. We implement appropriate technical and organisational measures to protect your information against unauthorised access, loss, or misuse. However, no method of transmission over the internet is completely secure, and we cannot guarantee absolute security.

13. Children's Privacy Our website and products are not intended for children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately at hello@sophiayork.com.

14. Changes to This Policy Sofia York reserves the right to update this Privacy Policy at any time. Any changes will be posted on this page with an updated date. We encourage you to review this policy periodically to stay informed about how we protect your data.

15. Contact Us If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us: Email: hello@sophiayork.com Website: www.sophiayork.com We aim to respond within 1 to 2 business days.