Privacy Policy
1. Introduction
1.1 Important information and who we are
Welcome to Passenger Clothing Ltd's Privacy and Data Protection Policy ("Privacy Policy").
At Passenger Clothing Ltd ("we", "us", or "our") we are committed to protecting and respecting your privacy and Personal Data in compliance with the United Kingdom General Data Protection Regulation ("UK GDPR"), the Data Protection Act 2018 and all other mandatory laws and regulations of the United Kingdom.
This Privacy Policy explains how we collect, process and keep your data safe. The Privacy Policy will tell you about your privacy rights, how the law protects you, and inform our employees and staff members of all their obligations and protocols when processing data. If you are based in the EU/EEA, you can also rely on your rights under the EU GDPR. Where we in this Privacy Policy refer simply to the GDPR, we refer to those provisions that the UK- and the EU GDPR have in common.
This Privacy Policy will apply to you where we process data about you in our capacity as a data controller, notably if you are our customer or prospective customer.
We may also process your data if you attend our events, become part of our community groups, enter our prize draws or competitions, or simply visit our website.
If you are a job candidate, an external collaborator, an employee, or an individual subcontractor, this Privacy Policy only applies to you to the extent you have not received privacy information in a separate document.
1.2 Getting in touch with us regarding your personal data
We have appointed a data protection officer ("DPO") who is responsible for overseeing questions in relation to this Privacy Policy. If you have any questions about this Privacy Policy, including any requests to exercise your legal rights surrounding your Personal Data, please contact the DPO using the details set out below:
Name: Aphaia Ltd
Email: dpo@aphaia.co.uk
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
2. Purpose and lawful basis of our processing of your data
"Personal Data" means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of Personal Data about you which we have grouped together below. Not all of the following types of data will necessarily be collected from you but this is the full scope of data that we collect and when we collect it from you:
- Identity Data: First name, last name, username.
- Profile Data: Your username, password, and purchase history.
- Contact Data: Billing address, delivery address, email, and telephone numbers.
- Marketing and Communications Data: This is your preferences in receiving marketing information and other information from us.
- Billing Data: This is information relating to your debit and credit card information such as the name attached to your payment details and your billing address, as well as the invoices issued.
- Transaction Data: Details of products you have purchased, deliveries and returns, any claims information.
- Technical Data: IP address and associated perceived geolocation, browser information and device information.
- Usage Data: Information about how you use our website.
- Cookies: Including essential, preference, functional, and (re)marketing cookies.
- Correspondence by any means, including chat, SMS, and email, including if you join a particular group or attend an event.
- Prize draws and sweepstake competitions you participate in.
- Customer reviews you have provided to us.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
There are a number of justifiable reasons under the GDPR that allow for the collection and processing of Personal Data. The main avenues we rely on are:
- Consent: Certain situations allow us to collect your Personal Data, such as when you tick a box that confirms you are happy to receive email marketing communications from us, or 'opt in' to a service.
- Contracts: We may require certain information from you in order to fulfil our contractual obligations towards you.
- Legal Compliance: We're required by law to collect and process certain types of data, such as invoicing data.
- Legitimate Interest: We might need to collect certain information from you to be able to meet our legitimate interests — this covers aspects that can be reasonably expected as part of running our business, provided these are not overridden by your rights and freedoms. Examples include website logs for security purposes, and the data necessary for the making-of and defence against claims and the detection and prevention of fraud.
- Direct marketing: We may send you direct marketing messages via email or SMS, subject to your consent, or where the conditions for 'soft opt-in' are met based on your past interactions with us and you have not told us that you do not wish to receive such messages.
3. How do we share your personal data
We may share your information with the following categories of recipients:
- Cloud service providers that provide storage, database, management, analytics, online transactions, and communications services
- Providers of marketing services
- Payment services providers
- Delivery service providers
- Professional services such as accountancy and legal
- Public authorities, where required by law or necessary to make or defend against claims
4. Your privacy rights
4.1 Your legal rights
Under certain circumstances, you have the following rights under data protection laws in relation to your personal data:
- The right to be informed. You have the right to be informed about our purposes for processing your personal data, how long we store it for, who it will be shared with, and other circumstances of processing. We have provided this information to you in this Policy.
- The right of access. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it (also known as a "data subject access request").
- The right to rectification. You have a right to request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- The right to erasure. You have the right to ask us to delete or remove personal data where there is no good reason for us continuing to process it. Note, however, that we may not always be able to comply with your request for erasure for specific legal reasons, such as ongoing transactions or ensuring a proof of transaction, which will be notified to you, if applicable, at the time of your request.
- The right to object. You can object to the processing of Personal Data for the purposes of direct marketing, profiling, or other legitimate interests, provided we do not have compelling lawful ground to continue such processing.
-
The right to restrict processing. You have the right to request the restriction or suppression of your personal data. This right applies in the following circumstances:
- If you want us to establish the data's accuracy.
- Where our use of the data is unlawful but you do not want us to erase it.
- Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
- You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- The right to data portability. You have the right to request the transfer of your personal data to you or to a third party. If you make such a request, we will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- The right not to be subject to automated decision-making that produces significant effects, except where this is necessary to enter into a contract with us and is subject to safeguards, notably human intervention.
4.2 Opting out of marketing
You can ask us to stop sending you marketing messages at any time by emailing us, by selecting marketing preferences in your account, or by clicking an appropriate link in an email or SMS we have sent you.
4.3 Making a request
If you wish to make a request under any of these rights, please contact us at info@passenger-clothing.com or dpo@aphaia.co.uk.
4.4 Your control over Passenger Clothing Ltd's use of your Personal Data
You may delete your account at any time — this will remove your account page from our systems and our related software.
You can access information associated with your account by logging into the account you created with us. Your account information will be protected by a password for your privacy and security. You need to prevent unauthorised access to your account and personal information by selecting and protecting your password appropriately and limiting access to your computer or device and by signing off after you have finished accessing your account.
California Privacy Rights: Under California Civil Code sections 1798.83–1798.84, California residents are entitled to ask us for a notice identifying the categories of personal customer information which we share with our affiliates and/or third parties for marketing purposes, and providing contact information for such affiliates and/or third parties. If you are a California resident and would like a copy of this notice, please submit a written request to info@passenger-clothing.com or dpo@aphaia.co.uk.
5. Complaints
If you believe there has been an infringement of data protection laws in connection with your personal data, you have the right to make a complaint to us.
To submit a complaint, email info@passenger-clothing.com with the subject 'Data protection complaint', or fill out our online form.
Please make sure you include:
- Your full name
- A clear description of the event that led to your complaint with any details that you deem relevant
- If you are our customer, a reference to any past purchases
- Any relevant documentation, such as screenshots, that might support your complaint
We will acknowledge receipt of your complaint within 30 days. We will then, without undue delay, take appropriate steps to investigate and respond to your complaint, keeping you informed of the progress and outcome.
6. How long do we keep your data
We will only retain your Personal Data for as long as reasonably necessary to fulfil the purposes we collected it for.
Your data will generally be kept for as long as you keep your account with us. We will also keep transaction data at least as long as it is required to fulfil our contractual obligations. Some data such as invoices may need to be kept longer to fulfil our record-keeping obligations.
We may retain your Personal Data for a longer period than usual in the event of a complaint or an actual or potential dispute. For this reason, we may keep the data for as long as necessary for such purposes, based on the relevant limitation period.
We may continue to store data indefinitely for analytics purposes where we have anonymised such data — for example, where it can no longer be linked to an actual customer account. Some data such as customer reviews may also be stored indefinitely based on our needs to promote the brand.
7. Age limit for our customers
You must not use Passenger Clothing Ltd unless you are aged 16 or older. If you are under 16 and you access Passenger Clothing Ltd by lying about your age, you must immediately stop using Passenger Clothing Ltd.
This website is not intended for children younger than 16, and we do not knowingly collect data relating to children.
8. International data transfers
Where we transfer your data overseas, we ensure that there is an appropriate data transfer mechanism in place, such as adequacy of the overseas jurisdiction, an agreement based on UK and/or EU approved standard contractual clauses, or the recipient being part of the EU-US Data Privacy Framework and its UK extension.
9. Changes to this Policy
We keep our Privacy Policy under review and will place any updates here. This version is dated 1st July 2026.