Privacy Policy
1. Introduction
This Privacy Policy (“Policy”) describes how Andréa Kọsta, operated by Sarto Luxury Tailoring Ltd, a company registered in England and Wales (Company No. 10461888) (“Company,” “we,” “us,” or “our”), collects, processes, uses, and shares your personal data when you use our website www.andreakosta.co.uk (the “Site”).
We are committed to protecting your privacy and handling your personal data in accordance with:
- The UK General Data Protection Regulation (“UK GDPR”) and the UK Data Protection Act 2018; and
- Where applicable, the EU General Data Protection Regulation (“EU GDPR”)
Please read this Policy carefully. By using our Site, you agree to the terms set out here.
2. What is Personal Data?
“Personal data” means any information that identifies you, directly or indirectly, such as your name, postal address, email address, telephone number, payment details, order history, or IP address.
3. Legal Basis for Processing
We process your personal data under one or more of the following legal bases, applicable under both UK and EU GDPR:
- Contractual necessity – to provide the products and services you have requested (e.g., processing and delivering your orders)
- Legitimate interests – to operate and improve our Site, prevent fraud, and provide customer support
- Legal obligations – to comply with UK or EU laws and regulations
- Consent – where you have explicitly agreed, for example, when subscribing to marketing communications. You may withdraw consent at any time
4. Information We Collect
a) Information You Provide Directly
- When you register for an account or place an order (name, postal address, email address, telephone number, payment details).
- When you contact us by email, phone, or through our Site.
- When you participate in promotions or complete surveys.
- When you submit reviews, comments, or other content on our Site
b) Information from Social Networking Sites
If you connect with us through social media (e.g., Instagram, Facebook), we may receive information from that service based on your settings.
c) Information Collected Automatically
When you use our Site, we automatically collect information such as:
- IP address
- Browser type and version
- Device type and operating system
- Pages visited and time spent on the Site
- Referring website URL
This is collected via cookies and similar technologies (see Section 6)
5. How We Use Your Personal Data
We may use your personal data to:
- Process and fulfil your orders
- Manage your account and provide customer support
- Communicate with you about orders, account matters, or enquiries
- Send marketing communications (where legally permitted)
- Improve our Site and product offerings
- Detect and prevent fraud or other illegal activities
- Comply with legal obligations
6. Cookies and Similar Technologies
Our Site uses cookies to improve functionality and your browsing experience. Cookies are small text files placed on your device when you visit our Site. We use:
- Essential cookies – required for basic Site operation
- Functionality cookies – to remember your preferences and settings
- Analytics cookies – to understand how visitors use our Site
- Advertising cookies – to deliver relevant adverts based on browsing activity
You can manage or delete cookies via your browser settings. Disabling cookies may affect Site functionality.
7. Sharing Your Personal Data
We may share your personal data with:
- Service providers (e.g., payment processors, delivery companies, IT support)
- Marketing platforms (only with your consent)
- Legal and regulatory authorities when required
We do not sell your personal data to third parties.
8. International Data Transfers
Because we are based in the UK and ship internationally, your personal data may be transferred:
- From the UK to the EEA and from the EEA to the UK — these transfers are currently permitted as the UK has an EU adequacy decision
- Outside the UK/EEA — where this occurs (e.g., via Shopify, payment processors, cloud services), we will ensure your personal data is protected by appropriate safeguards, such as the UK International Data Transfer Agreement and/or EU Standard Contractual Clauses
9. Data Retention
We keep your personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, or reporting obligations.
10. Your Rights
Under both UK and EU GDPR, you have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate or incomplete data
- Request deletion of your data (subject to legal obligations)
- Object to processing based on legitimate interests
- Withdraw consent at any time
- Request restriction of processing
- Request a copy of your data in a portable format
EU residents also have the right to lodge a complaint with their local Data Protection Authority. UK residents may contact the ICO (www.ico.org.uk).
11. Security
We implement appropriate technical and organisational measures to protect your personal data from loss, misuse, or unauthorised access.
13. Contact Us
For any questions about this Policy or to exercise your rights, please contact:
Email: info@andreakosta.co.uk
Post: 27 Duke Street, Liverpool, L1 5AP, United Kingdom
Last updated: 13 August 2025