4️⃣Privacy Policy

Privacy Policy

Last updated: 23 June 2026

Page title: Privacy Policy · Shopify slug: privacy-policy

AVIORA ("we", "us", "our") is committed to safeguarding the personal data of everyone who shops with us or visits our site. This Privacy Policy sets out, in a clear and transparent manner, which personal data we gather, the reasons for which we do so, and how that data is managed. The applicable legal frameworks include the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR) and the Data Protection Act 2018.

1. Data Controller

The data controller within the meaning of the UK GDPR is the operator of aviora.com. Should you have any questions regarding this policy or the handling of your personal data, please write to us at contact@aviora.com. Full provider particulars are available on our Legal Notice page.

2. Types of Data We Process

When you place an order or send us an enquiry, we handle the following categories of data:

  • First and last name together with email address
  • Delivery and billing address
  • Phone number (optional — used solely for delivery status alerts)
  • Payment details (processed securely by our payment partners — card data is never stored by us)
  • Your order and transaction history
  • Technical data regarding your device and browsing activity (IP address, browser type, pages visited)

3. Purposes of Processing and Legal Bases

  • Fulfilment of orders — name, address, email and payment particulars are required to execute the purchase agreement concluded with you (Art. 6(1)(b) UK GDPR).
  • Client communications — including order confirmations, shipping updates and responses to service enquiries (Art. 6(1)(b) UK GDPR).
  • Improvement of our offering — usage analytics enable us to refine and enhance our website on an ongoing basis (Art. 6(1)(f) UK GDPR — legitimate interest).
  • Compliance with statutory obligations — commercial records are retained in accordance with applicable tax and company law (Art. 6(1)(c) UK GDPR).

4. Payment Processing

All transactions are handled by our payment partners (including Stripe, PayPal, Klarna and Viva Wallet), all of whom hold PCI DSS Level 1 certification. Card details are entered directly within their secure environments — the full card number, CVV and expiry date are at no stage visible to or accessible by AVIORA.

5. Data Retention Period

Order-related data is held for between 6 and 10 years in keeping with UK tax and accounting legislation (notably HMRC requirements and the Companies Act 2006). Marketing preferences are stored until you opt out. Data that is no longer needed for its original purpose is deleted or anonymised without delay.

6. Recipients of the Data

Personal data is shared with third parties only to the extent required to fulfil your order:

  • Delivery partners (e.g. Royal Mail, DHL, DPD, Evri, UPS) for the shipment of goods
  • Payment providers for the secure handling of transactions
  • Email service providers for transactional correspondence
  • Hosting companies for the technical operation of the website
  • Accountants and legal advisers, where required to meet legal obligations

Data processing agreements compliant with Art. 28 UK GDPR have been put in place with all our processors.

7. Data Transfers to Third Countries

Any transfer of personal data to countries outside the United Kingdom or the European Economic Area (EEA) is carried out exclusively where an adequacy decision exists, or where appropriate safeguards — such as the Standard Contractual Clauses approved by the UK or EU Commission — are in place under Art. 45 ff. UK GDPR.

8. Cookies and Tracking

Our website makes use of cookies and similar technologies. Further details are set out in our Cookie Policy. You may decline or adjust non-essential cookies at any time via the cookie banner or your browser settings.

9. Your Rights as a Data Subject

With respect to your personal data, you hold the following rights:

  • Right of access (Art. 15 UK GDPR) — you may request details of the data we hold about you
  • Right to rectification (Art. 16 UK GDPR) — inaccurate or incomplete data may be corrected
  • Right to erasure (Art. 17 UK GDPR) — subject to any applicable legal retention obligations
  • Right to restriction of processing (Art. 18 UK GDPR)
  • Right to data portability (Art. 20 UK GDPR)
  • Right to object (Art. 21 UK GDPR) — to processing grounded in legitimate interest
  • Right to withdraw consent at any time (Art. 7(3) UK GDPR)
  • Right to lodge a complaint with a supervisory authority (Art. 77 UK GDPR)

To exercise any of the above rights, please send a brief message to contact@aviora.com.

10. Security of Your Data

We have implemented suitable technical and organisational measures to shield your data from unauthorised access, loss or misuse. These measures encompass SSL/TLS encryption, secured server infrastructure, restricted access controls and periodic security audits.

11. Automated Decision-Making

We do not engage in automated decision-making or profiling as defined under Art. 22 UK GDPR.

12. Right to Complain

If you consider that our handling of your personal data infringes the UK GDPR, you have the right to bring a complaint before a data protection supervisory authority — in particular the Information Commissioner's Office (ICO) in the United Kingdom (www.ico.org.uk) or any competent supervisory authority in the EU member state of your habitual residence, place of employment or the location of the alleged infringement.

13. Updates to This Policy

We may revise this Privacy Policy periodically to reflect changes in legislation or in our business operations. The version currently in force will always be accessible on this page.