Privacy Policy

We collect the minimum amount of information needed to sell you sunglasses and get them to your door. We don't sell your data, we don't share it for advertising in ways that aren't standard for an online store, and we don't email you more than necessary. This page explains exactly what we collect, why, and what you can do about it.

Who we are

Sefa Studios Ltd ("we", "us") is the data controller for any personal information you give us through this site. We're registered in the state of Delaware as Tutto Lusso LLC. You can reach us at contact@sefastudios.com.

What we collect, and why

When you place an order: your name, billing and shipping address, email address, phone number, and payment details. We need these to take the order, process payment, and ship the pair to you. Payment card details are handled by Stripe / Paypal. We never see or store your full card number.

When you join our waitlist or newsletter: your email address, and optionally your name. We use this to email you about drops, launches, and the occasional brand update, never more than once a week, usually less.

When you browse the site: standard analytics data (pages visited, time on site, device type, rough location at city level). This helps us understand what's working on the site and what isn't. We don't see your name attached to this, it's aggregate.

When you contact us: whatever you put in the email. We keep correspondence so we can refer back to it if you contact us again.

Lawful basis for processing

Under UK GDPR, we rely on:

Contract — to fulfil orders you've placed

Legitimate interest — for analytics, fraud prevention, and improving the site

Consent — for marketing emails and non-essential cookies (you can withdraw this any time)

How long we keep it

Order data: seven years, because UK tax law requires us to keep transaction records that long. Marketing email subscribers: until you unsubscribe, then we keep a record of your email address on a suppression list so we don't accidentally email you again. Analytics data: anonymised after 14 months. Customer service emails: three years from last contact.

Who we share it with

We share your data only with the companies we need to in order to run the business:

Squarespace — our e-commerce platform (hosts the site, processes orders)

Stripe / Paypal — payment processing

UPS/ DHL/DPD — to ship your order

Klaviyo — for email marketing, if you've opted in

Google Analytics, Meta Pixel — for website analytics and advertising, if you've consented to non-essential cookies

Some of these companies are based in the US. We rely on the UK-US Data Bridge and standard contractual clauses to make sure your data is protected to UK standards when it's transferred. We don't sell your data. We don't share it with anyone outside this list for advertising or any other reason.

Cookies

We use a small number of cookies to make the site work and a few more to understand how it's used. The first time you visit, you'll see a banner letting you choose what to allow. You can change your choice at any time from the link in the footer.

Essential cookies — needed to run the site (cart, checkout, login). Always on.

Analytics cookies — help us see what's working. Optional.

Marketing cookies — let us show you relevant ads on Meta and Google. Optional.

Your rights

Under UK GDPR you have the right to: See what data we hold on you (a "subject access request") Have it corrected if it's wrong Have it deleted (within the limits of what tax law lets us delete) Object to certain types of processing Withdraw consent for marketing at any time Take your data and use it elsewhere ("data portability") Lodge a complaint with the Information Commissioner's Office if you think we've handled your data badly. You can find them at ico.org.uk or 0303 123 1113. To exercise any of these rights, email contact@sefastudios.com and we'll respond within 30 days. There's no fee for any of this.

Security

We use industry-standard security measures, encrypted connections, secure payment processing, restricted internal access. No system is bulletproof, but we take it seriously, and if something ever goes wrong we'll tell you within 72 hours of becoming aware, as the law requires.

Changes to this policy

If we change anything material, we'll update the date at the bottom of this page and email anyone on our list. Minor wording fixes, we'll just update.