1. Introduction & Our Commitment to Your Privacy
At The Leather Costume, we believe that shopping for premium leather apparel should feel as safe and private as wearing it. We are deeply committed to protecting the personal information of every customer who visits our website, whether you are based in the United States, the United Kingdom, the European Union, or anywhere else in the world.
This Privacy Policy explains in plain language what personal data we collect, why we collect it, how we use and protect it, who we share it with, and what rights you have in relation to it. We serve an international customer base and our practices are designed to comply with:
- The UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018
- The EU General Data Protection Regulation (EU GDPR – Regulation 2016/679)
- Applicable United States state privacy laws, including the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
- Other applicable data protection frameworks in the jurisdictions where we operate
If you have questions about this policy or wish to exercise any of your data rights, please see the Contact Information section at the end of this document.
2. Information We Collect
We collect two broad categories of information: data you actively provide to us, and data that is collected automatically when you use our website.
2a. Information You Provide Directly
When you place an order, create an account, or contact our customer support team, you provide us with the following personal data:
- Full name
- Billing address (street, city, county/state, postcode/ZIP, country)
- Shipping / delivery address (if different from billing)
- Email address
- Phone number
- Payment details — processed securely through our third-party payment processors. We do not store your credit or debit card numbers on our servers at any time.
- Order preferences, size selections, and any special delivery instructions you provide
2b. Information Collected Automatically
When you browse theleathercostume.com, our website automatically collects certain technical and behavioural data to ensure the site functions correctly and to improve your shopping experience:
- IP address and approximate geographic location (country/region level)
- Browser type, version, and operating system
- Device type (desktop, mobile, tablet)
- Pages visited, time spent, and navigation paths through the website
- Referring website or search engine
- Shopping cart contents and session data (used to preserve your cart between visits)
2c. Cookies & Similar Technologies
We use cookies — small text files stored on your device — and similar tracking technologies to operate our website, remember your cart, and analyse traffic. You can manage or withdraw your consent to non-essential cookies at any time through the cookie consent banner displayed on your first visit, or via your browser settings. Please note that disabling essential cookies may affect the functionality of the website.
We use the following types of cookies:
- Essential / functional cookies – required for the shopping cart and checkout to work
- Analytical cookies – help us understand how visitors use the website (e.g., page views, popular products)
- Preference cookies – remember your language, currency, and similar settings
- Marketing / targeting cookies – used only where you have given explicit consent
3. How We Use Your Data
We use the personal data we collect for the following purposes, each supported by a lawful basis under applicable data protection law:
3a. Processing & Fulfilling Your Order
The primary purpose for collecting your personal data is to process the items you purchase and get them delivered to you safely. This includes:
- Confirming and processing your payment
- Picking, packing, and preparing your order for dispatch
- Transmitting your shipping address to our courier partners for delivery
- Sending you order confirmation, dispatch notifications, and tracking updates via email
- Managing returns, exchanges, and any after-sales queries
Privacy & Discretion in Packaging: We understand that our customers value their privacy. All orders from The Leather Costume are packed and dispatched with strict discretion. Our packages do not display product descriptions on the exterior; only neutral shipping labels are used.
3b. Fraud Prevention & Security
We have a legitimate interest — and in some jurisdictions, a legal obligation — to protect our business and our customers from fraudulent transactions. We use your data to:
- Screen orders for indicators of fraud or misuse
- Verify billing and shipping address details
- Comply with anti-money laundering and financial crime prevention requirements
3c. Customer Communications
We will send you transactional communications related to your order (confirmations, shipping updates, delivery notifications). These are necessary for the performance of our contract with you and cannot be opted out of while an order is active.
Where you have given your consent, we may also send you marketing communications about new products, promotions, and exclusive offers. You can withdraw this consent at any time by clicking the unsubscribe link in any marketing email, or by contacting us directly.
3d. Website Improvement & Analytics
We use aggregated and anonymised analytical data to understand how our website is used, identify areas for improvement, and ensure the best possible shopping experience for all customers. This processing is carried out on the basis of our legitimate interests.
4. Third-Party Data Sharing
We do not sell your personal data. We do not rent or trade your personal data with third parties for their own marketing purposes. We share your data only where necessary to operate our business and fulfil your orders, and only with trusted partners who are contractually bound to protect your information.
4a. WooCommerce & Website Platform
Our store is built on WooCommerce, a widely trusted e-commerce platform. WooCommerce and its parent company, Automattic, process certain technical and transactional data to power our store’s functionality. Automattic operates under a robust privacy framework and adheres to GDPR standards. You can review Automattic’s privacy policy at automattic.com/privacy.
4b. Payment Processors
All payments are handled by certified third-party payment processors. When you enter your card details at checkout, this information is transmitted directly to the payment processor using industry-standard TLS encryption. We do not see, handle, or store your full credit card number, card verification code (CVC), or any other sensitive payment credentials on our servers.
Our payment partners comply with the Payment Card Industry Data Security Standard (PCI-DSS) and applicable data protection regulations in each region we serve.
4c. International Courier & Logistics Partners
To deliver your order, we share your name, delivery address, and contact phone number (and email where required for tracking notifications) with our logistics partners. These may include, but are not limited to, DHL, FedEx, Royal Mail, and other regional delivery networks, depending on your location and the shipping method selected.
These courier companies act as independent data controllers for the purpose of delivering your parcel. They are only permitted to use your personal data for delivery-related purposes. Please refer to your specific carrier’s privacy policy for full details.
4d. Legal & Regulatory Disclosure
We may disclose your personal data to law enforcement agencies, regulatory authorities, or other third parties where required to do so by applicable law, or where we believe in good faith that such disclosure is necessary to protect our legal rights, prevent fraud, or ensure the safety of our customers and staff.
5. International Data Transfers
The Leather Costume operates as a global retailer. To fulfil your order, your personal data will be processed in and potentially transferred to countries outside the jurisdiction in which you are located. Specifically:
- If you are based in the European Union, your data may be transferred to the United Kingdom and/or the United States.
- If you are based in the United Kingdom, your data may be transferred to the United States and/or EU member states.
- If you are based in the United States, your data may be processed by parties located in the UK or EU.
Our website backend is managed by an international team. All parties who access customer data — regardless of their location — are subject to strict confidentiality obligations and data protection standards.
Where personal data is transferred outside of the UK or the European Economic Area (EEA), we take steps to ensure an appropriate level of protection is in place. This may include:
- Transferring to countries that have received an adequacy decision from the UK Secretary of State or the European Commission
- Using Standard Contractual Clauses (SCCs) approved by the relevant supervisory authority
- Relying on other lawful transfer mechanisms as permitted under UK GDPR or EU GDPR
6. Data Security & Retention
We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, accidental loss, destruction, or disclosure. These measures include:
- SSL/TLS encryption for all data transmitted between your browser and our website
- Secure, access-controlled server infrastructure
- Restricted access to personal data — only authorised personnel who need it to perform their job functions may access customer data
- Regular security reviews of our platform and third-party integrations
We retain your personal data only for as long as is necessary for the purposes set out in this policy, or as required by applicable law. Typically, order data is retained for up to seven (7) years for tax and accounting purposes. You may request earlier deletion of your data subject to any legal retention obligations that apply.
7. Your Privacy Rights
Depending on where you are located, you have specific legal rights in relation to your personal data. We take these rights seriously and will respond to valid requests without undue delay (and in any event within the timeframes required by applicable law).
7a. Rights Under UK GDPR & EU GDPR
If you are located in the United Kingdom or the European Union, you have the following rights:
- Right of Access – You have the right to request a copy of the personal data we hold about you (commonly called a ‘Subject Access Request’ or SAR).
- Right to Rectification – You can ask us to correct any personal data that is inaccurate or incomplete.
- Right to Erasure (‘Right to be Forgotten’) – In certain circumstances, you can ask us to delete your personal data. Please note this right is not absolute and may be limited by our legal obligations.
- Right to Restriction of Processing – You can ask us to restrict how we use your data in certain circumstances.
- Right to Data Portability – You have the right to receive a copy of your data in a structured, machine-readable format and, where technically feasible, to have that data transferred directly to another controller.
- Right to Object – You can object to the processing of your personal data where we rely on legitimate interests as our lawful basis.
- Rights in Relation to Automated Decision-Making – We do not make solely automated decisions that produce significant legal or similarly significant effects about you. If this changes, you will be informed.
- Right to Withdraw Consent – Where processing is based on your consent (e.g., marketing emails or non-essential cookies), you have the right to withdraw that consent at any time.
If you are located in the UK, you also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk. If you are in the EU, you may contact your local Data Protection Authority (DPA).
7b. Rights Under US State Privacy Laws
If you are a resident of California or another US state with applicable privacy legislation, you have additional rights:
- Right to Know – You can request information about the categories and specific pieces of personal data we have collected about you, the purposes for which it was collected, and the categories of third parties with whom we shared it.
- Right to Delete – You can request that we delete the personal data we have collected from you, subject to certain legal exceptions.
- Right to Correct – You have the right to request that we correct inaccurate personal information we hold about you.
- Right to Opt-Out of Sale – We do not sell your personal data. However, if your definition of ‘sale’ under applicable law includes sharing for targeted advertising, you may opt out by contacting us or using your cookie consent preferences.
- Right to Non-Discrimination – We will not discriminate against you for exercising any of your privacy rights. You will receive the same quality of service regardless of whether you exercise your rights.
- California Residents – Shine the Light Law: California Civil Code Section 1798.83 permits California residents to request details about personal information we have disclosed to third parties for their direct marketing purposes. As noted above, we do not share your data with third parties for their own marketing.
To exercise any of the rights described above, please contact us using the details in Section 9. We may need to verify your identity before processing your request. We will not charge a fee for reasonable requests.
8. Children’s Privacy
Our website and products are intended for adults aged 18 and over. We do not knowingly collect personal data from children under the age of 16 (or the applicable age of digital consent in your jurisdiction). If you believe we have inadvertently collected personal data from a minor, please contact us immediately and we will take prompt steps to delete that information.
9. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our business practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will update the ‘Last Updated’ date at the top of this document and, where appropriate, notify you via email or a prominent notice on our website.
We encourage you to review this policy periodically to stay informed about how we are protecting your information. Your continued use of theleathercostume.com after any changes to this policy constitutes your acceptance of those changes.
10. Contact Us
If you have any questions, concerns, or requests in relation to this Privacy Policy or the way we handle your personal data, please do not hesitate to get in touch with us. We aim to respond to all privacy-related enquiries within 30 days.
Data Controller: The Leather Costume
Website: https://theleathercostume.com
Privacy Enquiries Email: [theleathercostume@gmail.com]
Customer Support Email: [theleathercostume@gmail.com]