Privacy Policy

2. Who we are

Our website address is: https://shop.andrea-smoothlife.com.
Controller for data protection:
Kaysa Limited
Andrea Sachtleben (Director)
167-169 Great Portland Street, London, W1W 5PF, United Kingdom
Email: shop@andrea-smoothlife.com

2. What Personal Data We Collect and Why

a) Shop/Checkout Data (WooCommerce)

When you purchase tickets, we collect:

Name, email, billing address, phone number (to process orders and send tickets).
Payment information (handled by Stripe, not stored on our servers).
IP address (for fraud prevention and tax compliance).

b) Stripe Payments

We use Stripe to process payments. Stripe’s privacy policy applies:
👉 https://stripe.com/privacy
(Note: You don’t store card details; Stripe does. Clarify this!)

c) PDF Tickets (WooCommerce PDF Invoices)

Your name, email, and order details are included in the PDF ticket for verification.
Tickets are emailed to you and stored in our order system for 6 years (UK tax law).

d) Analytics & Cookies

We use Google Analytics (if applicable) to track visitor behavior (anonymized IP).
Opt-out: https://tools.google.com/dlpage/gaoptout
Facebook Pixel/Ads (if used): Data may be shared with Facebook for retargeting.
(Add if you run Facebook ads!)

e) Email Marketing

If you opt into our newsletter (e.g., for show updates), we use Mailchimp/MailPoet to send emails.
(Add if you collect emails for marketing!)
Unsubscribe link is included in every email.

3. Cookies (Expanded for WooCommerce)

In addition to WordPress cookies, we use:

WooCommerce cookies to track cart contents and checkout progress.
Stripe cookies for payment processing.
Google/Facebook cookies (if you run ads).

How to disable cookies:
Users can adjust browser settings to refuse cookies. However, some features (e.g., checkout) may not work without them.

4. Who We Share Your Data With

Stripe (payment processing).
Spam detection: Akismet (if enabled) checks comments (Privacy Policy: https://automattic.com/privacy/).
Hosting provider (e.g., All-inkl., SiteGround): Servers located in the EU/UK (GDPR-compliant).
Legal obligations: We may disclose data if required by law (e.g., tax authorities).

5. How Long We Retain Your Data

Order data: 6 years (UK tax law).
Comments: Indefinitely (unless you request deletion).
User accounts: Until deleted by the user.
Analytics data: 26 months (Google Analytics default).

6. Your Rights Over Your Data

Under GDPR, you can:
1. Request a copy of your data (free of charge).
2. Request deletion of your data* (except where legally required, e.g., tax records).
3. Object to processing (e.g., marketing emails).
4. Request correction of inaccurate data.
To exercise these rights, email us at shop(a)Andrea-smoothlife.com

Exceptions:
- We cannot delete transaction data required for tax/auditing (UK law).
- Anonymous data (e.g., analytics) is excluded.

7. Where We Send Your Data

Stripe (US, but GDPR-compliant via EU-US Data Privacy Framework).
Email providers (e.g., Gmail, Mailchimp) for order confirmations/newsletters.
Backup services (e.g., UpdraftPlus) store encrypted backups for 30 days.

8. Security Measures

SSL encryption (https://) for all data transfers.
Password-protected customer accounts.
Regular backups stored securely offsite.
Payment data is never stored on our servers (handled by Stripe).

9. Third-Party Services

Stripe for Payments https://stripe.com/privacy
WooCommerce for Shop system https://woocommerce.com/privacy-policy/
Google Analytics for Traffic analysishttps://policies.google.com/privacy
AkismetSpam for protectionhttps://automattic.com/privacy/

10. Data Breaches

We will notify you within 72 hours if your data is compromised (GDPR requirement).

11. Changes to This Policy

We update this policy when services change. Last updated: 30. March 2026