1. Introduction
This Privacy Policy explains how Seleo Classic (“we”, “us”, “our”) collects, uses, shares, and protects personal data when you use the Seleo Classic website, mobile experiences, customer account, checkout, returns portal, and related services (collectively, the “Services”).
We designed our Services with privacy controls including cookie consent, optional analytics and personalization categories, encrypted account fields where applicable, and data-minimised forms for returns, reviews, bookings, and service requests.
By using the Services, you acknowledge this Policy. Where consent is required (for example, non-essential cookies in the EEA/UK), we ask separately.
2. Scope and applicable law
We serve customers in Nigeria, Ghana, Kenya, South Africa, United States, United Kingdom, Canada, Australia, Germany, France, Netherlands, Ireland, and other regions where our checkout and delivery partners operate. Depending on where you live, one or more of the following frameworks may apply to you:
- Nigeria: Nigeria Data Protection Act 2023 (NDPA), Nigeria Data Protection Regulation (NDPR) where still relevant, and the Federal Competition and Consumer Protection Act 2018 (FCCPA) for consumer-facing transparency.
- European Economic Area & UK: General Data Protection Regulation (EU GDPR), UK GDPR, and ePrivacy rules for cookies and similar technologies.
- United States: State privacy laws such as the California Consumer Privacy Act as amended by CPRA, and analogous laws in other states where applicable.
- Other regions: Local consumer-protection and privacy laws in Ghana, Kenya, South Africa, Canada, Australia, and other countries we ship to.
2.1 Data controller
For most processing described here, Seleo Classic is the data controller. Payment processing is handled by Flutterwave as an independent processor. Contact us at support@seleoclassic.com for privacy questions or to exercise your rights.
3. Personal data we collect
We collect only what we need to operate the store and honour your requests:
3.1 Account and identity
- Name, email address, and authentication data when you create an account or sign in (including Google OAuth where enabled).
- Saved shipping addresses, order history, favourites, and referral profile if you use those features.
- Session-binding tokens stored in essential cookies to reduce session replay risk.
3.2 Orders and checkout
- Contact and delivery details, shopping country, currency preference, cart contents, order numbers, items purchased, prices, shipping fees, discounts (including referral discounts), and payment status.
- Payment is processed by Flutterwave; we do not store full card numbers on our servers.
- Optional browser/device signals at checkout when you allow security cookies.
3.3 Returns, refunds, and evidence
- Order number, email used at checkout, return reason, free-text explanation, and photos you upload as evidence for eligible return reasons (stored via our secure object storage).
- Return reference numbers and review status for refund or exchange decisions.
3.4 Reviews, customisation, booking, and service requests
- Product reviews (rating, name, review text) submitted for moderation before publication.
- Customisation requests, bespoke booking briefs, academy enrollment, training applications, and consultation messages including optional reference images.
- Contact phone numbers when you choose to provide them.
3.5 Technical and cookie data
- Essential cookies and local storage for cart, currency, shopping country, consent choices, and secure session binding.
- Optional cookies for personalization (recently viewed, favourites, search suggestions), analytics, security signals, and marketing attribution — only if you consent.
- Server logs, IP address, and device/browser type for security and troubleshooting.
4. How we use personal data
- Process and fulfil orders, including payment verification through Flutterwave.
- Provide order tracking, returns, refunds, and customer support.
- Operate accounts, favourites, referrals, and checkout registration.
- Moderate and publish approved product reviews.
- Respond to customisation, booking, academy, training, and consultation requests.
- Improve the storefront, prevent fraud, and secure accounts.
- Send transactional emails (order confirmations, return updates) and, where permitted, service messages.
- Comply with law, enforce our Terms of Service, and resolve disputes.
4.1 Legal bases (EEA/UK)
Where GDPR applies, we rely on:
- Contract — to process your order, account, or service request.
- Legitimate interests — fraud prevention, security, service improvement, and moderate user content, balanced against your rights.
- Consent — non-essential cookies, certain marketing, and optional features where required.
- Legal obligation — tax, accounting, and regulatory requirements.
5. How we share personal data
We do not sell your personal data. We share data only with trusted processors who help us run the Services:
- Flutterwave — payment processing and fraud checks.
- Supabase — authentication, database, and account storage.
- Cloudflare R2 — image storage for products, return evidence, customisation references, and booking uploads.
- Email providers — transactional and support email delivery.
- Hosting/analytics providers — infrastructure and, if you consent, aggregated analytics.
- Couriers and logistics partners — name, address, and phone number needed for delivery.
- Authorities — when required by law or to protect rights, safety, and integrity of the Services.
6. International transfers
Because we operate internationally, your data may be processed in Nigeria and other countries where our providers host systems. Where GDPR/UK GDPR applies and data leaves the EEA/UK, we use appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms offered by our processors.
7. Data retention
- Order and payment records are kept for the period required by tax, accounting, and consumer law (typically up to 6–7 years where applicable).
- Return evidence and dispute records are kept long enough to resolve claims and defend legal rights.
- Account data is kept while your account is active and for a reasonable period after closure.
- Cookie consent records are kept to demonstrate compliance.
- Reviews and published content may remain visible after account deletion where already approved, unless law requires removal.
8. Your privacy rights
Depending on your location, you may have the right to:
- Access a copy of personal data we hold about you.
- Correct inaccurate data.
- Delete data in certain circumstances.
- Restrict or object to processing.
- Data portability (EEA/UK).
- Withdraw consent for consent-based processing (including non-essential cookies via Cookie settings).
- Lodge a complaint with a supervisory authority (EEA/UK) or the Nigeria Data Protection Commission (NDPC) where applicable.
8.1 Nigeria
Under the NDPA/NDPR and FCCPA, Nigerian consumers are entitled to transparent information about data use and fair treatment. Contact support@seleoclassic.com to exercise rights or raise concerns.
8.2 EEA & United Kingdom
You may contact us at support@seleoclassic.com to exercise GDPR/UK GDPR rights. You also have the right to complain to your local data protection authority.
8.3 United States
Residents of California and certain other states may have rights to know, delete, correct, and opt out of certain sharing. We do not sell personal information as defined by CPRA. Submit requests to support@seleoclassic.com.
10. Security
We use administrative, technical, and organisational measures including HTTPS, access controls, field encryption for sensitive account data where implemented, sanitisation of user-submitted content, signed uploads for evidence images, and session-binding for customer accounts. No method of transmission is 100% secure; please use a strong password and protect your login.
11. Children
The Services are not directed to children under 16 (or the minimum digital-consent age in your country). We do not knowingly collect personal data from children. Contact us if you believe a child has provided data and we will delete it.
12. Changes to this Policy
We may update this Policy from time to time. The “Effective date” and version at the top will change when we do. Material changes will be highlighted on the site or by email where appropriate. Continued use after the effective date constitutes acceptance where permitted by law.
13. Contact us
Privacy enquiries and rights requests: support@seleoclassic.com
Postal enquiries: use the business address on file with Seleo Classic or ask us by email for current details.