Last updated: 30/05/2025
RubyZen (“we,” “us,” or “our”) is committed to protecting the privacy and personal data of our customers (“you,” “your”) in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable privacy laws. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit www.rubyzen.co.uk (the “Website”) or make a purchase from our online store.
RubyZen is the data controller responsible for this Privacy Policy. All questions or concerns regarding your personal data should be directed to:
Data Protection Officer
Email: privacy@rubyzen.co.uk
Address: [Company Address]
We collect various categories of personal information from you, depending on how you interact with our Website:
Account Registration: Name, email address, password (hashed/stored securely), telephone number, billing address, delivery address.
Purchases & Transactions: Payment information (credit/debit card number, expiry date, CVV) processed securely by a PCI-compliant payment gateway (we do not store full card details). Order history, shipping preferences, invoice details.
Customer Support: Communications you send to us via email, live chat, or phone (including attachments, feedback, complaints).
Marketing Opt-Ins: If you choose to subscribe to newsletters, promotional offers, or SMS alerts, we will store your email address or phone number.
Device & Technical Data: IP address, browser type/version, device type (desktop, mobile, tablet), operating system, referring URLs, pages visited, clickstream data, and duration of visits (collected via cookies and similar tracking technologies).
Location Data: Approximate location derived from your IP address.
Analytics Data: We use Google Analytics (or similar) to collect aggregated usage and performance data to improve our Website.
Payment Processors: Confirmation of payment status (e.g., successful payment, fraud checks).
Shipping Carriers: Delivery confirmation, track & trace information.
Social Media Platforms: If you log in via “Login with Facebook” or “Login with Google,” we may receive your name and email address from that social provider (subject to your privacy settings with that provider).
Public Sources: We may collect or verify certain information from publicly available databases or other third-party data providers for fraud prevention.
We process personal data for the following purposes and legal bases under the UK GDPR:
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Order Fulfilment & Delivery | Name, address, email, phone, payment details, Order history | Performance of Contract |
| Payment Processing & Fraud Prevention | Payment info, IP address, device data, transaction history | Performance of Contract & Legitimate Interests (anti-fraud) |
| Customer Service & Support | Name, email, phone, support tickets | Performance of Contract |
| Account Management | Login credentials, purchase history, preferences | Performance of Contract |
| Marketing & Promotions | Email, phone, purchase history, browsing behavior | Consent (opt-in) |
| Website Analytics & Improvement | Device data, cookies, usage data | Legitimate Interests (service enhancement) |
| Legal Compliance & Security | IP, transaction details, order history, communications | Legal Obligation & Legitimate Interests |
| Personalisation & Recommendations | Purchase history, browsing data, location | Legitimate Interests (user experience) |
We will send you promotional emails, newsletters, or SMS messages only if you have opted in. You may opt out at any time by clicking “unsubscribe” in any email or by contacting us at unsubscribe@rubyzen.co.uk.
We do not sell or rent your personal data to third-party marketers. We may share aggregated (non-identifying) data with partners to analyse trends.
We use cookies and similar tracking technologies (e.g., web beacons, JavaScript, local storage) to collect and store information when you visit our Website.
Essential/Strictly Necessary Cookies: Required for core functionality (e.g., shopping cart, login). Cannot be disabled if you want to use the Service.
Performance & Analytics Cookies: Help us understand how visitors interact with the Website (e.g., Google Analytics _ga cookie). Data is aggregated and anonymised.
Functionality Cookies: Remember your preferences (e.g., language, region) and customise your experience.
Targeting/Advertising Cookies: Used to deliver relevant ads and measure advertising effectiveness. May be set by third parties (e.g., Facebook Pixel).
You can control or delete cookies via your browser settings (e.g., Chrome > Settings > Privacy and Security > Cookies and other site data). Be aware that disabling certain cookies may impact Website functionality.
For analytical cookies (e.g., Google Analytics), you can opt out by installing the Google Analytics Opt-out Browser Add-on: https://tools.google.com/dlpage/gaoptout
We may share your personal data with:
Service Providers & Processors:
Payment Gateways: (e.g., Stripe, PayPal) for processing transactions.
Shipping Carriers: (e.g., Royal Mail, DHL, UPS) to fulfill and track orders.
IT Providers: (e.g., web hosting, email platforms, cloud storage) to operate and maintain the Website.
Analytics & Marketing Platforms: (e.g., Google Analytics, Mailchimp) for performance insights and email delivery.
Professional Advisors & Regulatory Authorities:
Accountants/Auditors/Legal Advisors: for financial reporting and compliance.
Government, Police, or Regulatory Agencies: if required by law (e.g., data breach investigations, VAT audits).
Business Transfers:
If RubyZen is involved in a merger, acquisition, financing, or sale of assets, we may share or transfer your personal data to the surviving entity or buyer (subject to confidentiality provisions).
Other Third Parties (with your consent):
If you explicitly consent to a third-party integration (e.g., opting into a co-branded promotion or entering a referral program).
All data we collect is stored and processed on servers located within the UK or the European Economic Area (EEA).
If we transfer personal data outside the UK/EEA (e.g., to a cloud service provider in the US), we will ensure appropriate safeguards (such as Standard Contractual Clauses or adequacy decisions) are in place to protect your rights under UK GDPR.
We implement appropriate technical and organisational measures to protect your personal data from unauthorized access, loss, misuse, alteration, or destruction. These measures include:
SSL/TLS encryption on all pages to protect data in transit.
Firewalls, intrusion detection systems, and regular security assessments for our servers.
Access controls and encryption of sensitive data (e.g., payment tokens, password hashes) at rest.
Staff training and confidentiality agreements to ensure personal data is handled securely.
We retain your personal data only as long as necessary to fulfill the purposes outlined in this Policy or as required by applicable law (e.g., tax records must be kept for at least 6 years).
Once retention periods expire, we will securely delete or anonymise your personal data.
Under the UK GDPR, you have certain rights regarding your personal data. To exercise any of these rights, please contact us at privacy@rubyzen.co.uk. We may require verification of your identity before processing your request.
Right to Access: Request a copy of the personal data we hold about you.
Right to Rectification: Ask us to correct inaccurate or incomplete personal data.
Right to Erasure (“Right to Be Forgotten”): Request deletion of your personal data, subject to certain legal exceptions (e.g., compliance with tax obligations).
Right to Restrict Processing: Ask us to limit how we use your personal data (e.g., while a dispute is resolved).
Right to Data Portability: Request a machine-readable copy of your personal data to transfer to another data controller (where applicable).
Right to Object: Object to processing based on legitimate interests, direct marketing, or profiling.
Right to Withdraw Consent: If processing is based on consent (e.g., marketing emails), you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
Right to Lodge a Complaint: You have the right to lodge a complaint with the UK’s Information Commissioner’s Office (ICO) if you believe we’ve violated your data protection rights (https://ico.org.uk).
Our Website and Services are not directed to children under 16. We do not knowingly collect personal data from minors under 16 without parental consent. If we discover we have collected data from a minor, we will delete it promptly. If you believe we have inadvertently collected data from a child under 16, please contact us at privacy@rubyzen.co.uk.
Our Website may contain links to third-party sites or embedded content (e.g., YouTube videos, social media feeds). We do not control these external sites and are not responsible for their privacy practices. We encourage you to review their privacy policies before providing any personal information.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations.
When we make changes, we will revise the “Last updated” date at the top of this page and, where appropriate, notify you (e.g., via email for registered customers).
Your continued use of the Website after changes are posted constitutes your acceptance of the updated Policy.
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Data Protection Officer
Email: privacy@rubyzen.co.uk
English 