privacy policy : XOXO Online is committed to complying with the General Data Protection Regulation (GDPR) 2018 and the Data Protection Act 2018 (UK).
Your privacy is important to us. This policy explains how we collect, use, and share your personal data when you visit or make a purchase from https://xoxoonline.co.uk (the “Site”). We encourage you to read this policy carefully and contact us if you have any queries.

 

PERSONAL INFORMATION WE COLLECT

 

When you visit our Site, we automatically collect certain information about your device, including details about your web browser, IP address, time zone, and installed cookies. Additionally, as you browse the Site, we collect information about the individual web pages or products you view, what websites or search terms referred you, and how you interact with the Site. This automatically-collected information is referred to as “Device Information.”

 

We collect Device Information using the following technologies:

 

 

    • Cookies: Data files placed on your device or computer that often include an anonymous unique identifier. You can learn more about cookies and how to disable them at allaboutcookies.org.

 

    • Log files: These track actions on the Site and collect data including your IP address, browser type, internet service provider, referring/exit pages, and date/time stamps.

 

    • Web beacons, tags, and pixels: These are electronic files used to record information about how you browse the Site.

 

 

Additionally, when you make a purchase or attempt to make a purchase through the Site, we collect information including your name, billing address, shipping address, payment details (including credit or debit card information), email address, and phone number. This is referred to as “Order Information.”

 

When we talk about “Personal Information” in this Privacy Policy, we are referring to both Device Information and Order Information.

 

INFORMATION WE COLLECT FROM OTHER SOURCES

 

If you request age-restricted products or services, we collect data through the AgeChecker plugin to verify your age. This is required by UK law to ensure that you meet the minimum age for purchasing restricted items. AgeChecker collects information such as your name, address, and date of birth, and records successful verification so you won’t need to go through the process again. Learn more about AgeChecker’s privacy policy on their website.

 

HOW DO WE USE YOUR PERSONAL INFORMATION?

 

We use the Order Information to:

 

 

    • Fulfill your orders (including processing your payment, arranging shipping, and providing invoices and/or order confirmations).

 

    • Communicate with you.

 

    • Screen orders for potential risks or fraud.

 

    • Provide you with marketing or product information based on your preferences.

 

 

We use Device Information to:

 

 

    • Screen for potential risks and fraud, particularly through IP address tracking.

 

    • Improve and optimize our Site (for example, by generating analytics on how users interact with the Site and to measure the success of marketing campaigns).

 

 

WHO WE SHARE YOUR PERSONAL INFORMATION WITH

 

We share your Personal Information with selected third parties to help us provide services, including:

 

 

    • WooCommerce, which powers our online store. You can learn more about how WooCommerce processes your data here.

 

    • AgeChecker, for age verification purposes, collects data such as your name, address, and date of birth. In case of a failed check, they may request additional documents like a passport or driving license.

 

    • Google Analytics helps us understand how customers use our Site. You can read more about how Google processes your data here. You can also opt-out of Google Analytics here.

 

 

We may also share your Personal Information to comply with applicable UK and EU laws, regulations, or legal requests such as a subpoena, search warrant, or legal processes, or to protect our legal rights.

 

LEGAL BASIS FOR PROCESSING YOUR INFORMATION

 

For customers based in the UK and European Economic Area (EEA), we process your personal data in accordance with the GDPR on the following legal bases:

 

 

    • Consent: When you provide your data voluntarily (for example, subscribing to marketing communications).

 

    • Contractual necessity: When processing your information is necessary to fulfill a contract with you (e.g., processing payments and orders).

 

    • Legal obligation: When processing is required to comply with legal obligations (e.g., tax and accounting purposes).

 

    • Legitimate interests: For improving services, preventing fraud, and ensuring website security.

 

 

DO NOT TRACK

 

Please note that we do not alter our Site’s data collection practices when we detect a Do Not Track signal from your browser.

 

YOUR RIGHTS

 

As a UK or European resident, you have the following rights under the GDPR:

 

 

    • Right of access: You can request a copy of the personal data we hold about you.

 

    • Right to rectification: You can request that any incorrect or incomplete data about you be updated.

 

    • Right to erasure: You can request the deletion of your personal data (subject to legal or legitimate processing reasons).

 

    • Right to restrict processing: You can ask us to stop using your data, but keep it for legal reasons.

 

    • Right to data portability: You can request that we transfer your personal data to another data controller.

 

    • Right to object: You can object to how we use your personal data in certain cases, such as direct marketing.

 

 

To exercise any of these rights, please contact us using the details provided below. If you are unhappy with how we handle your data, you also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) in the UK or with the relevant data protection authority in your EEA country.

 

DATA RETENTION

 

We retain your Order Information for as long as necessary to fulfill the purposes outlined in this policy unless and until you request its deletion, or where required by law (e.g., tax reporting).

 

AGE RESTRICTIONS

 

The Site is not intended for individuals under the age of 18. We verify the age of customers for age-restricted products using the AgeChecker plugin.

 

CHANGES TO THIS POLICY

 

We may update this privacy policy from time to time in accordance with UK or EU law, or to reflect changes in our practices. Updates will be posted on this page, and we encourage you to review it periodically.

 

CONTACT US

 

For more information about our privacy practices or if you have any questions or complaints, please contact us by email at sales@xoxobeverages.co.uk or by mail at the address below: