Free UK Delivery
Secure Payments
Free 15-Day Returns
24/7 Customer Support
Loomella
0Cart£0.00
Your Cart0 items
Your cart is empty
Wishlist0 itemsSign inAccount
All CollectionsSummerSaleNew ArrivalsHome & GardenFashionBeauty & HealthSports & OutdoorsKitchen & DiningPet Supplies

Legal

Privacy Policy

Last updated: 25 May 2025

1. Who We Are

Loomella (“Loomella”, “we”, “us”, “our”) operates the online department store at loomella.co.uk. We are the data controller responsible for your personal data collected through this website.

You can contact our data protection team at: privacy@loomella.co.uk

2. Data We Collect

We collect and process the following categories of personal data:

2.1 Data You Provide Directly

  • Account registration: name, email address, password (hashed)
  • Orders & checkout: billing address, delivery address, phone number, payment information (processed securely via Stripe — we do not store full card numbers)
  • Communications: messages you send us via email or contact forms, customer service correspondence
  • Newsletter subscription: email address and marketing preferences
  • Reviews & feedback: any content you voluntarily submit

2.2 Data We Collect Automatically

  • Usage data: pages viewed, search queries, click patterns, time on site, referring URL
  • Device & technical data: IP address, browser type and version, operating system, device identifiers, screen resolution
  • Cookies & similar technologies: session identifiers, preference cookies, analytics tags (see our Cookie Policy for full details)
  • Transaction data: purchase history, order status, returns, refunds

2.3 Data From Third Parties

  • Payment processors (Stripe) — transaction status and fraud signals
  • Logistics partners — delivery status updates
  • Analytics providers (e.g. Google Analytics) — aggregated behavioural insights

3. How We Use Your Data

PurposeLegal Basis
Process and fulfil your orders, including sending order confirmations and dispatch notificationsPerformance of a contract (Art. 6(1)(b) UK GDPR)
Manage your account and provide customer supportPerformance of a contract (Art. 6(1)(b) UK GDPR)
Process payments and detect fraudPerformance of a contract; Legitimate interests (Art. 6(1)(f) UK GDPR)
Send transactional emails (order updates, returns, refunds)Performance of a contract (Art. 6(1)(b) UK GDPR)
Send marketing emails and promotional offers (only with your consent)Consent (Art. 6(1)(a) UK GDPR)
Personalise your browsing experience and product recommendationsConsent / Legitimate interests (Art. 6(1)(a)/(f) UK GDPR)
Analyse site performance and improve our servicesLegitimate interests (Art. 6(1)(f) UK GDPR)
Comply with legal obligations (e.g. tax records, anti-money laundering)Legal obligation (Art. 6(1)(c) UK GDPR)
Prevent and investigate fraud, abuse, or illegal activityLegitimate interests / Legal obligation (Art. 6(1)(c)/(f) UK GDPR)

4. Sharing Your Data

We do not sell your personal data. We share it only in the following circumstances:

  • Fulfilment & logistics partners: delivery name, address, and contact number are shared with our carrier network solely to complete delivery
  • Payment processors: Stripe processes payment card data under their own privacy policy; we receive only a tokenised reference
  • Technology service providers: hosting (Vercel / Neon), email delivery, and analytics tools may process data on our behalf under data processing agreements
  • Legal requirements: we may disclose data to law enforcement, courts, or regulators where required by law or to protect the rights, property, or safety of Loomella, our customers, or others
  • Business transfers: in the event of a merger, acquisition, or asset sale, personal data may be transferred to the acquiring entity subject to the same privacy protections

5. International Transfers

Some of our service providers are based outside the UK or European Economic Area. Where we transfer personal data internationally, we ensure appropriate safeguards are in place, such as the UK International Data Transfer Agreement (IDTA), Standard Contractual Clauses, or adequacy decisions recognised by the UK Government.

6. Data Retention

Data CategoryRetention Period
Order records (purchases, invoices)7 years (UK tax / VAT requirements)
Account informationDuration of account + 2 years after last activity
Marketing preferencesUntil consent withdrawn or account deleted
Customer service correspondence3 years from last interaction
Analytics data (aggregated)26 months (Google Analytics default)
Fraud & security logs6 years

We review retained data regularly and delete or anonymise it when the retention period expires or the purpose for processing no longer applies.

7. Your Rights

Under UK GDPR and the Data Protection Act 2018, you have the following rights:

  • Right of access: request a copy of the personal data we hold about you (Subject Access Request)
  • Right to rectification: ask us to correct inaccurate or incomplete data
  • Right to erasure (“right to be forgotten”): ask us to delete your data where we have no lawful reason to retain it
  • Right to restriction of processing: ask us to limit how we use your data in certain circumstances
  • Right to data portability: receive your data in a structured, machine-readable format and transfer it to another controller
  • Right to object: object to processing based on legitimate interests, including direct marketing
  • Rights related to automated decision-making: not to be subject to solely automated decisions that produce significant legal or similarly significant effects
  • Right to withdraw consent: withdraw any previously given consent at any time, without affecting the lawfulness of processing before withdrawal

To exercise any of these rights, email privacy@loomella.co.uk. We will respond within one calendar month. We may need to verify your identity before processing your request.

8. Cookies

We use cookies and similar tracking technologies. For full details of the cookies we set, their purposes, and how to manage your preferences, please read our Cookie Policy.

9. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These include TLS encryption in transit, hashed password storage, access controls, and regular security assessments. However, no method of transmission over the internet is 100% secure and we cannot guarantee absolute security.

10. Children's Privacy

Our services are not directed at children under the age of 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

11. Complaints

If you have a concern about how we handle your data, please contact us first at privacy@loomella.co.uk. If you remain dissatisfied, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO):

  • Website: ico.org.uk
  • Helpline: 0303 123 1113

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (if you have an account) or by displaying a prominent notice on our website. The “Last updated” date at the top of this page reflects the most recent revision. We encourage you to review this policy periodically.

Loomella

The UK's online department store — thousands of products across every category, delivered to your door.

Shop
  • All Departments
  • New Arrivals
  • Bestsellers
  • Sale
Customer
  • Contact Us
  • Shipping Info
  • Returns & Refunds
  • Track Order
  • FAQs
Company
  • About Us
  • Careers
  • Sustainability
Legal
  • Privacy Policy
  • Terms of Service
  • Cookie Policy
  • Modern Slavery
© 2026 Loomella Ltd.