Privacy policy

VIGATOUR LIMITED — PRIVACY POLICY

Effective Date: 02 January 2026
Last Updated: 30 December 2025

We believe privacy is a right, not a privilege. This policy explains what we collect, why we collect it and what control you have. We've written it in plain language because opacity isn't premium — clarity is.

1) Who We Are

Business Name: Vigatour Limited
Registered in: England and Wales
Company Number: 15833750
Email: hello@vigatour.co.uk

We're the data controller for your personal information. That means we're responsible for how it's used and protected.

2) What We Collect & Why

We only collect what we need to run the business properly and serve you well. Here's what that means in practice:

When you browse our site:

  • Device & usage data (IP address, browser type, pages visited, time spent)
  • Why: To understand how people use the site, fix technical issues, and prevent fraud
  • Legal basis: Legitimate business interests (keeping the site secure and functional)

When you create an account or place an order:

  • Contact details (name, email, phone number, delivery address, billing address)
  • Why: To process your order, send updates, and contact you if there's an issue
  • Legal basis: Contract performance (we need this to fulfill your order)

When you make a payment:

  • Payment information (card details, transaction data)
  • Why: To process payment securely
  • Who handles it: Shopify Payments and their payment processors (we don't store full card details on our servers)
  • Legal basis: Contract performance

When you contact us:

  • Communication content (emails, messages, support tickets)
  • Why: To respond to your inquiry and improve customer service
  • Legal basis: Legitimate interests (providing support) or contract performance

When you opt in to marketing:

  • Email address and preferences
  • Why: To send you updates about new collections, restocks, or brand news
  • Legal basis: Your explicit consent (you can withdraw anytime)

3) What We Don't Do

Let's be clear about what we won't do with your data:

  • We don't sell your personal information. Not to data brokers, not to advertisers, not to anyone. Your data isn't a revenue stream.
  • We don't spam you. If you opt in to emails, you'll hear from us when there's something worth saying — not daily noise.
  • We don't track you across the internet for ad retargeting unless you've explicitly consented to cookies that enable this (and you can opt out).
  • We don't use dark patterns. Unsubscribing is one click. Deleting your account is straightforward. No hoops.

4) Who We Share Data With (And Why)

We share your information only when necessary to operate the business:

Shopify (our platform provider):

  • Hosts our store, processes payments, and enables core functionality
  • Subject to Shopify's Privacy Policy
  • Servers may be located outside the UK/EEA (protected by Standard Contractual Clauses)

Production and fulfillment partners:

  • Receive order details (name, address, product specifications) necessary to produce and ship your items
  • We only share what's needed to fulfill your order
  • All partners are contractually bound to protect your data

Shipping carriers:

  • Receive delivery address and contact details to ship your order

Payment processors:

  • Handle payment securely (Shopify Payments and associated providers)
  • We don't store full card details

Email service providers:

  • Send order confirmations, shipping updates, and marketing emails (if you've opted in)

Analytics tools (if used):

  • Help us understand site traffic and improve user experience
  • You can opt out via browser settings or cookie preferences

Legal/regulatory authorities:

  • Only if required by law (e.g., court order, tax compliance, fraud investigation)

We do not share your data with third-party advertisers or data brokers.

5) Cookies & Tracking

We use cookies to make the site work and improve your experience. Here's what that means:

Essential cookies:

  • Required for the site to function (e.g., shopping cart, checkout, security)
  • You can't opt out of these without breaking core functionality

Analytics cookies:

  • Help us understand how people use the site (e.g., which pages are popular, where people drop off)
  • You can opt out via cookie settings or browser preferences

Marketing cookies (if applicable):

  • Used for retargeting ads or personalized recommendations
  • Requires your consent — you can opt out anytime

You can manage cookie preferences through your browser settings or our cookie banner (if implemented).

6) How Long We Keep Your Data

We don't hoard data. Here's our retention approach:

  • Order data: Kept for 7 years (UK tax/accounting requirements)
  • Account data: Kept until you delete your account (or request deletion)
  • Marketing data: Kept until you unsubscribe or request deletion
  • Support communications: Kept for 2 years (to resolve disputes or improve service)
  • Analytics data: Aggregated/anonymized after 26 months (can't identify you)

If you request deletion, we'll remove your data within 30 days (except where we're legally required to retain it, e.g., tax records).

7) Your Rights (And How to Use Them)

Under UK GDPR and the Data Protection Act 2018, you have the following rights:

Right to access:

  • Request a copy of the personal data we hold about you
  • Email hello@vigatour.co.uk with "Data Access Request" in the subject line

Right to correction:

  • Ask us to fix inaccurate or incomplete data
  • You can update most details in your account settings, or email us

Right to deletion ("right to be forgotten"):

  • Request deletion of your data (subject to legal retention requirements)
  • Email hello@vigatour.co.uk with "Delete My Data" in the subject line

Right to restrict processing:

  • Ask us to pause processing your data in certain circumstances
  • Email us to discuss

Right to data portability:

  • Request your data in a machine-readable format (e.g., CSV, JSON)
  • Email hello@vigatour.co.uk

Right to object:

  • Object to processing based on legitimate interests (e.g., marketing)
  • Use the "unsubscribe" link in emails, or email us

Right to withdraw consent:

  • If we're processing data based on your consent (e.g., marketing emails), you can withdraw it anytime
  • No penalties, no friction

Right to complain:

  • If you're unhappy with how we've handled your data, contact the Information Commissioner's Office (ICO): ico.org.uk or call 0303 123 1113

8) Security

We take security seriously:

  • Encryption: Payment data is encrypted via SSL/TLS
  • Access controls: Only authorized personnel can access personal data
  • Shopify's infrastructure: Benefits from enterprise-grade security (ISO 27001 certified, PCI DSS compliant)
  • No perfect security: We can't guarantee 100% security (no one can), but we use industry-standard practices

If there's a data breach that affects you, we'll notify you and the ICO within 72 hours (as required by law).

9) Children's Privacy

Our site isn't intended for children under 18. We don't knowingly collect data from minors. If you're a parent/guardian and believe your child has provided us with personal information, contact us immediately and we'll delete it.

10) International Transfers

Some of our service providers may process data outside the UK/EEA. When this happens:

  • We use Standard Contractual Clauses (approved by the UK ICO and EU Commission) to ensure your data is protected
  • Or we transfer to countries with adequacy decisions (deemed to have equivalent data protection laws)

11) Changes to This Policy

We may update this policy to reflect legal changes, new features, or improved practices. When we do:

  • We'll update the "Last Updated" date at the top
  • If changes are significant, we'll notify you via email or a site banner
  • Continued use of the site after changes means you accept the updated policy

12) Contact & Questions

If you have any questions, concerns, would like to make a formal data protection inquiry or want to exercise your rights:

Email: hello@vigatour.co.uk
Subject line: "Privacy Inquiry" (helps us route it faster)
Response time: We aim to respond within 2 business days

Our Commitment

Privacy isn't a legal checkbox for us — it's part of the brand's integrity. We don't monetize your data. We don't play games with consent. We don't make it hard to leave.

You're here because you trust us with your time, your money, and your information. We don't take that lightly.

If we ever fall short of this standard, tell us. We'll fix it.