Privacy policy

Last updated: March 2026

1. Who We Are

THEO & VICK is an online retailer of handcrafted women's clothing and fashion accessories. This Privacy Policy explains how we collect, use, and protect your personal data when you visit our website or make a purchase from us.

For any privacy-related queries, please contact us at info@theoandvick.co.uk

2. What Data We Collect

When you visit our website or place an order, we may collect the following personal data:

  • Full name
  • Billing and delivery address
  • Email address
  • Phone number
  • Payment information (processed securely via our payment provider — we do not store card details)
  • IP address and browsing behaviour (via cookies)

3. How We Use Your Data

We use your personal data to:

  • Process and fulfil your orders
  • Send order confirmations and shipping updates
  • Respond to your enquiries
  • Improve our website and customer experience
  • Comply with our legal obligations

We will only contact you for marketing purposes if you have given us your explicit consent.

4. Legal Basis for Processing (UK GDPR)

We process your data on the following legal bases:

  • Contract — to fulfil orders you have placed with us
  • Legal obligation — to comply with applicable laws
  • Legitimate interests — to improve our services and prevent fraud
  • Consent — for marketing communications (where applicable)

5. Sharing Your Data

We do not sell or rent your personal data. We may share it with trusted third parties solely to operate our business, including:

  • Shopify (our e-commerce platform)
  • Payment processors (e.g. Shopify Payments, PayPal)
  • Royal Mail

All third parties are required to handle your data securely and in accordance with UK GDPR.

6. Cookies

Our website uses cookies to enhance your browsing experience and analyse site traffic. You can manage your cookie preferences via your browser settings. By continuing to use our site, you consent to our use of cookies.

7. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes outlined in this policy, or as required by law (typically 6 years for financial records).

8. Your Rights

Under UK GDPR, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to or restrict how we process your data
  • Withdraw consent at any time (where processing is based on consent)

To exercise any of these rights, please contact us at info@theoandvick.co.uk . You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

9. Data Security

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse. All transactions are encrypted using SSL technology.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated date. We encourage you to review this policy periodically.

11. Contact Us

For any questions or concerns about your privacy, please contact us at info@theoandvick.co.uk or via our website contact form.