• Privacy Policy

Privacy Policy

Last Updated: December 5, 2025

1. Who We Are

Aura Loom Limited ("we," "us," or "our") operates the Auraloom store. Our registered address is 69 Friars Road, London E6 1LJ, United Kingdom. We are committed to protecting the privacy and security of your personal data, particularly for residents of the European Economic Area (EEA) and the United Kingdom (UK), in accordance with the General Data Protection Regulation (GDPR) and UK GDPR.

Our Contact Details:
Website Name: Aura Loom
Email: support@auraloom.io
Phone Number: +44 7466 044987
Physical address: 69 Friars Road, London E6 1LJ, United Kingdom

2. What Personal Data We Collect

We collect personal identification information from Users when they interact with Auraloom, such as when creating an account, placing an order, subscribing to our newsletter, or contacting customer service. This information may include:

  • Contact & Account Information: Full name, email address, mailing address, and phone number.
  • Transaction Data: Details of the products you purchased.
  • Payment Information: Credit card or other payment details needed to process orders. (Note: Payment information is processed securely by third-party processors and is not stored on our servers.)
  • Authentication Data: For buyers and sellers, we may collect information to confirm product authenticity, including photos and product descriptions.

We collect Device & Usage Information using the following technologies:

  • "Cookies" are data files that are placed on your device or computer and often include an anonymous unique identifier.
  • "Log files" track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
  • "Web beacons," "tags," and "pixels" are electronic files used to record information about how you browse the Site.

3. ⚖️ How We Use and Our Legal Basis for Collected Information (GDPR/UK GDPR)

We rely on the following legal bases under Article 6 of the GDPR for the respective purposes:

Purpose of ProcessingType of Data UsedLegal Basis (GDPR/UK GDPR)To Provide and Maintain Our Services (Processing orders, managing accounts, shipping, and customer support.)Contact, Transaction, PaymentContractual Necessity (Processing is necessary to perform the contract of sale with you.)To Personalize User Experience & Improve Our Website (Aggregated data, site usage, non-essential cookies for analytics.)Device & Usage, Aggregated DataLegitimate Interest (Our interest in improving our business and website performance, provided your rights are not overridden.)To Process PaymentsPayment InformationContractual Necessity & Legal Obligation (To complete the transaction and comply with anti-fraud/money laundering laws.)To Send Order/Service Communications (Confirmations, updates, responses to inquiries.)Contact, TransactionContractual Necessity & Legitimate Interest (Responding to legitimate business needs/inquiries.)To Send Promotional Communications (Marketing emails/SMS.)Contact InformationConsent (You must give us clear, explicit, and unambiguous consent, which you can withdraw at any time.)For Legal Compliance (Tax, accounting, and government requests.)Contact, TransactionLegal Obligation (Processing is necessary to comply with a legal duty.)

4. How We Protect Your Data

We implement reasonable security measures to protect your personal information against unauthorized access, alteration, or disclosure. Sensitive and private data exchanged between the Site and Users is encrypted and protected via SSL (Secure Socket Layer) and other digital security measures. We also comply with industry standards for payment card security.

5. Data Sharing and Disclosure

We do not sell, trade, or rent Users' personal identification information. However, we may share information:

  • With Service Providers: We may share information with third-party providers who assist us in our business operations (e.g., payment processing, shipping, or customer support) under strict data processing agreements.
  • For Legal Compliance: We may disclose information if required by law or to protect against legal liability.
  • During Business Transfers: In case of a merger, acquisition, or sale, personal data may be transferred.

6. 👶 Children's Privacy (Under GDPR/UK GDPR)

Our website is not intended for individuals under the age of sixteen (16). We do not knowingly collect Personal Data from children.

If you are a resident of the EEA or UK, and you are under the age of 16, you are required to obtain parental consent to use the service and provide any personal data. If we become aware that we have collected data from a child under the age of 16 without appropriate parental authorization, we will take immediate steps to delete such information. If you believe your child has provided us with Personal Data, please contact us at support@auraloom.io.

7. Data Retention

We retain your personal information only as long as necessary to fulfill the purposes outlined in this policy, such as keeping your account active or as required by law.

  • Account Information: Retained as long as the account remains active.
  • Legal Compliance: Retained for the period required to meet legal obligations (e.g., typically 7-10 years for transaction/tax records).

8. 👑 Your Expanded Rights and Choices (EEA/UK Data Subject Rights)

If you are a resident of the EEA or the UK, you have the following rights regarding your personal data:

  1. Right to be Informed
  2. Right of Access (SAR)
  3. Right to Rectification
  4. Right to Erasure (Right to be Forgotten)
  5. Right to Restrict Processing
  6. Right to Data Portability
  7. Right to Object
  8. Right to Withdraw Consent

To exercise any of these rights, please contact us at support@auraloom.io or call us at +44 7466 044987. We will respond to your request within one month.

9. 🌍 International Data Transfers (EEA/UK)

We may transfer, store, and process your personal data outside the country where you live (such as to the United States where Shopify and many third-party processors are located).

We ensure a similar degree of protection is afforded to your data by implementing at least one of the following safeguards:

  • Transferring data to countries that have been deemed to provide an adequate level of protection (an "Adequacy Decision").
  • Using Standard Contractual Clauses (SCCs) approved by the European Commission, and/or the International Data Transfer Agreement (IDTA) or UK Addendum issued by the UK’s Information Commissioner's Office (ICO). These provide contractual obligations for the data recipient to protect the data to GDPR/UK GDPR standards.

10. Right to Lodge a Complaint

If you have a complaint about how we handle your data, you have the right to lodge a complaint with your relevant supervisory authority:

  • For UK residents: The supervisory authority is the Information Commissioner’s Office (ICO).1 You can find their contact details on the ICO website (www.ico.org.uk).2
  • For EEA residents: You can complain to the relevant Data Protection Authority (DPA) in the EU Member State where you reside.3 A list of all EU DPAs can be found on the European Data Protection Board (EDPB) website.

11. Changes to This Privacy Policy

We may update this policy periodically. The "Last Updated" date at the top of this document indicates the latest revision. We encourage Users to review this Privacy Policy occasionally to stay informed on how we protect and use their information. Continued use of the Site after updates will constitute acceptance of the updated policy.

Disclaimer: This policy has been modified to incorporate key requirements of GDPR and UK GDPR based on your input. You must still have this document reviewed by a qualified legal professional to ensure it meets all specific legal requirements for your business operations and jurisdiction.

Website Name: Aura Loom
Email: support@auraloom.io
Phone Number: +44 7466 044987
Physical address: 69 Friars Road, London E6 1LJ, United Kingdom