UK GDPR Policy

This UK GDPR Policy explains how personal data is handled in accordance with the United Kingdom General Data Protection Regulation (UK GDPR) and related data protection laws when you access or use this website. The objective is to ensure lawful, fair, and transparent processing of personal information.

1. Scope of This Policy

This policy applies to all personal data collected through the website, including information provided during browsing, order placement, payment processing, and customer support interactions.

2. Lawful Basis for Processing

Personal data is processed only where a lawful basis exists under UK GDPR. These bases include:

• Performance of a contract, such as processing and delivering orders
• Compliance with legal and regulatory obligations
• Legitimate interests related to website operation, security, and service improvement
• User consent, where required by law

3. Data Minimisation and Purpose Limitation

Only personal data that is necessary for specific and legitimate purposes is collected. Data is not used in a manner that is incompatible with the purposes originally stated.

4. Data Accuracy

Reasonable measures are taken to ensure that personal data is accurate and kept up to date. Users are encouraged to notify us of any changes to their information.

5. Data Retention

Personal data is retained only for as long as necessary to fulfil the purposes for which it was collected, including compliance with legal, accounting, and reporting requirements.

6. Data Security

Appropriate technical and organisational measures are implemented to protect personal data against unauthorised access, loss, alteration, or disclosure.

7. Data Sharing and Transfers

Personal data may be shared with third parties only where necessary to support website operations.

• Payment service providers for transaction processing
• Logistics and delivery partners for order fulfilment
• Service providers supporting website functionality or security

Where personal data is transferred outside the United Kingdom, appropriate safeguards are applied to ensure an equivalent level of data protection.

8. Rights of Data Subjects

Under UK GDPR, individuals have specific rights in relation to their personal data, including:

• The right to access personal data
• The right to rectification of inaccurate or incomplete data
• The right to erasure, where applicable
• The right to restrict or object to processing
• The right to data portability, where applicable

9. Requests and Complaints

Requests relating to personal data rights may be submitted using the contact details below. You also have the right to lodge a complaint with the relevant supervisory authority in the United Kingdom if you believe your data protection rights have been infringed.

10. Policy Updates

This UK GDPR Policy may be updated periodically to reflect changes in legal requirements or data handling practices. Updated versions will be published on this page.

11. Contact Information

For questions regarding this UK GDPR Policy or the handling of personal data, please contact us using the details below:

• Address: APT BLK 468 HOUGANG AVENUE 8 #10-1506, SINGAPORE 530468, SINGAPORE
• E-mail: revenue@sofamyio.com
• Phone: +65 (895) 86280
• Customer Support Hours: Monday to Friday, 09:00 – 18:00 (Local Time). Enquiries received outside these hours or on public holidays will be responded to on the next business day