Last updated: 7 October 2025
Sharafi & Co (a partnership between Nafiseh Siami and Mehdi Sharafi)
Address: Unit 9, First Floor, 1 Chandos Road, London NW10 6NF, United Kingdom
Email: info@sharafiandco.com
VAT: GB 495 1840 20
We are the data controller for the personal data we collect and process via our website, store, and customer support channels.
This policy explains what personal data we collect, why we collect it, how we use it, who we share it with, how long we keep it, and your rights. It applies to:
Website visitors, customers, and account holders
Newsletter subscribers and enquiries
Suppliers and business contacts
For information about cookies, see our Cookies Policy.
A) Data you provide directly
Contact details (name, email, phone, billing/shipping addresses)
Order details (products, payment method, delivery preferences)
Account details (username, password)
Communications (emails, forms, phone calls, messages)
Marketing preferences (newsletter opt-in/consent choices)
B) Data we collect automatically
Device and usage data (IP address, browser, pages viewed, timestamps)
Session data required for cart/checkout functionality
Cookies and similar technologies (see Cookies Policy)
C) Data from third parties
Payment and fraud-prevention data from PayPal
Delivery updates from carriers/couriers
Analytics data from providers (if enabled, e.g., GA4)
Security/performance data from our CDN/WAF (e.g., Cloudflare)
We do not intentionally collect special category data (e.g., health, ethnicity) or criminal offence data.
| Purpose | Examples | Lawful Basis |
|---|---|---|
| Fulfilling orders & customer service | Process payments, deliver items, returns/refunds, support | Contract (Article 6(1)(b)); Legal obligation (tax/records) |
| Operating our website & security | Cart/checkout, authentication, fraud prevention, and uptime | Legitimate interests (functioning, secure site) |
| Communications | Order confirmations, service messages, and responding to enquiries | Contract / Legitimate interests |
| Analytics & improvements | Measure site performance, diagnose issues | Consent (where required) / Legitimate interests (aggregated, low-risk) |
| Marketing | Newsletters, offers, remarketing (if enabled) | Consent (opt-in); you can withdraw anytime |
| Legal & compliance | HMRC/record-keeping, responding to lawful requests | Legal obligation / Legitimate interests |
We share only what’s necessary with:
Payment processors: PayPal (payments, fraud prevention)
Carriers/couriers: for delivery and returns
Hosting & infrastructure: web host, backup providers, CDN/WAF (e.g., Cloudflare)
Analytics/marketing tools (if enabled): e.g., Google Analytics, email service provider
Professional advisors: accountants, auditors, legal counsel
Regulators/law enforcement: where required by law
All providers are bound by contracts that restrict their use of your data to the services they perform for us.
Some providers may process data outside the UK/EEA. Where this happens, we use appropriate safeguards (e.g., ICO-approved International Data Transfer Addendum, Standard Contractual Clauses, and—where applicable—provider certifications and technical measures).
We keep data only as long as needed for the purposes above:
Orders, invoices, and tax records: 6 years (UK statutory guidance)
Customer service communications: typically up to 24 months
Accounts: for as long as the account is active (or 12 months after inactivity, unless legal retention applies)
Marketing: until you unsubscribe or withdraw consent
Cookies/analytics: per the durations listed in our Cookies Policy
We securely delete/anonymise data once retention periods expire.
You have the right to:
Access your personal data
Rectify inaccurate or incomplete data
Erase data (“right to be forgotten”) where applicable
Restrict processing in certain circumstances
Object to processing based on legitimate interests or direct marketing
Data portability (to receive data in a structured, commonly used format)
Withdraw consent at any time (for activities based on consent)
To exercise any rights, email info@sharafiandco.com. We may need to verify your identity. We aim to respond within 30 days.
We only send email marketing with your opt-in consent. You can unsubscribe via any marketing email or by contacting us. Service emails (e.g., order updates) are not marketing and will still be sent.
Our website and products are not directed to children, and we do not knowingly collect data from individuals under 16. If you believe a child has provided data, please contact us to delete it.
We apply technical and organisational measures to protect your data, including secure hosting, access controls, encryption in transit where appropriate, and least-privilege access. However, no method of transmission or storage is 100% secure.
We use cookies for functionality, security, and—if you consent—analytics/advertising. See our Cookies Policy for details and how to manage your preferences.
Our site may link to other websites. We are not responsible for their privacy practices. Please review their policies.
If you are unhappy with how we use your data, please contact us first at info@sharafiandco.com, and we’ll do our best to resolve it. You also have the right to complain to the UK Information Commissioner’s Office (ICO): ico.org.uk.
We may update this policy from time to time to reflect changes in law or our services. We will post the updated version with a new “Last updated” date.
Sharafi & Co, Unit 9, First Floor, 1 Chandos Road, London NW10 6NF, United Kingdom
Email: info@sharafiandco.com