Privacy Policy

1. Who We Are
Okessa LTD (“we”, “us”, “our”) is a fashion retail business operating on the Shopify platform. We are the data controller responsible for your personal information under UK data protection law.
If you have any questions or requests regarding this policy, contact us at:
Email: support@okessa.com
Address: 128,City Road London, EC1V 2NX, United Kingdom.
 
2. Information We Collect
When you visit our website, create an account, place an order, or subscribe to our marketing, we collect the following personal data:
a. Automatically via Shopify
Shopify automatically collects certain data when you use our site:
•    IP address
•    Device and browser type
•    Referrer URLs
•    Pages visited
•    Time zone
•    Cookies and cart data
This data helps us operate our store and ensure a smooth shopping experience.
b. Directly From You
•    Name
•    Email address
•    Phone number
•    Billing and delivery addresses
•    Order and return history
•    Marketing preferences
•    Payment information (processed securely via Shopify’s PCI-compliant gateway; we do not store credit card numbers)
 
3. How We Use Your Data
We only use your personal information where we have a lawful basis to do so, including:

Purpose

Lawful Basis

To process and fulfil orders

Contract

To provide customer service

Legitimate Interest

To manage your account

Contract

To send marketing emails (if you opt-in)

Consent

To prevent fraud and maintain security

Legitimate Interest

To comply with tax and legal obligations

Legal Obligation


4. Sharing Your Data
We share your personal data only with trusted third-party services necessary to operate our business:
a. With Shopify
We use Shopify Inc. as our e-commerce platform. Shopify hosts our store and processes order data on our behalf. Shopify complies with UK and international data protection laws.
Shopify’s privacy policy: https://www.shopify.com/legal/privacy
b. With Payment Gateways
Your payment details are processed securely through:
•    Shopify Payments
•    PayPal
•    Shopay
•    Apple/ Google Pay
We do not store or access your full payment card details.
c. With Delivery Partners
We share your name, address, and contact number with courier services (e.g., Royal Mail, DPD) to fulfil your orders.
d. With Marketing Tools (if opted-in)
If you opt into marketing, your name and email may be processed via:
•    Klaviyo (email marketing)
•    Meta (Facebook/Instagram Ads)
•    Google Ads
You can unsubscribe at any time by clicking the unsubscribe link in our emails.
 
5. International Data Transfers
Shopify and some of our processors may transfer your data outside the UK. When they do, appropriate legal safeguards (such as Standard Contractual Clauses) are in place to protect your data under UK GDPR.
 
6. Cookies
We use cookies to:
•    Remember your shopping cart
•    Enable secure login
•    Collect analytics (via Shopify)
•    Provide tailored marketing (only if consented)
On your first visit, a cookie banner will ask for your consent to non-essential cookies. You can manage cookie preferences at any time via your browser settings.
For full details, see our [Cookie Policy].
 
7. How Long We Keep Your Data
We keep your data only for as long as necessary:
•    Order records: 6 years 
•    Email marketing: until you unsubscribe or withdraw consent
•    Analytics: retained per cookie duration or platform settings (e.g. 26 months on Google Analytics)
 
8. Your Data Protection Rights
Under UK GDPR, you have the right to:
•    Access your personal data
•    Correct inaccuracies
•    Request deletion (when lawful)
•    Object to or restrict processing
•    Withdraw consent (for marketing)
•    Data portability
To exercise any of these rights, contact: support@okessa.com
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
https://www.ico.org.uk
 
9. Children’s Data
Our website is not intended for children under the age of 16, and we do not knowingly collect their data. If you believe a child has provided us with personal data, please contact us immediately.
 
10. Security Measures
We take security seriously. Your data is encrypted using industry-standard SSL during transmission. Shopify is PCI-DSS Level 1 certified and follows best practices for data security.
 
11. Changes to This Policy
We may update this Privacy Policy occasionally. The revised version will be posted on this page, and if required by law, we will notify you of significant changes.
 
Contact Us
For any questions, concerns, or requests related to this Privacy Policy or your personal data:
Email: support@shopokessa
Postal Address: 128, City Road London, EC1V 2NX, United Kingdom.