Privacy Policy

Last updated: 16 March 2025

1. Data controller and contact details

The data controller responsible for your personal data is:

Vomreloneth
43A Wimpole St, London W1G 8AQ, United Kingdom
Email: relations@vomreloneth.world
Phone: +442076311269

If you have questions about this policy or your data, please contact us using the details above. We do not have a designated data protection officer; for data protection enquiries, use the same contact details.

2. Scope and applicability

This Privacy Policy applies to personal data we collect when you use our website https://vomreloneth.world (the “Site”), place orders, contact us, or otherwise interact with us. It explains what data we collect, why we collect it, how we use it, how long we keep it, and what rights you have under UK law, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018).

3. Personal data we collect

We may collect and process the following categories of personal data:

• Identity and contact data: name, email address, postal address, telephone number when you place an order, complete a contact or order form, or get in touch with us.
• Transaction and order data: order details, payment-related information (we do not store full card numbers; payment processing may be handled by third-party providers), delivery preferences and correspondence about orders.
• Technical and usage data: IP address, browser type and version, device type, time zone, referring URL, pages visited, and how you use the Site. This may be collected via cookies and similar technologies; see our Cookie Policy.
• Marketing and communications data: if you have opted in, your preferences for receiving marketing and your communication history with us.

We do not knowingly collect special category data (e.g. health, race, religion) unless you voluntarily provide it (e.g. in a message) and we need it to fulfil your request. We will use it only for the purpose you provided it and in line with applicable law.

4. Lawful basis and purposes for processing

We process your personal data only where we have a lawful basis under UK GDPR:

• Contract: to perform our contract with you (e.g. processing orders, delivery, returns, customer service).
• Legal obligation: to comply with UK law (e.g. tax, accounting, consumer rights).
• Legitimate interests: to run and improve our business, prevent fraud, ensure security, and defend legal claims, where our interests are not overridden by your rights.
• Consent: where we rely on consent (e.g. non-essential cookies, marketing). You can withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

Purposes include: processing and fulfilling orders; communicating with you about orders and enquiries; improving the Site and our services; detecting and preventing fraud; complying with legal obligations; and, where you have agreed, sending marketing communications.

5. How we collect your data

We collect data:

• Directly from you when you fill in forms (order, contact, newsletter), correspond with us, or provide feedback.
• Automatically when you use the Site (e.g. technical and usage data via cookies and similar technologies, as described in our Cookie Policy).
• From third parties where relevant (e.g. payment providers, delivery partners) to fulfil orders and provide services.

6. Recipients and sharing of data

We may share your personal data with:

• Service providers who assist us (hosting, payment processing, delivery, email delivery, analytics), under contracts that require them to protect your data and use it only as we instruct.
• Professional advisers (lawyers, accountants) where necessary for our legitimate interests or legal obligations.
• Regulators, law enforcement or other authorities when required by UK or applicable law.

We do not sell your personal data. If we transfer data outside the UK, we will ensure appropriate safeguards (e.g. adequacy decisions, standard contractual clauses) as required by UK GDPR.

7. International transfers

Your data is primarily processed in the United Kingdom. If we or our processors transfer data to countries outside the UK, we will ensure that such transfers are lawful and subject to appropriate safeguards (e.g. UK adequacy regulations, approved transfer mechanisms). You may request details of these safeguards by contacting us.

8. Retention periods

We keep your data only as long as necessary for the purposes set out in this policy:

• Order and transaction data: typically 7 years from the end of the financial year in which the transaction occurred, for legal, tax and accounting requirements.
• Contact and enquiry data: for the duration of the enquiry and a reasonable period thereafter (e.g. 2–3 years) unless you ask for deletion earlier and we have no legal obligation to retain it.
• Marketing data: until you withdraw consent or opt out, then we will retain only what we need to record your preference (e.g. suppression list).
• Technical and cookie data: as set out in our Cookie Policy (e.g. session data until you close the browser; analytics as stated there).

After the retention period, we will securely delete or anonymise your data so it no longer identifies you.

9. Security measures

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include: use of HTTPS and encryption where appropriate; access controls and staff training; secure storage and transmission; and regular review of our practices. Despite our efforts, no method of transmission or storage is completely secure; we encourage you to use strong passwords and protect your account details.

10. Your rights under UK GDPR

Under UK law you have the following rights in relation to your personal data:

• Right of access: you can request a copy of the personal data we hold about you.
• Right to rectification: you can ask us to correct inaccurate or incomplete data.
• Right to erasure: you can ask us to delete your data in certain circumstances (e.g. where it is no longer necessary, or you withdraw consent where consent was the basis).
• Right to restrict processing: you can ask us to restrict how we use your data in certain situations.
• Right to data portability: where processing is based on contract or consent and is carried out by automated means, you can ask for your data in a structured, machine-readable format.
• Right to object: you can object to processing based on legitimate interests or to direct marketing. We will stop marketing if you object.
• Right related to automated decision-making: we do not currently make decisions based solely on automated processing that significantly affect you; if we do in the future, we will inform you and respect your rights.

To exercise any of these rights, contact us using the details in section 1. We will respond within one month. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority: https://ico.org.uk.

11. Children

Our Site and services are not directed at children under 18. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us and we will delete it promptly.

12. Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top will be revised when we make changes. We encourage you to review this page periodically. For material changes, we may notify you by email or a notice on the Site where appropriate.

13. Third-party links

Our Site may contain links to third-party websites. We are not responsible for their privacy practices. Please read their privacy policies before providing any personal data.