Privacy Policy
Effective Date: March 2025 • GDPR Compliant • Cyprus Law 125(I)/2018
Your privacy is not a formality to us. This policy explains with complete transparency how Juzéfa collects, uses, and safeguards your personal data, in full compliance with the General Data Protection Regulation and the laws of the Republic of Cyprus.
Data Controller
Juzéfa acts as the Data Controller for all personal data collected through this website, as defined by the General Data Protection Regulation (GDPR), implemented in Cyprus through the Protection of Physical Persons Against the Processing of Personal Data Law 125(I)/2018.
As Data Controller, we determine the purposes and means by which your data is processed. All queries, requests, or concerns regarding your personal data may be directed to us at [email protected].
We process your data with the highest standards of care, transparency, and accountability. We never sell your data to any third party.
Data We Collect & Why
We collect only the data that is strictly necessary for the purposes outlined below. The following table summarizes our data processing activities and their lawful basis under Article 6 of the GDPR:
Name, email, delivery address, phone number
Performance of contract (processing and delivering your order)
Payment method details (processed via third-party gateway, not stored by us)
Performance of contract; compliance with legal obligations
Order history, returns, and purchase preferences
Performance of contract; legitimate business interests
IP address, browser type, device information, visit timestamps
Legitimate interests (site security, fraud prevention, analytics)
Email address for newsletters and promotional communications
Explicit consent (opt-in) or soft opt-in for existing customers
How We Use Your Data
Your personal data is used solely for the purposes for which it was collected. We will never use your data for purposes incompatible with those disclosed at the time of collection. Specific uses include:
- Processing and fulfilling your orders and managing delivery logistics
- Communicating with you regarding your purchases, returns, and account
- Sending marketing communications where you have provided valid consent
- Improving our website experience through aggregate behavioural analytics
- Preventing and detecting fraud or unauthorized transactions
- Complying with our legal and regulatory obligations under Cypriot and EU law
Third-Party Processors
To operate our e-commerce platform, we engage trusted third-party service providers who process data on our behalf. All processors are bound by Data Processing Agreements (DPAs) in accordance with Article 28 of the GDPR, obligating them to handle your data securely and exclusively for the defined purpose.
We do not transfer your personal data to any country outside the European Economic Area (EEA) without first ensuring that adequate legal safeguards are in place and documented.
Data Retention
We retain your personal data only for as long as is strictly necessary to fulfil the purpose for which it was collected, and to comply with applicable legal obligations. Specific retention guidelines are as follows:
- Order and transaction records: 7 years (financial and tax compliance)
- Customer account data: Duration of active account plus 2 years post-closure
- Marketing consent records: Until consent is withdrawn, plus 1 year audit trail
- Technical and log data: 12 months from collection
Upon expiry of the applicable retention period, your data is permanently and securely deleted or anonymized in a manner that makes re-identification impossible.
Your Rights Under GDPR
As a data subject under the GDPR, you hold significant and enforceable rights over your personal data. We are committed to honoring every request promptly and without undue friction.
- Access You have the right to request confirmation of whether we hold your data and to receive a copy of it in a commonly used format.
- Rectification You have the right to have inaccurate or incomplete personal data corrected without undue delay.
- Erasure You have the right to request deletion of your personal data where there is no compelling reason for its continued processing, subject to legal retention obligations.
- Portability You have the right to receive your data in a structured, machine-readable format and to transmit it to another controller.
- Objection You have the right to object at any time to processing based on legitimate interests, including direct marketing.
- Restriction You have the right to request that we restrict the processing of your data under certain defined circumstances.
- Withdraw Consent Where processing is based on consent, you may withdraw that consent at any time with immediate effect, without prejudice to lawfulness of prior processing.
To exercise any of the above rights, contact us at [email protected]. We will respond within one calendar month. No fee is charged for exercising your rights under ordinary circumstances. For enquiries that cannot be resolved directly with us, you may lodge a complaint with the Cyprus Commissioner for Personal Data Protection.
Direct Marketing & Consent
Where we send you marketing communications, including newsletters or promotional announcements, we do so only on the basis of your explicit, freely given, and documented consent or via the lawful soft opt-in mechanism for existing customers, as permitted under the Regulation of Electronic Communications and Postal Services Law (112(I)/2004).
We do not use pre-ticked boxes, implied consent, or inactivity as a basis for marketing. Every marketing communication includes a clear and immediate unsubscribe option. Withdrawal of marketing consent is as simple as clicking unsubscribe and takes immediate effect.
Cookies & Tracking Technologies
Our website uses cookies and similar tracking technologies in accordance with the GDPR and the ePrivacy Directive. The following categories of cookies may be present on our site:
| Category | Purpose | Consent |
|---|---|---|
| Strictly Necessary | Shopping cart function, secure checkout, session authentication | |
| Functional | Remembering language preferences and UI customisations | |
| Analytical | Measuring page performance and visitor journeys to improve the site | |
| Marketing | Delivering targeted fashion advertising across third-party platforms |
You will be presented with a cookie consent interface upon your first visit. You may manage your preferences at any time through your browser settings or by contacting us directly. Refusing non-essential cookies will not prevent you from using our website.
Data Security
We deploy administrative, technical, and physical security measures proportionate to the risk level of the data we process. These include encrypted data transmission via SSL/TLS, access controls limiting data visibility to authorised personnel, regular security assessments, and secure, authenticated interfaces for all administrative access.
In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Cyprus Commissioner for Personal Data Protection within 72 hours, and notify you directly where required by law.
Children's Privacy
Our services are not directed at individuals under the age of 16. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data without parental consent, please contact us immediately at [email protected] and we will act promptly to delete the relevant information.
Policy Updates
We reserve the right to update this Privacy Policy as our operations evolve or as required by changes in applicable law. The effective date at the top of this document will be revised accordingly. Where changes are material, we will take reasonable steps to notify you directly.
We encourage you to review this policy periodically to remain informed about how we protect your data.
Contact & Complaints
For all data protection enquiries, requests, or concerns, please contact us directly. We take every communication seriously and commit to a response within one calendar month.
Email: [email protected]
If you remain unsatisfied with our response, you have the right to lodge a formal complaint with the supervisory authority:
Cyprus Commissioner for Personal Data Protection
Website: www.dataprotection.gov.cy
© Copyright 2026 Juzefa.
All Rights Reserved.