Privacy Policy

Last updated: 7 October 2025

1) Who we are (Data Controller)

Sharafi & Co (a partnership between Nafiseh Siami and Mehdi Sharafi)

Address: Unit 9, First Floor, 1 Chandos Road, London NW10 6NF, United Kingdom

Email: info@sharafiandco.com

VAT: GB 495 1840 20

We are the data controller for the personal data we collect and process via our website, store, and customer support channels.

2) What this policy covers

This policy explains what personal data we collect, why we collect it, how we use it, who we share it with, how long we keep it, and your rights. It applies to:

  • Website visitors, customers, and account holders

  • Newsletter subscribers and enquiries

  • Suppliers and business contacts

For information about cookies, see our Cookies Policy.

3) Personal data we collect

A) Data you provide directly

  • Contact details (name, email, phone, billing/shipping addresses)

  • Order details (products, payment method, delivery preferences)

  • Account details (username, password)

  • Communications (emails, forms, phone calls, messages)

  • Marketing preferences (newsletter opt-in/consent choices)

B) Data we collect automatically

  • Device and usage data (IP address, browser, pages viewed, timestamps)

  • Session data required for cart/checkout functionality

  • Cookies and similar technologies (see Cookies Policy)

C) Data from third parties

  • Payment and fraud-prevention data from PayPal

  • Delivery updates from carriers/couriers

  • Analytics data from providers (if enabled, e.g., GA4)

  • Security/performance data from our CDN/WAF (e.g., Cloudflare)

We do not intentionally collect special category data (e.g., health, ethnicity) or criminal offence data.

4) Purposes & lawful bases for processing

PurposeExamplesLawful Basis
Fulfilling orders & customer serviceProcess payments, deliver items, returns/refunds, supportContract (Article 6(1)(b)); Legal obligation (tax/records)
Operating our website & securityCart/checkout, authentication, fraud prevention, and uptimeLegitimate interests (functioning, secure site)
CommunicationsOrder confirmations, service messages, and responding to enquiriesContract / Legitimate interests
Analytics & improvementsMeasure site performance, diagnose issuesConsent (where required) / Legitimate interests (aggregated, low-risk)
MarketingNewsletters, offers, remarketing (if enabled)Consent (opt-in); you can withdraw anytime
Legal & complianceHMRC/record-keeping, responding to lawful requestsLegal obligation / Legitimate interests

5) Who we share data with (categories of recipients)

We share only what’s necessary with:

  • Payment processors: PayPal (payments, fraud prevention)

  • Carriers/couriers: for delivery and returns

  • Hosting & infrastructure: web host, backup providers, CDN/WAF (e.g., Cloudflare)

  • Analytics/marketing tools (if enabled): e.g., Google Analytics, email service provider

  • Professional advisors: accountants, auditors, legal counsel

  • Regulators/law enforcement: where required by law

All providers are bound by contracts that restrict their use of your data to the services they perform for us.

6) International transfers

Some providers may process data outside the UK/EEA. Where this happens, we use appropriate safeguards (e.g., ICO-approved International Data Transfer Addendum, Standard Contractual Clauses, and—where applicable—provider certifications and technical measures).

7) How long do we keep your data (retention)

We keep data only as long as needed for the purposes above:

  • Orders, invoices, and tax records: 6 years (UK statutory guidance)

  • Customer service communications: typically up to 24 months

  • Accounts: for as long as the account is active (or 12 months after inactivity, unless legal retention applies)

  • Marketing: until you unsubscribe or withdraw consent

  • Cookies/analytics: per the durations listed in our Cookies Policy

We securely delete/anonymise data once retention periods expire.

8) Your rights (UK GDPR/EEA GDPR)

You have the right to:

  • Access your personal data

  • Rectify inaccurate or incomplete data

  • Erase data (“right to be forgotten”) where applicable

  • Restrict processing in certain circumstances

  • Object to processing based on legitimate interests or direct marketing

  • Data portability (to receive data in a structured, commonly used format)

  • Withdraw consent at any time (for activities based on consent)

To exercise any rights, email info@sharafiandco.com. We may need to verify your identity. We aim to respond within 30 days.

9) Marketing preferences

We only send email marketing with your opt-in consent. You can unsubscribe via any marketing email or by contacting us. Service emails (e.g., order updates) are not marketing and will still be sent.

10) Children’s privacy

Our website and products are not directed to children, and we do not knowingly collect data from individuals under 16. If you believe a child has provided data, please contact us to delete it.

11) Security

We apply technical and organisational measures to protect your data, including secure hosting, access controls, encryption in transit where appropriate, and least-privilege access. However, no method of transmission or storage is 100% secure.

12) Cookies & similar technologies

We use cookies for functionality, security, and—if you consent—analytics/advertising. See our Cookies Policy for details and how to manage your preferences.

13) Third-party links

Our site may link to other websites. We are not responsible for their privacy practices. Please review their policies.

14) Complaints

If you are unhappy with how we use your data, please contact us first at info@sharafiandco.com, and we’ll do our best to resolve it. You also have the right to complain to the UK Information Commissioner’s Office (ICO): ico.org.uk.

15) Changes to this policy

We may update this policy from time to time to reflect changes in law or our services. We will post the updated version with a new “Last updated” date.

Contact

Sharafi & Co, Unit 9, First Floor, 1 Chandos Road, London NW10 6NF, United Kingdom

Email: info@sharafiandco.com

Please fill out the form below