Privacy Policy

Data Controller: AllHourChic.co.uk

Data Collection Purposes:

Data Category	Processing Purpose	Legal Basis
Identity (name/email)	Account creation; personalised shopping alerts; newsletter delivery (opt-in)	Consent; Contractual
Technical (IP/device ID)	Security monitoring; regional content optimisation; analytics	Legitimate Interest
Cookies	Basket retention; affiliate attribution; UX personalisation	Consent (via banner)
User-generated content	Comment moderation; community engagement	Consent

Third-Party Data Sharing:

Payment Processors: Stripe (PCI-DSS compliant) for premium guides.
Analytics: Self-hosted Plausible.io (EU-based, anonymised tracking).
Marketing: MailerLite (GDPR-compliant, EU servers) for newsletters.
Required Disclosures: Legal authorities under UK Investigatory Powers Act 2016.

Retention Schedule:

Data Type	Retention Period
Account data	3 years post-account deletion
Financial records	7 years (HMRC compliance)
Newsletter contacts	Until withdrawal of consent
Server logs	12 months (rotated deletion)

Security Protocols:

Technical: AES-256 encryption; WAF protection; quarterly pentests.
Organisational: Staff GDPR training; data minimisation principles; breach notification within 72 hours.