Login

Country

Language

Cart

Your cart is empty

Privacy Policy

Privacy Policy

Last updated: June 2026

This Privacy Policy explains how Leora collects, uses, stores, and protects your personal data when you visit our website or place an order with us. We are committed to protecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR 2016/679), and the Data Protection Act 2018.

1. Who we are

The data controller responsible for your personal data is:
Leora
Email: info@leora.com

If you have any questions about how we handle your data, please contact us at the email above.

2. What personal data we collect

We collect and process the following categories of personal data:

  • Identity data: first name, last name
  • Contact data: email address, delivery address, billing address, phone number
  • Transaction data: details of products purchased, order value, payment method type (not full card details)
  • Technical data: IP address, browser type and version, device type, operating system, pages visited, time and duration of visit, referring URL
  • Marketing and communications data: your preferences for receiving marketing from us, and whether you have opened or clicked on marketing emails
  • Cookie data: information collected through cookies and similar tracking technologies — see our Cookie Policy for details

3. How we collect your data

We collect data in the following ways:

  • Directly from you when you place an order, create an account, contact us, or sign up to our mailing list
  • Automatically through cookies and analytics tools when you visit our website
  • From third parties including our e-commerce platform (Shopify) and payment processors

4. How we use your data and our legal basis

Purpose Legal basis
Processing and fulfilling your order Contract (Art. 6(1)(b) GDPR)
Sending order confirmation and delivery updates Contract (Art. 6(1)(b) GDPR)
Customer service and responding to enquiries Legitimate interests (Art. 6(1)(f) GDPR)
Sending marketing emails (newsletter, new arrivals) Consent (Art. 6(1)(a) GDPR) — you can withdraw at any time
Fraud prevention and security Legitimate interests (Art. 6(1)(f) GDPR)
Improving our website and services Legitimate interests (Art. 6(1)(f) GDPR)
Complying with legal obligations (e.g. accounting, tax records) Legal obligation (Art. 6(1)(c) GDPR)

5. Who we share your data with

We share your personal data only with the third parties necessary to provide our services. All processors are bound by data processing agreements and may only use your data on our instructions.

  • Shopify Inc. — our e-commerce platform. Shopify processes order and customer data on our behalf. See Shopify's privacy policy.
  • Payment processors (e.g. Stripe, PayPal) — to process payments securely. We do not store or see your full card details.
  • Delivery carriers — your name and delivery address are shared with our shipping partner to fulfil your order.
  • Email service providers — to send transactional and marketing emails.
  • Analytics providers — anonymised data to help us understand website usage.

We do not sell your personal data to any third party, ever.

6. International data transfers

Some of our service providers are based outside the UK or EU, including Shopify (based in Canada and the USA). Where personal data is transferred internationally, we ensure that appropriate safeguards are in place, such as the UK International Data Transfer Agreement (IDTA) or EU Standard Contractual Clauses (SCCs), as applicable.

7. How long we keep your data

  • Order data: retained for 7 years to comply with UK and EU accounting and tax law
  • Customer account data: retained for as long as your account is active, plus 2 years after your last purchase
  • Marketing data: retained until you unsubscribe or withdraw consent
  • Technical/cookie data: see our Cookie Policy for retention periods by cookie type

8. Your rights

Under UK and EU data protection law, you have the following rights:

  • Right of access: you can request a copy of the personal data we hold about you
  • Right to rectification: you can ask us to correct inaccurate or incomplete data
  • Right to erasure: you can ask us to delete your personal data in certain circumstances
  • Right to restriction: you can ask us to limit how we use your data
  • Right to data portability: you can ask us to provide your data in a machine-readable format
  • Right to object: you can object to processing based on legitimate interests or for direct marketing
  • Right to withdraw consent: where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, email us at info@leora.com. We will respond within 30 days. We may need to verify your identity before acting on a request.

If you are unhappy with how we have handled your data, you have the right to lodge a complaint with your national supervisory authority. In the UK, this is the Information Commissioner's Office (ICO): ico.org.uk. In the EU, contact your national Data Protection Authority.

9. Cookies

We use cookies and similar technologies on our website. Please see our Cookie Policy for full details of the cookies we use, what they do, and how to control them.

10. Changes to this policy

We may update this Privacy Policy from time to time. When we make significant changes, we will update the date at the top of this page. The current version will always be available at this URL.