Privacy policy

Privacy Policy for ESTER ROMANA

Last updated: June 2026

This Privacy Policy explains how Ester Romana Limited (“we”, “us”, “our”) collects, uses, stores, and protects your personal data when you visit esterromana.com or purchase from us. We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Please read this policy carefully. By using our website or placing an order, you acknowledge that you have read and understood how we handle your personal data.

1. Who we are

Ester Romana Limited is the data controller for all personal data collected through this website. We are registered in England and Wales. Company registration number: 11440633. 

If you have any questions about this policy or how we handle your data, please contact us at info@esterromana.com.

2. What personal data we collect

Depending on how you interact with us, we may collect the following categories of personal data:

CategoryExamples
Identity dataFirst name, last name, title, username or similar identifier
Contact dataEmail address, telephone number, billing address, delivery address
Transaction dataDetails of orders placed, payments made, products purchased, and order history
Bespoke order dataShoe measurements, customisation specifications, and material preferences provided when placing a made-to-order or bespoke order
Technical dataIP address, browser type and version, device identifiers, time zone, operating system
Usage dataPages visited, products viewed, search terms used, time spent on the site, referring URLs
Communications dataEmails, enquiries, and messages you send to us
Marketing preferencesYour choices about receiving marketing communications from us


We do not collect any special category data (such as health data, racial or ethnic origin, or biometric data) and we do not collect data from children under the age of 16.

3. How we collect your data

We collect personal data through the following means:
  • Direct interactions: when you create an account, place an order, sign up to our newsletter, contact us by email, or submit an enquiry through our website
  • Automated technologies: as you browse our website, we automatically collect technical and usage data via cookies and similar tracking technologies — see our Cookie Policy for full details
  • Third parties: we may receive data from payment processors, analytics providers, and social media platforms where you have given those parties permission to share your information

4. How we use your personal data

We use your personal data only for the purposes set out below, and only where we have a valid legal basis to do so:

PurposeLegal basis
Process and fulfil your order, including made-to-order and bespoke commissionsContract
Send order confirmation, dispatch, and delivery updatesContract
Manage your account and provide customer supportContract / Legitimate interests
Process payments and prevent fraudContract / Legal obligation / Legitimate interests
Comply with legal and regulatory obligations (e.g. tax records)Legal obligation
Send marketing emails and newsletters (where opted in)Consent
Improve our website, products, and services through analyticsLegitimate interests
Personalise your browsing experienceConsent (via cookies)

We will never use your data for purposes that are incompatible with those listed above without first informing you and, where required, obtaining your consent.

5. Marketing communications

We will only send you marketing emails if you have opted in to receive them — for example, by signing up to our newsletter or ticking the marketing preference box at checkout. You can withdraw your consent and unsubscribe from marketing communications at any time by clicking the unsubscribe link in any email we send, or by emailing us at info@esterromana.com. Opting out of marketing will not affect any transactional emails relating to an existing order.

6. Sharing your personal data

We do not sell, rent, or trade your personal data. We may share it with trusted third-party service providers only where strictly necessary to operate our business and fulfil your order:

  • Payment processors (such as Stripe or PayPal) to handle transactions securely — they process your payment data under their own privacy policies
  • Delivery and courier services to fulfil and track your order
  • Email and CRM platforms to manage customer communications and newsletters
  • Analytics providers (such as Google Analytics) to help us understand how our website is used — data is anonymised or pseudonymised where possible
  • IT and hosting providers who support our website infrastructure, under strict data processing agreements
  • Legal and regulatory authorities where we are required to do so by law, court order, or to protect our legal rights

All third parties with whom we share personal data are required to handle it in accordance with UK GDPR and are only permitted to process it for the specific purposes we have instructed.

7. International data transfers

Some of our third-party service providers operate outside the United Kingdom. Where your personal data is transferred internationally, we ensure that appropriate safeguards are in place — such as UK adequacy decisions or standard contractual clauses — in accordance with UK GDPR. We will not transfer your data to a country that does not provide an adequate level of protection.

8. How long we keep your data

We retain your personal data only for as long as is necessary for the purposes for which it was collected, or as required by law.

  • Order and transaction records are retained for 7 years to comply with HMRC requirements and UK tax law
  • Account data is retained for as long as your account remains active, plus a reasonable period thereafter
  • Marketing data is held until you withdraw your consent or unsubscribe
  • Communications and enquiry data is retained for up to 3 years, or longer if required for a legal dispute
  • Bespoke order specifications are retained for 7 years to allow for any warranty or quality queries

When data is no longer required, it is securely deleted or anonymised.

9. Your rights under UK GDPR

Under UK data protection law, you have the following rights in relation to your personal data:

  • Right of access: you can request a copy of the personal data we hold about you (a Subject Access Request)
  • Right to rectification: you can ask us to correct inaccurate or incomplete data
  • Right to erasure: you can ask us to delete your data in certain circumstances (“right to be forgotten”)
  • Right to restrict processing: you can ask us to limit how we use your data in certain circumstances
  • Right to data portability: you can request your data in a structured, machine-readable format where processing is based on consent or contract
  • Right to object: you can object to processing based on legitimate interests, including for direct marketing
  • Right to withdraw consent: where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, please email us at info@esterromana.com. We will respond within 30 days. We may need to verify your identity before processing your request.

Right to complain: If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) at ico.org.uk or by calling 0303 123 1113. We would, however, appreciate the opportunity to address your concerns directly before you contact the ICO — please email us first at info@esterromana.com.

10. Data security

We take the security of your personal data seriously. We use appropriate technical and organisational measures to protect your data against unauthorised access, loss, alteration, or disclosure. All payment transactions are processed via encrypted, PCI-compliant payment gateways. We do not store your full card details on our systems. While we take all reasonable steps to protect your data, no method of electronic transmission or storage is completely secure. If you have reason to believe that your interaction with us is no longer secure, please contact us immediately.

11. Cookies

Our website uses cookies and similar tracking technologies to improve your browsing experience, analyse site usage, and support marketing activities. Full details of the cookies we use and how to manage your preferences are set out in our Cookie Policy.

12. Third-party websites

Our website may contain links to third-party websites, including social media platforms. We are not responsible for the privacy practices of those sites and this policy does not apply to them. We encourage you to read the privacy policies of any external sites you visit.

13. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the services we offer. The date at the top of this page indicates when it was last revised. Where changes are significant, we will notify you by email or by displaying a prominent notice on our website. We encourage you to review this page periodically.

14. Contact us

For any questions, requests, or concerns relating to this Privacy Policy or the personal data we hold about you, please contact us:

Ester Romana Limited
Email: info@esterromana.com
Website: esterromana.com

We aim to respond to all data-related requests within 30 days.