Who We Are

We are Atelier Modernista Limited, a company registered in the United Kingdom, operating the online store www.ateliermodernista.com.

We are the data controller for the personal information we collect from customers, visitors, and business partners. We are registered with the Information Commissioner's Office (ICO).

You can contact us at: contact@ateliermodernista.com

What Personal Data We Collect

We collect and process the following categories of data:

• Identity Data: name, billing and shipping address, email address, and phone number
• Transaction Data: order details, payment method, and purchase history
• Technical Data: IP address, browser type, device information, and cookie identifiers
• Marketing Data: communication preferences, reviews, and consent records

When you place an order, your data is processed via our e-commerce platform Shopify, and where relevant, shared to manage supplier relationships.

How We Use Your Data

We use your data to:

• Process and deliver your orders
• Manage payments, returns, and customer service
• Maintain accurate inventory and fulfilment data (via Shopify)
• Send marketing communications where you have given consent (via Klaviyo)
• Comply with legal obligations (accounting, taxation)
• Improve our services and communications

Legal Bases for Processing

Under the UK GDPR, we rely on the following legal bases:

• Contractual necessity: to fulfil and manage your orders
• Legitimate interest: to improve our operations, prevent fraud, and manage supplier relationships
• Consent: for marketing communications and non-essential cookies
• Legal obligation: to maintain tax and accounting records

Cookies

We use cookies and similar tracking technologies on our website. These include:

• Essential cookies: required for the website to function (e.g. shopping basket, login sessions)
• Analytics cookies: used to understand how visitors use our site (e.g. Google Analytics / GA4)
• Marketing cookies: used to deliver relevant advertising and measure campaign performance (e.g. Meta Pixel)

Non-essential cookies (analytics and marketing) are only set with your consent, which you can provide or withdraw via our cookie consent banner. Essential cookies do not require consent as they are strictly necessary for the service you have requested.

Sharing Data with Third Parties

We share data only where necessary, with the following processors:

• Shopify Inc. — e-commerce platform and hosting provider
• Klaviyo Inc. — email marketing and marketing automation
• Payment processors — including Stripe, PayPal, and Shopify Payments
• Shipping carriers — for order fulfilment and delivery
• Google LLC — analytics (GA4) and advertising (Google Ads)
• Meta Platforms, Inc. — advertising and audience analytics (Meta Pixel)
• Professional advisors — accountants and legal representatives

Each third party acts as a data processor and is bound by contractual UK GDPR-compliant obligations, including Data Processing Agreements (DPAs) where required.

International Transfers

Some processors — including Shopify, Klaviyo, Google, and Meta — are based outside the UK. Where personal data is transferred internationally, we rely on one or more of the following safeguards:

• UK adequacy regulations (where the destination country has been deemed adequate by the UK Secretary of State)
• The UK-US Data Bridge, for transfers to US organisations certified under this framework
• UK International Data Transfer Agreements (IDTAs) or the UK Addendum to EU Standard Contractual Clauses (SCCs)

Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects on you, within the meaning of Article 22 of the UK GDPR.

Data Retention

We keep personal data only for as long as necessary to fulfil the purposes described in this policy. For most customer data, this means retaining records for up to six years after your last transaction, to comply with UK tax and accounting obligations. Marketing data is retained until you withdraw consent.

Your Rights Under UK GDPR

You have the right to:

• Access your personal data
• Request correction of inaccurate or incomplete data
• Request erasure of your data (the 'right to be forgotten')
• Restrict or object to processing
• Data portability — to receive your data in a structured, machine-readable format
• Withdraw consent at any time, for marketing communications and non-essential cookies

To exercise any of these rights, contact us at contact@ateliermodernista.com. We will respond within one calendar month.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):

• Website: www.ico.org.uk
• Helpline: 0303 123 1113

Data Security

We use technical and organisational security measures — including encryption, access controls, and secure servers provided by Shopify — to protect your data against unauthorised access, loss, or misuse.

Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in law or our practices. The latest version will always be published on our website, with the 'last updated' date revised accordingly. For material changes, we will notify you by email where we hold your contact details.