Free UK delivery over £40 | Use code GLOW15 for 15% off

Shopestra
View all Beauty New In Beauty
View all Wellness Bestselling Supplements
View all Beauty Tech Tech of the Month
View all Self-Care Mindfulness Bundle
View all More
Offers
Sign In Create Account

Your Basket

Your basket is empty

Add items to get started

Privacy Policy

How we collect, use, and protect your personal information.

Privacy Policy

This policy explains how Shopestra collects and uses your personal data in accordance with UK GDPR.

Who we are

Shopestra is an online beauty and wellness retailer operated by Essex Marketing Services Ltd trading as Shopestra, a company registered in England and Wales under company number 14213255. Our registered office is 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ. When this policy refers to "we", "us", or "our", it means Essex Marketing Services Ltd trading as Shopestra. Our website is shopestra.com.

We are the data controller of your personal information. If you have any questions about how we handle your data, please contact us at privacy@shopestra.com.

What information we collect

We collect information you give us directly and information generated as you use our services:

  • Account information — name, email address, password (stored as a one-way hash).
  • Order information - billing address, delivery address, items ordered, supplier fulfilment details where relevant, and payment confirmation reference (we do not store full card numbers).
  • Communications — messages you send us via email or contact forms.
  • Usage data — with your consent, pages visited, products viewed, and actions taken on the site (see our Cookie Policy).

How we use your information

We use your personal data to:

  • Process and fulfil your orders, including sending confirmation and dispatch emails.
  • Provide customer support and respond to your enquiries.
  • Send you order status updates and important account notifications.
  • Improve our website and product range using aggregated, anonymised analytics data.
  • Send you marketing emails if you have opted in (you can unsubscribe at any time).
  • Comply with our legal obligations, including tax and fraud prevention requirements.

Under UK GDPR, we rely on the following lawful bases:

  • Contract performance — to process orders and manage your account.
  • Legitimate interests — to prevent fraud, improve our services, and conduct direct marketing to existing customers.
  • Legal obligation — to comply with tax, customs, and consumer protection law.
  • Consent — for optional cookies and email marketing where you have opted in.

Sharing your information

We share your personal data only where necessary:

  • Payment processors to handle your payments securely. Each processor is subject to its own privacy policy and may act as an independent controller for payment processing.
  • Delivery couriers and fulfilment partners - your name, delivery address, contact details, and order item details may be shared where needed to deliver your order, including dropship suppliers that dispatch directly to you.
  • Analytics and consent providers - only where permitted by your cookie choices, to help us measure website performance and improve the shopping experience.
  • IT service providers - hosting, email, storage, security, and support services that process data on our behalf under appropriate contractual safeguards.

We do not sell or rent your personal data to third parties for marketing purposes.

How long we keep your data

We keep order records for seven years to comply with HMRC requirements. Account information is retained for as long as your account is active, or until you request deletion. Marketing preferences are held until you unsubscribe or request removal.

International transfers

Some service providers may process personal data outside the UK. Where this happens, we use appropriate safeguards such as adequacy regulations, standard contractual clauses, or equivalent transfer protections required by data protection law.

Your rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Request erasure ("right to be forgotten"), subject to legal retention obligations.
  • Object to or restrict certain processing.
  • Receive your data in a portable format.
  • Withdraw consent at any time where we rely on consent.

To exercise any of these rights, email privacy@shopestra.com. We will respond within one calendar month.

Cookies

We use cookies and similar technologies. Please read our Cookie Policy for full details. You can manage your cookie preferences at any time using the cookie settings link in the footer.

Security

We use TLS encryption for all data transmitted to and from our website. Payment card data is handled entirely by our payment processors and is never stored on our servers. We apply appropriate technical and organisational measures to protect your data against unauthorised access, loss, or disclosure.

Changes to this policy

We may update this policy from time to time. When we make significant changes we will update the "last updated" date at the top of this page and, where appropriate, notify you by email.

Contact and complaints

If you have a concern about how we use your data, please contact us first at privacy@shopestra.com. If you remain dissatisfied, you have the right to lodge a complaint with the Information Commissioner's Office (ICO).