ST.CRUZCO. (“we”, “us”, “our”) is committed to protecting your privacy and handling your personal data in a transparent, lawful, and secure manner, in accordance with the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR).

 

1. Information We Collect

We may collect and process the following personal data when you place an order, create an account, or contact us:

• Identity data: name

• Contact data: email address, billing and shipping address

• Transaction data: payment details (processed securely by third-party providers), order history

• Technical data: IP address, browser type, device information, and website usage data

2. Lawful Basis for Processing

Under GDPR, we rely on the following lawful bases to process your personal data:

• Contractual necessity – to process and fulfil your orders

• Legal obligation – to comply with tax, accounting, and regulatory requirements 

• Legitimate interests – to improve our website, services, and customer experience

• Consent – for marketing communications, where required

 

You may withdraw your consent at any time.

​

3. How We Use Your Information

Your personal data is used to:

• Process and fulfil orders

• Communicate with you regarding purchases or enquiries

• Provide customer support

• Improve our website and services

• Comply with legal and regulatory obligations

​

4. Data Sharing

We do not sell, rent, or trade your personal data.

 

We may share your data with trusted third-party service providers only where necessary, including:

• Payment processors

• Shipping and logistics partners

• IT and website service providers

• Legal or regulatory authorities where required by law

​All third parties are required to process your data securely and in compliance with GDPR.

​

5. International Data Transfers

Where your personal data is transferred outside the UK or European Economic Area (EEA), we ensure appropriate safeguards are in place, such as standard contractual clauses or equivalent legal protections.

​

6. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration, or misuse. Payment transactions are handled exclusively by secure, compliant third-party payment providers.
 

7. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes outlined in this policy, including legal, accounting, or reporting obligations.

​

8. Your Rights Under GDPR

You have the right to:

• Access your personal data

• Request correction of inaccurate or incomplete data

• Request deletion of your personal data

• Restrict or object to processing

• Request data portability

• Withdraw consent at any time (where processing is based on consent)

 

To exercise any of these rights, please contact us using the details below.
 

9. Marketing Communications

You may opt out of marketing communications at any time by using the unsubscribe link in our emails or by contacting us directly.
 

10. Contact Information

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us at:
hello@stcruzco.com

​

If you believe your data protection rights have been violated, you also have the right to lodge a complaint with your local data protection authority, including the UK Information Commissioner’s Office (ICO) or your relevant EU supervisory authority.