PRIVACY POLICY
GLORIAH
Privacy Policy
Last updated: May 2026
GLORIAH is committed to protecting your personal data and being transparent about how we use it. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights under applicable data protection law, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
GLORIAH ("we", "us", "our") operates www.hellogloriah.com. We are the data controller for the personal data described in this policy. Our contact details are set out at the end of this document.
1. Personal data we collect
We collect personal data about you in the following ways:
a. Data you provide directly
Identity data: your first name, last name, and username.
Contact data: your email address, billing address, delivery address, and telephone number.
Account data: your password (stored in encrypted form), account preferences, and profile information.
Transaction data: details of purchases and orders you make with us. Payment card details are processed directly by our payment provider and are never stored by us.
Communications data: records of enquiries, complaints, or other communications you send us, including via social media.
Feedback and reviews: product reviews, survey responses, and competition entries you submit.
Marketing preferences: your preferences for receiving marketing from us.
b. Data collected automatically
Usage data: pages you visit, links you click, and how long you spend on our website.
Technical data: your IP address, browser type and version, operating system, device type, and referral source.
Cookie data: please see Section 7 (Cookies) for full details.
Email engagement data: whether you open or click links in emails we send you, where you have consented to receive them.
c. Location data
We may collect approximate location data where you provide consent via your device or browser settings.
2. Lawful bases for processing
UK GDPR requires us to have a lawful basis for processing your personal data. We rely on the following bases:
| Purpose | Lawful Basis |
| Processing and fulfilling your orders | Performance of a contract |
| Managing your account | Performance of a contract |
| Responding to enquiries and complaints | Legitimate interests (customer service) |
| Sending order confirmations and transactional updates | Performance of a contract |
| Sending marketing emails and promotional offers | Consent (you can withdraw at any time) |
| Personalising your website experience | Consent (via cookie preferences) / Legitimate interests |
| Analytics and website improvement | Consent (via cookie preferences) |
| Fraud prevention and security | Legitimate interests / Legal obligation |
| Publishing reviews where you have consented | Consent |
| Complying with legal and regulatory obligations | Legal obligation |
Where we rely on legitimate interests, we have assessed that our interests do not override your rights and freedoms as a data subject. You have the right to object to processing carried out on the basis of legitimate interests (see Section 6).
3. Who we share your data with
We do not sell your personal data. We may share it with the following categories of trusted third parties, all of whom are required to keep it secure and process it only as we instruct:
- Payment processors (e.g. Stripe, PayPal or similar) — to securely process payments.
- Delivery and fulfilment partners — to ship your orders.
- Email and marketing platforms (e.g. Klaviyo, Mailchimp or similar) — to send communications where you have consented.
- Analytics providers (e.g. Google Analytics) — to understand how our website is used, subject to your cookie consent.
- Customer service tools — to manage enquiries and support tickets.
- Professional advisors — legal, financial, and compliance consultants, bound by duties of confidentiality.
- Fraud prevention services — to protect you and us from fraudulent activity.
- Regulatory or law enforcement authorities — where we are legally required to disclose data.
In the event of a sale, merger, or transfer of our business, your data may be transferred to a new owner, subject to equivalent data protection obligations.
4. International data transfers
Some of our third-party service providers are based outside the UK or European Economic Area (EEA). Where we transfer your data internationally, we ensure appropriate safeguards are in place, such as:
Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office
Adequacy decisions where the receiving country has been assessed as providing adequate protection
The UK International Data Transfer Agreement (IDTA) where applicable
You can request further information about specific transfer safeguards by contacting us at the address below.
5. How long we keep your data
We keep your personal data only for as long as necessary for the purposes it was collected and to comply with our legal obligations. Our standard retention periods are:
| Type of Data | Retention Period |
| Order and transaction records | 7 years (tax and financial compliance) |
| Account data (active accounts) | For the duration of your account, plus 6 years after closure |
| Marketing consent records | Until you withdraw consent, plus 3 years |
| Customer service communications | 3 years from last interaction |
| Cookie consent logs | 12 months from consent date |
| Website analytics data | As per our analytics provider settings (typically 26 months) |
After the applicable retention period, personal data is securely deleted or anonymised so it can no longer be used to identify you.
6. Your data protection rights
Under UK GDPR, you have the following rights:
- Right of access: you can request a copy of the personal data we hold about you (a 'Subject Access Request').
- Right to rectification: you can ask us to correct inaccurate or incomplete data.
- Right to erasure: you can ask us to delete your data in certain circumstances (the 'right to be forgotten').
- Right to restrict processing: you can ask us to pause processing of your data while a dispute is resolved.
- Right to data portability: you can request your data in a structured, machine-readable format.
- Right to object: you can object to processing based on legitimate interests or direct marketing.
- Rights related to automated decision-making: we do not make solely automated decisions that have a legal or similarly significant effect on you.
- Right to withdraw consent: where we rely on consent, you can withdraw it at any time without affecting the lawfulness of processing before withdrawal
To exercise any of these rights, please contact us at hello@hellogloriah.com. We will respond within one month. We may need to verify your identity before processing your request. There is no charge for exercising your rights.
If you are unhappy with how we handle your data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):
Website: ico.org.uk
Telephone: 0303 123 1113
Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
7. Cookies
Our website uses cookies and similar tracking technologies. A cookie is a small text file stored on your device that helps us recognise your browser and remember your preferences.
Categories of cookies we use
- Strictly necessary cookies: essential for the website to function (e.g. keeping items in your basket). These do not require your consent.
- Analytics cookies: help us understand how visitors use our website (e.g. Google Analytics). Only set after you consent.
- Performance cookies: used to measure and improve site performance. Only set after you consent.
- Advertising and targeting cookies: used to show relevant adverts and track campaign performance. Only set after you consent.
Your cookie choices
When you first visit our website, you will be shown a cookie banner. You can accept all cookies, reject all non-essential cookies, or customise your preferences by category. You can change or withdraw your cookie consent at any time by clicking 'Cookie preferences' in the footer of our website.
You can also manage cookies through your browser settings. The ICO provides guidance at:
https://ico.org.uk/your-data-matters/online/cookies/
To opt out of Google Analytics tracking specifically, you may install the Google Analytics
Opt-out Browser Add-on:
https://tools.google.com/dlpage/gaoptout
Please note that disabling non-essential cookies will not affect your ability to browse or purchase from our website.
8. Marketing communications
We will only send you marketing emails if you have given us your consent to do so, or where we are permitted to do so under the Privacy and Electronic Communications Regulations (PECR).
You can opt out of marketing communications at any time by:
- Clicking the unsubscribe link in any marketing email
- Emailing us at hello@hellogloriah.com
- Updating your preferences in your account settings
Even if you opt out of marketing, we will continue to send you transactional messages such as order confirmations, shipping updates, and account notifications, as these are necessary for the fulfilment of your orders.
9. Security
We take the security of your personal data seriously. We implement appropriate technical and organisational measures to protect it against unauthorised access, loss, or disclosure, including:
SSL/TLS encryption for all data transmitted via our website
Secure, access-controlled storage of personal data
Payment details processed via PCI-DSS compliant payment providers — we never store payment card data
Regular review of our security practices
In the event of a personal data breach that is likely to risk your rights and freedoms, we will notify the ICO within 72 hours and, where required, inform you directly.
10. Third-party websites and social media
Our website may contain links to third-party websites and social media platforms. This Privacy Policy applies only to our website. We are not responsible for the privacy practices of third-party sites and encourage you to read their privacy policies before sharing any personal data.
If you interact with our brand pages on Instagram, TikTok, Facebook, or other platforms, those interactions are subject to the privacy policies of the respective platforms.
11. Children's privacy
Our website and products are not directed at children under the age of 16. We do not knowingly collect personal data from anyone under 16. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.
12. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The updated version will be posted on this page with a revised 'Last updated' date. Where changes are material, we will notify you by email or via a notice on our website.
We encourage you to review this policy periodically.
13. Contact us
If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have a concern about how we handle your data, please contact us:
Contact Details
Email: hello@hellogloriah.com
Website: www.hellogloriah.com
Postal address: GLORIAH — please contact us by email for our full registered address
If you are not satisfied with our response, you have the right to contact the Information Commissioner's Office (ICO), the UK supervisory authority for data protection. Details are in Section 6 above.
