Free Delivery
Free Samples
0

Privacy Policy

Last updated: 1 April 2026

1. Who We Are

Sotto Home Limited (“Sotto”, “we”, “us”, “our”) operates the website https://sotto.staging.orbitstud.io and sells flooring products online. We are the data controller in respect of the personal data we process about you.

If you have any questions about this policy or how we handle your personal data, please contact us at:

Sotto Home Limited
3.10 The Plaza, St Pauls Square, Liverpool, L3 9QJ
Email: [email protected]

2. What This Policy Covers

This Privacy Policy explains what personal data we collect, why we collect it, how we use it, who we share it with, how long we keep it, and what your rights are. It applies to all customers, visitors, and users of our website and services.

We are committed to handling your personal data responsibly and in accordance with UK data protection law, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

3. The Personal Data We Collect

We collect and process the following categories of personal data:

When you place an order

  • Full name
  • Billing address and delivery address
  • Email address
  • Phone number
  • Order details (products, quantities, prices)
  • Payment information (processed securely via Stripe — we do not store full card details ourselves)
  • Transaction ID and payment status

When you browse our website

  • IP address and approximate location
  • Browser type, device type and operating system
  • Pages visited, time spent on pages, and referral source
  • Cookie identifiers and session data

When you contact us

  • Name, email address, and any other information you choose to provide in your message

When you leave a review

  • Name, email address, and review content (via our review platform, Feefo)

When you sign up for marketing

  • Email address and, where provided, name and purchase history (used to personalise marketing communications via Klaviyo)

4. How and Why We Use Your Personal Data

We only use your personal data where we have a lawful basis to do so. Below we explain how and why we use your data, and the legal basis we rely on in each case.

To process and fulfil your orders

Legal basis: Performance of a contract
We use your name, address, contact details and payment information to process your purchase, arrange delivery, and handle any returns or exchanges.

To manage your account and provide customer support

Legal basis: Performance of a contract and legitimate interests
We use your data to respond to queries, resolve complaints, and keep you informed about the status of your order.

To send you transactional communications

Legal basis: Performance of a contract
We will send you order confirmations, delivery updates, and other service-related emails that are necessary to fulfil your purchase.

To send you marketing communications

Legal basis: Consent (where required) or legitimate interests
With your consent, or where we have a legitimate interest in doing so as an existing customer, we may send you promotional emails, special offers, and information about new products. You can opt out at any time by clicking “unsubscribe” in any marketing email or by contacting us at [email protected].

To collect and display customer reviews

Legal basis: Legitimate interests
We use Feefo to invite customers to leave reviews following a purchase. This helps us improve our products and service and assists other shoppers. Feefo will process your name and email address on our behalf to facilitate this.

To analyse and improve our website

Legal basis: Legitimate interests (and consent for cookies where required)
We use Google Analytics to understand how visitors use our website, which pages perform well, and where we can make improvements. This data is aggregated and does not directly identify you.

To comply with our legal obligations

Legal basis: Legal obligation
We may be required to retain certain records (such as financial transactions) for tax and accounting purposes, or to share data with authorities if required by law.

To prevent fraud and protect our business

Legal basis: Legitimate interests and legal obligation
We may use your data to detect and prevent fraudulent transactions or other illegal activity.

5. Cookies

We use cookies and similar tracking technologies on our website. Cookies are small text files placed on your device that help us provide a better experience and understand how our site is used.

We use the following types of cookies:

  • Strictly necessary cookies: Essential for the website to function, including keeping items in your shopping basket and processing secure payments.
  • Analytics cookies: Used by Google Analytics to collect information about how visitors use our site (pages visited, time on site, etc.). This data is aggregated and anonymous.
  • Marketing cookies: Used by Klaviyo to help us personalise marketing emails and understand how you engage with our communications.
  • Functional cookies: Used to remember your preferences and improve your experience on return visits.

When you first visit our website, you will be asked to consent to non-essential cookies. You can manage or withdraw your consent at any time through your browser settings or our cookie banner. For more information about managing cookies, visit www.aboutcookies.org.

6. Who We Share Your Data With

We do not sell your personal data. We share your data only with trusted third-party service providers who help us run our business, and only to the extent necessary for them to perform their services.

Stripe (Payment Processing)

Stripe processes payment card data on our behalf. Your card details are transmitted securely via Stripe’s encrypted systems and are not stored on our servers. Stripe acts as a data processor and is subject to its own privacy policy: https://stripe.com/gb/privacy.

Google Analytics (Website Analytics)

Google Analytics collects anonymised data about how users interact with our website. Data may be transferred to and stored on Google’s servers. Google is bound by contractual data processing terms that align with UK GDPR requirements. Learn more at: https://policies.google.com/privacy.

Feefo (Customer Reviews)

Feefo is our independent review platform. We share your name and email address with Feefo after a purchase so they can invite you to leave a review. Feefo acts as a data processor on our behalf. Their privacy policy is available at: https://www.feefo.com/en-gb/business/legal/privacy-policy.

Klaviyo (Email Marketing)

Klaviyo is our email marketing platform. We share your email address, name, and relevant purchase history with Klaviyo to send you marketing communications and personalised content. Klaviyo acts as a data processor on our behalf. Their privacy policy is available at: https://www.klaviyo.com/legal/privacy-notice.

Delivery and logistics providers

We share your name, delivery address, and contact details with our courier and logistics partners as necessary to fulfil your order.

Legal and regulatory authorities

We may share your data with law enforcement, regulatory bodies, or courts if required to do so by law.

7. International Data Transfers

Some of our third-party service providers (including Google and Klaviyo) are based outside the UK and may transfer your personal data to countries that do not have the same level of data protection as the UK. Where this occurs, we ensure that appropriate safeguards are in place, such as the UK International Data Transfer Agreement (IDTA) or equivalent contractual protections, in accordance with UK GDPR requirements.

8. How Long We Keep Your Data

We retain your personal data only for as long as is necessary for the purposes set out in this policy, and in accordance with our legal obligations. Our standard retention periods are as follows:

  • Order and transaction records: 7 years (to comply with HMRC requirements)
  • Customer account data: For the duration of your account, plus 3 years after your last interaction with us
  • Marketing data: Until you unsubscribe or withdraw consent
  • Website analytics data: Up to 26 months (Google Analytics default)
  • Customer service correspondence: 3 years from the date of the last communication

When data is no longer needed, we securely delete or anonymise it.

9. Your Rights

Under UK data protection law, you have the following rights in relation to your personal data:

  • Right to access: You can request a copy of the personal data we hold about you (a Subject Access Request).
  • Right to rectification: You can ask us to correct any inaccurate or incomplete data we hold about you.
  • Right to erasure: You can ask us to delete your personal data in certain circumstances (sometimes called the “right to be forgotten”).
  • Right to restrict processing: You can ask us to restrict how we use your data in certain circumstances.
  • Right to data portability: Where processing is based on your consent or a contract, you can request that your data be transferred to you or a third party in a commonly used, machine-readable format.
  • Right to object: You can object to processing based on our legitimate interests, including direct marketing.
  • Right to withdraw consent: Where we rely on your consent to process your data, you can withdraw that consent at any time. This will not affect the lawfulness of processing before the withdrawal.
  • Rights related to automated decision-making: You have the right not to be subject to decisions made solely by automated means where those decisions have a significant effect on you.

To exercise any of these rights, please contact us at [email protected]. We will respond within one calendar month. We may need to verify your identity before processing your request.

10. Right to Complain

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the UK’s data protection regulator, the Information Commissioner’s Office (ICO):

Information Commissioner’s Office
Website: https://ico.org.uk
Helpline: 0303 123 1113

We would, however, appreciate the chance to address your concerns directly before you contact the ICO — please reach out to us first at [email protected].

11. Data Security

We take the security of your personal data seriously. We use appropriate technical and organisational measures to protect your data against unauthorised access, loss, or disclosure. These measures include SSL/TLS encryption for data in transit, secure payment processing via Stripe, and access controls limiting who within our organisation can view your data.

While we take reasonable steps to protect your data, no transmission over the internet or electronic storage system is completely secure. If you have reason to believe your interaction with us is no longer secure, please contact us immediately.

12. Children’s Privacy

Our website and services are not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us at [email protected] and we will delete it promptly.

13. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those websites and encourage you to review their privacy policies independently.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or in applicable law. We will post the updated policy on this page with a revised “Last updated” date. We encourage you to review this page periodically. Where changes are significant, we may also notify you by email.

15. Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact us:

Sotto Home Limited
3.10 The Plaza, St Pauls Square, Liverpool, L3 9QJ
Email: [email protected]
Website: https://sotto.staging.orbitstud.io