Data Protection Policy

πŸ›‘οΈ Data Protection Policy

Effective Date: 25 May 2018
Reviewed & Updated: 20 April 2025

This Data Protection Policy outlines how Wise Galleria Limited of Registered Address: 96 Wingrove Gardens, Newcastle Upon Tyne, NE4 9HR and Trading Address: Unit 105, 75 Coldharbour Lane, Hayes, UB3 3EF, complies with the UK Data Protection Act 2018 and the General Data Protection Regulation (EU) 2016/679 ("GDPR").

πŸ“Œ Key Definitions

  • Personal Data: Any information related to an identifiable individual.
  • Data Subject: The person whose personal data is being processed.
  • Data Controller: Wise Galleria, which determines why and how personal data is processed.

πŸ“œ Scope of This Policy

This policy applies to all employees, contractors, suppliers, and third parties working with or on behalf of Wise Galleria who have access to personal data.

πŸ” Our Data Protection Principles

  • Data is processed lawfully, fairly, and transparently
  • Collected only for specified, explicit and legitimate purposes
  • Adequate, relevant, and limited to what is necessary
  • Accurate and kept up-to-date
  • Not kept longer than necessary
  • Processed securely using appropriate technical and organisational measures

πŸ‘₯ Your Rights Under GDPR

  • Right to be informed
  • Right of access
  • Right to rectification
  • Right to erasure (right to be forgotten)
  • Right to restrict processing
  • Right to data portability
  • Right to object
  • Rights related to automated decision-making including profiling

βš–οΈ Lawful Bases for Processing

We process personal data on the following legal grounds:

  • Your explicit consent
  • Performance of a contract
  • Compliance with a legal obligation
  • Protection of vital interests
  • Public interest or official authority
  • Legitimate interest

πŸ’Ύ Data Collected

  • Name, address, phone number, email
  • IP address, cookies, browser info
  • Payment and transactional data
  • Order and delivery history

πŸ“₯ Data Storage & Security

  • Data is encrypted and stored on secure servers
  • Access is limited to authorised personnel only
  • Regular audits and access logs are maintained

πŸ”„ Data Sharing

We only share data with third-party processors such as Shopify and Linnworks, and always under data processing agreements.

🧾 Data Retention

We retain data only as long as necessary for the purposes set out in this policy. We regularly review data and securely dispose of outdated information.

🚨 Data Breaches

All data breaches are reported within 72 hours to the ICO where applicable and to the data subject if there is a high risk to rights and freedoms.

πŸ“€ Transfers Outside the EEA

Any transfer outside the EEA is made with adequate safeguards under UK GDPR and EU Standard Contractual Clauses.

πŸ“¨ Contact Us

For more information, visit the Information Commissioner's Office (ICO).