Zásady ochrany osobních údajů

This Privacy Policy explains how Wild Rose (operated by AMScale LLC) collects, uses, and protects your personal data when you visit www.bywildrose.com or make a purchase from our online store.

We process your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 for customers in the United Kingdom, and the EU General Data Protection Regulation (EU GDPR) for customers in the European Union.

1. Data Controller

The data controller responsible for your personal data is:

AMScale LLC, trading as Wild Rose
15442 Venture Blvd STE 2011706
Sherman Oaks, CA 91403
United States

Email: hello@bywildrose.com
Telephone: +447916694437
Website: www.bywildrose.com

2. EU and UK Representatives

As we are established outside the European Union and the United Kingdom but offer goods to data subjects in those territories, we have appointed representatives in accordance with Article 27 of the EU and UK GDPR. Their contact details are available on request by emailing hello@bywildrose.com.

3. What Personal Data We Collect

We collect and process the following categories of personal data:

• Identity data: name, email address, phone number (optional)
• Contact data: billing address, delivery address, country
• Order data: products purchased, order history, preferences
• Payment data: payment method used (full card details are processed by our payment providers and not stored by us)
• Technical data: IP address (anonymised where possible), browser type, operating system, device information, referring URL
• Usage data: pages visited, time spent on the site, interactions with our content
• Marketing data: communication preferences and consent status
• Customer service data: contents of communications with our support team

4. How We Collect Your Data

We collect personal data:

• Directly from you (when you create an account, place an order, contact us, or sign up for our newsletter)
• Automatically through cookies and similar technologies (where consent has been given for non-essential cookies)
• From third parties (e.g., payment providers, shipping carriers, social media platforms if you engage with our content there)

5. Purposes and Legal Basis for Processing

We process your personal data for the following purposes, on the following legal bases under Article 6 of the UK/EU GDPR:

• To process and fulfil your orders — performance of a contract (Art. 6(1)(b))
• To provide customer support — performance of a contract (Art. 6(1)(b))
• To send transactional emails (order confirmation, shipping updates) — performance of a contract (Art. 6(1)(b))
• To send marketing communications (newsletter, promotional emails) — consent (Art. 6(1)(a))
• To improve our website and services — legitimate interest (Art. 6(1)(f))
• To prevent fraud and ensure security — legitimate interest (Art. 6(1)(f))
• To comply with legal obligations (tax, accounting, regulatory) — legal obligation (Art. 6(1)(c))
• To handle returns, refunds, and disputes — performance of a contract (Art. 6(1)(b)) and legitimate interest (Art. 6(1)(f))

You may withdraw your consent at any time where processing is based on consent (e.g., marketing emails). Withdrawal does not affect the lawfulness of processing prior to withdrawal.

6. Recipients and Sub-Processors

We share your personal data only with the following categories of recipients, under appropriate data processing agreements:

• E-commerce platform: Shopify International Ltd. (Ireland) — www.shopify.com/legal/privacy
• Payment processors: Shopify Payments, PayPal — for payment processing
• Shipping partners: our fulfilment warehouse and international shipping carriers (such as Royal Mail, DPD, La Poste, DHL, PostNL) for order delivery
• Email marketing: Klaviyo (USA) — if you have consented to receive marketing
• Customer service: Gorgias (USA) — to handle your support requests
• Email infrastructure: Microsoft 365 — for our email communications
• Fraud and chargeback prevention: Disputifier — to manage payment disputes
• Analytics: Shopify Analytics, Google Analytics (only with consent)
• Marketing platforms: Meta (Facebook/Instagram), Google Ads, Pinterest (only with consent)

We do not sell your personal data to third parties.

7. International Data Transfers

Some of our service providers and our fulfilment partner are located outside the UK and EU. Your data may be transferred to:

• United States: Shopify, Klaviyo, Gorgias, Disputifier, Google, Meta, AMScale LLC (our parent company)
• China: our fulfilment warehouse for international order processing

For transfers to countries that do not have an adequacy decision from the UK ICO or European Commission, we rely on:

• EU Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum (IDTA)
• Supplementary measures where required following the Schrems II ruling
• Adequacy decisions where applicable (including the EU-US Data Privacy Framework where the recipient is certified)

You may request a copy of the relevant transfer mechanisms by emailing hello@bywildrose.com.

8. Data Retention

We retain your personal data only for as long as necessary:

• Customer account data: until you request deletion, or after 3 years of inactivity
• Order and transaction data: 7 years from the date of purchase (legal obligation for tax and accounting purposes)
• Customer service data: 3 years from the last interaction
• Marketing data: until you withdraw consent, plus a suppression record to ensure you do not receive further communications
• Technical and usage data: maximum 14 months for anonymised analytics
• Cookies: as set out in our Cookie Policy and the lifespan declared in the cookie banner

9. Your Rights Under UK and EU GDPR

You have the following rights regarding your personal data:

• Right of access (Art. 15): request a copy of the personal data we hold about you
• Right to rectification (Art. 16): correct inaccurate or incomplete data
• Right to erasure / right to be forgotten (Art. 17): request deletion of your data, subject to legal retention obligations
• Right to restriction of processing (Art. 18): limit how we use your data in certain circumstances
• Right to data portability (Art. 20): receive your data in a structured, commonly used, machine-readable format
• Right to object (Art. 21): object to processing based on legitimate interest or for direct marketing
• Right to withdraw consent (Art. 7(3)): withdraw consent at any time where processing is based on consent
• Right not to be subject to automated decision-making (Art. 22): we do not engage in automated decision-making that produces legal effects concerning you

10. How to Exercise Your Rights

To exercise any of your rights, please contact us at:

• Email: hello@bywildrose.com
• Post: AMScale LLC, 15442 Venture Blvd STE 2011706, Sherman Oaks, CA 91403, United States

We will respond within one month of receipt of your request, in accordance with UK and EU GDPR. This period may be extended by two further months for complex or numerous requests, in which case we will inform you within the first month.

There is no fee for exercising your rights, unless requests are manifestly unfounded or excessive.

11. Right to Lodge a Complaint

If you believe we have not handled your personal data in accordance with the law, you have the right to lodge a complaint with a supervisory authority:

• United Kingdom: Information Commissioner's Office (ICO) — www.ico.org.uk
• European Union: your local data protection authority. A list of EU supervisory authorities is available at edpb.europa.eu/about-edpb/about-edpb/members_en

Commonly relevant authorities for our customers:

• Belgium: Gegevensbeschermingsautoriteit (GBA) — www.gegevensbeschermingsautoriteit.be
• Netherlands: Autoriteit Persoonsgegevens (AP) — www.autoriteitpersoonsgegevens.nl
• France: Commission Nationale de l'Informatique et des Libertés (CNIL) — www.cnil.fr
• Germany: Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI) — www.bfdi.bund.de
• Ireland: Data Protection Commission (DPC) — www.dataprotection.ie

12. Cookies and Tracking Technologies

Our website uses cookies and similar technologies. Strictly necessary cookies (e.g., for cart and checkout functions) do not require your consent. All other cookies (analytics and marketing) are only set with your prior consent under UK PECR and the EU e-Privacy Directive.

You can manage your cookie preferences at any time via the cookie banner on our website. Detailed information about the cookies we use is available in our Cookie Policy.

13. Security

We implement appropriate technical and organisational measures to protect your personal data, including:

• Encrypted transmission (SSL/TLS)
• Secure payment processing via PCI-DSS compliant providers
• Access controls limiting who can view your data
• Regular security reviews and updates

While we take all reasonable steps to protect your data, no transmission over the Internet is 100% secure. Please contact us immediately if you suspect any unauthorised access to your account.

14. Children's Data

Our products are intended for adult customers. We do not knowingly collect personal data from children under 16 (or under the applicable age of digital consent in your country). If you believe we have inadvertently collected such data, please contact us so we can delete it.

15. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent revision. Material changes will be communicated to registered customers by email and posted prominently on our website.

16. Contact Us

For any privacy-related questions or requests:

Wild Rose — AMScale LLC
Email: hello@bywildrose.com
Telephone: +447916694437
Support hours: Monday – Friday, 9:00 AM – 5:00 PM (GMT)

Business Address:
15442 Venture Blvd STE 2011706
Sherman Oaks, CA 91403
United States