Privacy Policy

Effective Date: April 10, 2026
Company: COSMO WISDOM LTD
Company Number: 17073780
Registered Address: 265 Wimbledon Park Road, London, United Kingdom, SW19 6NW

1. Introduction

This Privacy Policy explains how COSMO WISDOM LTD collects, uses, stores, shares, and protects personal data when you visit https://cosmowisdom.com/, create an account, place an order, contact us, subscribe to marketing communications, or otherwise interact with our Website.

We are committed to handling personal data responsibly, lawfully, and transparently. This Privacy Policy is intended to help you understand what information we collect, why we collect it, how long we keep it, the rights you may have in relation to your personal data, and how you can contact us with any questions or concerns.

This Privacy Policy applies only to personal data processed by COSMO WISDOM LTD in connection with the Website and our retail operations.

2. Who We Are

For the purposes of applicable data protection law, COSMO WISDOM LTD is the controller of the personal data processed under this Privacy Policy, except where another party clearly acts as an independent controller, such as a third-party payment provider, courier, or platform provider in relation to their own services.

Our contact details are as follows:

COSMO WISDOM LTD
265 Wimbledon Park Road, London, United Kingdom, SW19 6NW
Email: [email protected]

3. Governing Data Protection Framework

We process personal data in accordance with the laws applicable in the United Kingdom, including the UK GDPR and the Data Protection Act 2018. Under UK data protection rules, individuals must be given clear privacy information about how their personal data is used, and organisations must process data lawfully, fairly, and transparently.

Where relevant to individuals located in other jurisdictions, we may also take account of additional legal requirements that apply to cross-border activities.

4. Personal Data We May Collect

We may collect and process different categories of personal data depending on how you use the Website.

These categories may include:

Identity Data, such as your first name, last name, title, or similar identifiers.

Contact Data, such as your billing address, delivery address, email address, telephone number, and other contact details you provide.

Account Data, such as login credentials, password-protected account settings, wishlist data, saved preferences, and order history.

Transaction Data, such as details of products purchased, delivery option selected, order totals, currency selection, invoice data, refund data, and order-related communications.

Communication Data, such as messages sent through contact forms, customer support requests, reviews, feedback, complaint records, and email correspondence with us.

Technical Data, such as IP address, browser type, operating system, device identifiers, time zone setting, referring URLs, log files, and similar technical information collected when you use the Website.

Usage Data, such as information about how you browse the Website, what pages or products you view, how long you stay on certain pages, items added to cart, abandoned cart information, and interactions with emails or marketing content.

Marketing Data, such as your communication preferences, newsletter subscription status, and records of consent or opt-out choices.

We do not intentionally collect special category personal data unless you choose to provide it to us in communications, and we ask that you do not send such information unless it is strictly necessary.

5. Payment Information

We do not collect, store, or process your full payment card details on our own systems. All payments made through the Website are handled by an independent third-party payment service provider.

When you make a purchase, payment-related information is submitted directly to the relevant payment provider and is processed in accordance with that provider’s own privacy notice, terms, and security procedures. We may receive limited transaction-related information from the payment provider, such as payment confirmation, partial card identifiers, transaction status, or billing-related metadata necessary to confirm and administer your order, but we do not receive or retain full card numbers, full authentication credentials, or equivalent sensitive payment data.

6. How We Collect Personal Data

We may collect personal data in several ways, including:

• when you create an account on the Website;
• when you place an order or attempt to place an order;
• when you subscribe to newsletters or other marketing communications;
• when you contact us by email, contact form, or other communication channel;
• when you leave reviews or submit feedback;
• when you browse the Website and technical data is collected automatically through cookies, log files, and similar technologies;
• when third parties such as payment providers, analytics providers, advertising tools, or couriers provide us with information connected to your purchase or Website activity.

7. How We Use Personal Data

We use personal data only where we have a lawful basis to do so. Depending on the circumstances, we may use personal data for the following purposes:

• to create and manage your account;
• to process and fulfil orders;
• to send order confirmations, invoices, dispatch confirmations, and other service communications;
• to arrange shipping and delivery of purchased goods;
• to respond to questions, complaints, return requests, or support enquiries;
• to verify transactions and help prevent fraud or misuse of the Website;
• to administer refunds, cancellations, or replacements;
• to improve the Website, customer experience, product offering, and internal business operations;
• to send marketing communications where permitted by law or where you have consented;
• to comply with legal, tax, regulatory, accounting, and record-keeping obligations;
• to establish, exercise, or defend legal claims.

8. Lawful Bases for Processing

Under the UK GDPR, organisations must identify a lawful basis for processing personal data. Depending on the context, our lawful bases may include performance of a contract, compliance with a legal obligation, legitimate interests, and consent.

In particular:

we process order, delivery, and account information because it is necessary to perform a contract with you or to take steps at your request before entering into a contract;

we process certain records for accounting, tax, fraud prevention, and legal compliance because it is necessary to comply with legal obligations;

we process some Website analytics, service improvement, security, and customer service records because it is necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms;

we process marketing communications or certain cookies based on consent where consent is required.

9. Cookies and Similar Technologies

The Website may use cookies, pixels, tags, analytics tools, and similar technologies to operate properly, remember your preferences, improve functionality, analyse traffic, and support marketing activities.

Some cookies are strictly necessary for the operation of the Website, while others may be optional and used only with your consent where required. Further information about our use of cookies should be provided in our Cookies Policy or cookie banner settings.

10. Disclosure of Personal Data

We may share personal data with carefully selected third parties where reasonably necessary for the purposes described in this Privacy Policy.

• These recipients may include:
• payment providers that process transactions;
• shipping, courier, and logistics providers;
• IT hosting, website, ecommerce, and cloud service providers;
• email delivery and customer communication tools;
• analytics and performance service providers;
• professional advisers such as lawyers, accountants, auditors, and insurers;
• regulators, public authorities, courts, law enforcement agencies, or tax authorities where disclosure is required or appropriate by law.

We do not sell your personal data to third parties.

12. Data Security

We use a combination of technical and organisational safeguards designed to protect your personal data against accidental or unlawful destruction, loss, misuse, unauthorised access, unauthorised disclosure, or alteration.

These measures may include secure hosting environments, encryption or encryption-supported transmission methods where appropriate, restricted internal access to personal data, role-based access controls, account protection mechanisms, system monitoring, periodic security reviews, and processes intended to reduce the risk of unauthorised processing.

Although no internet-based service can be guaranteed to be completely secure, we take appropriate steps to maintain a level of security proportionate to the nature of the personal data we process and the risks involved. ICO guidance under the UK GDPR requires organisations to apply appropriate technical and organisational measures to protect personal data.

13. UK GDPR Compliance and Data Protection Practices

We comply with applicable UK data protection requirements by implementing appropriate technical and organisational measures intended to preserve the confidentiality, integrity, and availability of personal data.

Our data protection practices may include internal access controls, staff awareness and training, review of data handling processes, minimisation of unnecessary data collection, record-keeping where appropriate, and periodic assessment of how personal data is handled across our operations.

We seek to process only the personal data that is relevant and necessary for the purposes described in this Privacy Policy and to keep that data accurate and up to date where reasonably possible. The UK GDPR framework is built around principles such as lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality, and accountability.

14. Data Retention

We keep personal data only for as long as it is reasonably necessary for the purposes for which it was collected, including for the purposes of fulfilling orders, maintaining business and tax records, handling disputes, responding to complaints, detecting fraud, enforcing agreements, and complying with legal or regulatory obligations.

Retention periods may vary depending on the type of data and the reason for processing. When personal data is no longer required, we will delete it, anonymise it, or otherwise securely dispose of it where appropriate.

15. Your Rights

Under the UK GDPR, individuals may have rights in relation to their personal data, subject to certain conditions and exemptions. These can include:

• the right to be informed about how personal data is used;
• the right of access to personal data;
• the right to rectification of inaccurate data;
• the right to erasure in certain circumstances;
• the right to restrict processing in certain circumstances;
• the right to data portability in certain circumstances;
• the right to object to certain types of processing;
• rights relating to decisions based solely on automated processing, where applicable.

ICO guidance explains that privacy notices are part of the right to be informed, and that the UK GDPR also gives individuals the rights listed above, subject to scope and exceptions.

16. Complaints

If you have concerns about how we handle your personal data, we encourage you to contact us first so that we can try to resolve the matter.

If you are not satisfied with our response, you may have the right to lodge a complaint with the Information Commissioner’s Office (ICO) in the United Kingdom, which is the UK supervisory authority for data protection matters. ICO guidance confirms its role under the UK GDPR and the Data Protection Act 2018.

17. Strong Customer Authentication (SCA)

To improve the security of online payments, transactions handled by our third-party payment provider may be subject to Strong Customer Authentication (SCA) where applicable. SCA is designed to reduce fraud and improve payment security by requiring authentication based on two or more independent elements, commonly linked to something the customer knows, possesses, or is. FCA guidance states that SCA rules apply to relevant payment access and payment initiation scenarios and are intended to enhance security and limit fraud.

Because payment authentication is carried out by the relevant payment provider or financial institution, the exact authentication steps may vary depending on the card issuer, bank, device, and transaction type.

18. PSD2 and Online Card Payments

Where applicable to the payment services used for transactions on the Website, online card payments may be subject to requirements derived from PSD2 and related UK payment security rules. In practical terms, this may mean that customers are asked by their bank or payment provider to complete additional authentication before a payment is authorised.

We do not control the specific authentication method used by your payment provider, issuing bank, or card network. Any such verification is carried out within the payment environment of the relevant provider and is governed by that provider’s own processes and policies. FCA materials describe SCA as part of the payment security framework applying in the UK for relevant transactions.

19. Third-Party Websites and Services

The Website may contain links to third-party websites, platforms, or services. This Privacy Policy does not apply to personal data processed by those third parties independently of us. We encourage you to read the privacy policies of any third-party sites or services you use.

20. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our business operations, technology, legal requirements, or data handling practices. Any updated version will be posted on the Website with a revised effective date.

Where required by law, we will take appropriate steps to notify users of material changes.

21. Contact Us

If you have any questions about this Privacy Policy, the personal data we process, or your rights, you may contact us at:

COSMO WISDOM LTD
265 Wimbledon Park Road, London, United Kingdom, SW19 6NW
Email: [email protected]