Privacy Policy

At Lavish Fashion Boutique, we are committed to protecting your privacy and handling your personal data in a lawful, fair, and transparent manner.

This Privacy Policy explains how we collect, use, store, disclose, and protect your personal data when you visit https://lavishfashionboutique.com, create an account, place an order, contact us, subscribe to marketing communications, or otherwise interact with our website and services.

This policy is designed to reflect the requirements of the General Data Protection Regulation (GDPR) and applicable data protection rules.

1. Who We Are

For the purposes of applicable data protection law, the data controller is:

Lavish Fashion Boutique
Website: https://lavishfashionboutique.com
Email: [email protected]
Phone: +351 928 264 080
Location: Lisboa, Portugal

If you have any questions about this Privacy Policy or about how your personal data is processed, you may contact us using the details above.

2. What Personal Data We Collect

We may collect and process the following categories of personal data:

a) Identity and contact data

  • full name
  • billing address
  • shipping address
  • email address
  • phone number

b) Order and transaction data

  • products purchased
  • order history
  • delivery information
  • payment status
  • refund and return information

c) Account data

  • login credentials
  • account preferences
  • saved addresses
  • account activity

d) Communications data

  • emails or messages sent to us
  • customer support requests
  • complaints and follow-up communications

e) Technical and usage data

  • IP address
  • browser type
  • device information
  • time zone or language settings
  • website usage data
  • referring website or source
  • browsing interactions on the site

f) Marketing and preference data

  • newsletter subscription status
  • communication preferences
  • interaction with promotional emails or advertising, where applicable

3. How We Collect Your Data

We collect personal data:

  • directly from you when you place an order, create an account, subscribe, or contact us
  • automatically through cookies and similar technologies when you use the website
  • from service providers involved in payment, shipping, analytics, security, or website operations
  • from login or integration tools, where you choose to use them

4. Why We Use Your Data

We may use your personal data to:

  • process and manage orders
  • arrange shipping and delivery
  • manage payments, refunds, and returns
  • provide customer support
  • communicate with you about your order or account
  • maintain and improve our website and services
  • prevent fraud and protect website security
  • comply with legal, accounting, and tax obligations
  • send marketing communications where legally permitted or where you have consented

The GDPR requires personal data to be collected for specified and legitimate purposes and processed lawfully.

5. Legal Bases for Processing

Depending on the purpose, we rely on one or more of the following legal bases under the GDPR:

a) Performance of a contract

We process your data where necessary to:

  • take steps before entering into a contract
  • process your order
  • provide delivery
  • handle returns, refunds, and customer support

b) Compliance with legal obligations

We may process data where necessary to comply with legal obligations such as tax, accounting, consumer law, fraud prevention, or lawful requests from authorities.

c) Legitimate interests

We may process data where necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms. This may include:

  • fraud prevention
  • website administration
  • customer service management
  • internal business analysis
  • service improvement
  • website and network security

d) Consent

Where required, we rely on your consent, for example for:

  • certain marketing communications
  • certain cookies and similar technologies
  • some optional integrations or login tools

You may withdraw consent at any time. The GDPR provides consent as one lawful basis, alongside contract, legal obligation, and legitimate interests.

6. Sharing of Personal Data

We do not sell your personal data.

We may share personal data with trusted third parties where necessary for the purposes described in this policy, including:

  • payment processors
  • website and hosting providers
  • shipping, logistics, and fulfillment partners
  • analytics providers
  • customer support tools
  • email and marketing service providers
  • fraud prevention and security providers
  • accountants, legal advisers, or other professional advisers
  • public authorities where required by law

Because your store uses order fulfillment and delivery partners, certain customer details may need to be shared for shipping and logistics purposes.

7. International Transfers

Some service providers may process personal data outside the European Economic Area.

Where that occurs, we aim to ensure appropriate safeguards are in place, such as recognized transfer mechanisms under applicable data protection law. The European Commission explains that EU data protection rules include safeguards for transfers outside the EU, including adequacy decisions and standard contractual clauses.

8. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, including to provide services, comply with legal obligations, resolve disputes, and protect our legitimate interests.

The GDPR’s storage limitation principle requires that personal data not be kept longer than necessary.

For more information, please see our Data Retention Policy.

9. Security

We implement reasonable technical and organizational measures to protect personal data against unauthorized access, disclosure, alteration, loss, or destruction.

The GDPR requires controllers and processors to implement security measures appropriate to the risk.

However, no method of transmission over the internet or method of electronic storage is completely secure.

10. Your Rights

Under the GDPR, you may have the right to:

  • access your personal data
  • correct inaccurate or incomplete data
  • request erasure
  • request restriction of processing
  • object to certain processing
  • request portability of your data, where applicable
  • withdraw consent where processing is based on consent
  • lodge a complaint with a supervisory authority

The European Commission’s guidance for individuals summarizes these GDPR rights.

To exercise your rights, please contact us at:

[email protected]

11. Complaints

If you believe your personal data has been processed unlawfully, you may lodge a complaint with the competent supervisory authority.

In Portugal, this is the CNPD – Comissão Nacional de Proteção de Dados.

12. Third-Party Links

Our website may include links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to read their privacy policies separately.

13. Children’s Data

Our website is not intended for children, and we do not knowingly collect personal data from children in violation of applicable law.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect legal, technical, or operational changes. The latest version will always be published on this page.

15. Contact

For privacy-related questions or requests, please contact:

Lavish Fashion Boutique
Email: [email protected]
Website: https://lavishfashionboutique.com