PRIVACY POLIcY

PRIVACY POLICY - Last updated: June 28, 2025

This Privacy Policy explains how ANA DEL RIO LTD (also described as “we," "us," or "our") collects, uses, processes, and protects your personal data when you visit and use our website anadelrio.com (the “website"), or interact with us. We are committed to protecting your privacy and handling your data in an open and transparent manner, in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

ANA DEL RIO LTD is a company registered in the United Kingdom, registration number 15468263

-Website: anadelrio.com

-Contact Email: studio@anadelrio.com

-Business Address: Studio 301 Cockpit Arts, 18-22 Creeskide, London, England, SE8 3DZ

For the purpose of UK data protection laws, ANA DEL RIO LTD is the data controller of your personal data.

2. Personal Data We Collect

We may collect various types of personal data from you, depending on your interaction with our website.

2.1. Data You Provide Directly To Us:

-Contact Information: Name, email address, phone number, postal address (e.g., when you fill out contact forms, sign up for newsletters, or place an order).

-Account Information: If you create an account, we collect your username, password (encrypted), and associated contact details.

-Order Information: Details necessary to process your orders, including shipping address, billing address. (Note: We do NOT directly collect or store your payment card details; see Section 3.2 for more on payment processors).

-Demographic Information: Age and gender, if you choose to provide it.

-User Generated Content: Comments, reviews, forum posts or other content you submit to the website.

-Correspondence: Records of communications you have with us, such as customer support enquiries.

2.2. Data Collected Automatically

When you visit our website, we may automatically collect certain information from your device, including:

-Device Information: IP address, browser type and version, operating system, device type, screen resolution.

-Usage Data: Information about how you use our website, such as pages visited, time spent on pages, referral source (the website you came from), search terms used, and clickstream data.

-Location Data: General geographical location derived from your IP address.

-Cookies and Tracking Technologies: Information collected through cookies and similar technologies (please see our Cookie Policy below).

3. How We Use Your Personal Data

We use your personal data for various purposes, based on specific legal grounds:

3.1. To Provide Services and Process Orders (Contractual Necessity):

-To process and fulfil your orders, including managing payments, shipping, and delivery.

-To manage your user account on our website.

-To communicate with you regarding your orders, accounts, and customer service enquiries.

3.2. For Business Operations and Improvement (Legitimate Interests):

-To improve our website, products and services as well as to understand user behaviour and preferences.

-To personalise your experience on our website.

-To detect and prevent fraud, security breaches, and other harmful activities.

-To ensure the security of our website and systems.

-To manage and improve our internal operations, including data analysis, testing, and research.

-To ask for your feedback or to take part in market research (unless you opt out).

-For business development and growth.

3.3. For Marketing and Communications (Consent or Legitimate Interests):

-Newsletters: To send you newsletters and promotional emails about our products, services, and offers, where you have consented to receive them.

-Direct Marketing: To send you marketing communications about products and services similar to those you have previously purchased from us, where permitted by law and where you have not opted out.

-User-Generated Content: To display your comments, reviews, or forum posts on the website or in our marketing materials, where you have explicitly provided them for this purpose.

3.4. To Comply with Legal Obligations (Legal Obligation):

-To comply with applicable laws, regulations, legal processes, or governmental requests (e.g., tax or accounting requirements).

-To enforce our terms and conditions.

4. Sharing Your Personal Data

We may share your personal data with the following categories of third parties for the purposes described in this Privacy Policy:

-Service Providers: We engage trusted third-party service providers to perform functions on our behalf and to assist us in operating our business. These may include:

  • Payment Processors: Companies that process your credit card and other payment information (e.g., Stripe, PayPal). We do not store your full payment card details.

  • Shipping Companies: Carriers/couriers that deliver your orders.

  • Analytics Providers: Companies like Google Analytics that help us understand website usage.

  • Cloud Hosting Providers: Services that host our Website and data (e.g., AWS, Microsoft Azure, Google Cloud).

  • Marketing and Advertising Partners: Companies that assist us with our marketing campaigns, including social media platforms and ad networks.

  • IT Service Providers: Companies that provide technical support and maintenance for our systems.

-Professional Advisors: Our legal, accounting or other professional advisors where necessary for them to provide services to us.

-Law Enforcement & Regulators: If required by law, we may disclose your personal data to governmental or regulatory authorities, or as part of a legal process.

-Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal data may be transferred to the acquiring entity.

We only share personal data necessary for the third party to perform their specific services and require them to protect your data in accordance with our standards and applicable data protection laws.

5. Cookies and Tracking Technologies

Our website uses "cookies" and similar tracking technologies to enhance your experience, analyse website usage and for marketing purposes.

-What are Cookies? Cookies are small text files placed on your device (computer, tablet, smartphone) when you visit a website. They are widely used to make websites work more efficiently and to provide information to the website owners.

-Types of Cookies We Use:

  • Strictly Necessary Cookies: Essential for the operation of our website, enabling core functionalities like secure log-in, shopping cart features, or order processing. These do not require your consent.

  • Analytical/Performance Cookies: Allow us to recognise and count the number of visitors and see how visitors move around our website. This helps us improve the way our website works. We use Google Analytics for this purpose. These require your consent.

  • Functionality Cookies: Used to recognise you when you return to our website. This enables us to personalise our content for you and remember your preferences (e.g., language or region). These require your consent.

  • Advertising/Targeting Cookies: Record your visit to our website, the pages you have visited, and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose. These require your consent.

-Your Cookie Choices: When you first visit our website, you will be presented with a cookie consent banner allowing you to manage your cookie preferences. You can also manage your cookie settings directly through your web browser (e.g., Chrome, Firefox, Edge, Safari). Most browsers allow you to block all cookies or to block only third-party cookies. However, please note that blocking all cookies may impact the functionality of our website.

6. International Data Transfers

As we use global service providers (e.g. cloud hosting, analytics), your personal data may be transferred to, and stored at, a destination outside the UK or the European Economic Area (EEA). These countries may not have data protection laws equivalent to those in the UK. Whenever we transfer your personal data outside the UK/EEA, we ensure a similar degree of protection is afforded to it by implementing at least one of the following safeguards:

-Adequacy Decisions: We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UK government.

-Standard Contractual Clauses (SCCs): Where adequacy decisions are not in place, we may use specific contracts approved for use in the UK (e.g., UK International Data Transfer Agreement or UK addendum to EU SCCs) which give personal data the same protection it has in the UK.

7. Data Security

We are committed to ensuring the security of your personal data. We implement appropriate technical and organisational measures to protect your data from accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include:

-Using SSL/TLS encryption (HTTPS) to secure data transmission on our website.

-Storing data on secure servers with restricted access.

-Implementing access controls to limit who can access personal data to authorised personnel who require it for their job functions.

-Regularly reviewing our information collection, storage, and processing practices.

-Ensuring our third-party service providers also implement robust security measures.

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

8. Your Data Protection Rights

Under UK data protection law, you have the following rights regarding your personal data:

-The Right to Be Informed: To receive clear, transparent, and easily understandable information about how we use your data and your rights. This is why we have this Privacy Policy.

-The Right to Access: To request access to the personal data we hold about you (commonly known as a "data subject access request").

-The Right to Rectification: To request that any inaccurate or incomplete personal data we hold about you is corrected or completed.

-The Right to Erasure (the "Right to Be Forgotten"): To request the deletion or removal of your personal data where there is no compelling reason for its continued processing (e.g., you withdraw consent, the data is no longer necessary for the purpose for which it was collected).

-The Right to Restrict Processing: To request that we suspend the processing of your personal data in certain circumstances (e.g., if you contest the accuracy of the data, or you have objected to processing).

-The Right to Data Portability: To receive your personal data in a structured, commonly used, and machine-readable format and to have the right to transmit that data to another controller without hindrance from us, where technically feasible.

-The Right to Object: To object to the processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.

-Rights in Relation to Automated Decision Making and Profiling: To object to decisions being made about you that are based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you. (We do not typically engage in such processing).

To exercise any of these rights, please contact us at studio@anadelrio.com. We will respond to your request within one month, in line with UK GDPR requirements. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights).

9. Children's Privacy

Our website is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe that your child has provided us with personal data without your consent, please contact us, and we will take steps to delete such information.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. The "Last Updated" date at the top of this policy will indicate when it was last revised. For any significant changes, we will notify you by placing a prominent notice on our website or by sending you an email (if you have provided us with your email address for this purpose). We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

11. How to Complain

If you have any concerns about our use of your personal data, you can make a complaint to us at studio@anadelrio.com.

You also have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.