Cart 0

Privacy Policy

Rangoli Online — Privacy Policy (UK)

This Privacy Policy explains how we collect, use, share and protect your personal data when you visit our website, make a purchase, contact us or interact with our services. It applies to www.rangolionline.co.uk and related subdomains (the “Site”).

1) Who we are

Controller: Rangoli Online (Rangoli Ltd)

Registered office: 39 Alum Rock Road, Birmingham, B8 1LR

Company number: 05379135

Contact for privacy matters: rangolionlinejewellery@gmail.com

We are the data controller responsible for your personal data under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2) The data we collect

We collect and process the following categories of personal data:

• Identity and contact data: name, billing and delivery addresses, email, phone number, account details.

• Order and transaction data: items purchased, pricing, payment method token (handled by our payment provider), order notes.

• Account data: login credentials, saved addresses, preferences, wishlists.

• Device and usage data: IP address, device type, browser, pages viewed, referring/exit pages, general location, session data, Site search queries.

• Communications data: messages sent to customer service, WhatsApp chats (if used), survey responses, support tickets.

• Marketing data: your newsletter preferences, campaign engagement and unsubscribe choices.

• Reviews and user content: product reviews, photos or videos you choose to upload or tag us in.

• Returns, fraud-prevention and security data: return history, reasons for return, images supplied to evidence damage, identifiers used for fraud screening (for example, device, IP and email risk signals).

3) How we collect your data

• Direct interactions: when you create an account, place an order, contact us, subscribe to emails or post a review.

• Automated technologies: cookies and similar tools collect device/usage data when you use the Site.

• Third parties: payment providers (e.g. Stripe/PayPal), analytics and ad partners, social networks (if you use social sign-in or interact with our ads), delivery and fulfilment partners.

4) Purposes and lawful bases

We use your data for the purposes below and only where we have a lawful basis:

• To provide the Site, take and fulfil orders, deliver products and manage payments. Lawful basis: performance of contract; legal obligation (tax and accounting).

• To manage your account, provide customer service and handle queries, returns and refunds. Lawful basis: performance of contract; legitimate interests (efficient service).

• To prevent and detect fraud, abusive returns and misuse of our services, and to protect our customers and business. Lawful basis: legitimate interests (fraud prevention and network security); legal obligation where we report suspected crime.

• To send service communications, such as order confirmations, dispatch updates and policy notices. Lawful basis: performance of contract; legitimate interests (service continuity).

• To send marketing communications where you consent or where permitted under the ‘soft opt‑in’ for existing customers. Lawful basis: consent or legitimate interests (grow our business). You can opt out at any time.

• To improve the Site, products and customer experience, including analytics and A/B testing. Lawful basis: legitimate interests (run and develop our business).

• To comply with legal and regulatory requirements (for example, tax, accounting and consumer protection). Lawful basis: legal obligation.

5) Cookies and similar technologies

We use cookies and similar technologies to run the Site, keep you signed in, remember your basket, understand performance and show relevant marketing. Non‑essential cookies (for analytics and advertising) are used only with your consent in accordance with PECR. You can change your preferences at any time via the cookie settings on the Site. For details, see our Cookie Policy.

6) Who we share your data with

We share personal data with trusted service providers who help us operate our business, such as:

• Payment processors and fraud‑screening providers (for example, Stripe, PayPal). We do not receive or store full card numbers.

• Ecommerce platform, hosting and IT support providers.

• Fulfilment and delivery partners (for example, Royal Mail, DPD).

• Email, SMS and customer support platforms (for example, email service provider and helpdesk tools).

• Analytics, advertising and social media partners (only where cookies/consent allow).

• Professional advisers and regulators, and law enforcement where required or permitted by law.

We require service providers to keep your data secure, use it only according to our instructions and applicable law, and delete it when no longer needed.

7) International transfers

Some providers may process data outside the UK. Where that happens, we use appropriate safeguards such as adequacy regulations (for example, EU/EEA) or the UK International Data Transfer Agreement/UK Addendum to the EU Standard Contractual Clauses.

8) Data security

We use technical and organisational measures appropriate to the risk, including secure transport (HTTPS), access controls, account authentication, least‑privilege access for staff and vendors, and staff training. No method of transmission or storage is completely secure; please use a strong password and keep it confidential.

9) Data retention

We keep personal data only as long as necessary for the purposes collected, including to satisfy legal, accounting or reporting requirements:

• Orders and invoices: 6 years from the end of the financial year in which the transaction occurred (HMRC).

• Customer service records: up to 3 years after resolution.

• Accounts: 24 months from last activity, unless you ask us to delete earlier or we must retain for legal reasons.

• Marketing preferences: until you unsubscribe or your account is inactive for 24 months.

• Fraud‑prevention records: up to 5 years where needed to establish, exercise or defend legal claims.

• Website analytics: per-cookie lifespan, typically 13–26 months depending on your settings.

10) Your rights

You have rights under UK data protection law, including to:

• Access a copy of your personal data;

• Correct inaccurate or incomplete data;

• Delete your data in certain circumstances;

• Restrict or object to processing, including for direct marketing;

• Data portability in certain circumstances;

• Withdraw consent where processing is based on consent (this does not affect past processing);

• Complain to the Information Commissioner’s Office (ICO).

To exercise your rights, email rangolionlinejewellery@gmail.com. We may ask for reasonable information to verify your identity. We aim to respond within one month.

11) Children

The Site is not intended for children. We do not knowingly collect data relating to children. If you believe a child has provided us with personal data, please contact us so we can delete it.

12) CCTV in our stores

If you visit our physical stores, CCTV may operate for security and safety. Images are retained for a short period unless required for investigation. Please contact us for store‑specific details.

13) Changes to this policy

We may update this Privacy Policy to reflect changes to our practices, technology or legal requirements. We will post the updated version on the Site with a new ‘Last updated’ date.

14) How to contact us

If you have questions about this policy or your data, contact us at rangolionlinejewellery@gmail.com or write to: Privacy, Rangoli Ltd, 39 Alum Rock Road, Birmingham, B8 1LR.