Free shipping over $250

Privacy Notice



This privacy notice sets out how we, California Love, London uses and protects any personal information we collect or generate in relation to you whilst using our website, interacting with us and purchasing our products.


We have reviewed and updated this Privacy Notice to comply with the General Data Protection Regulation (EU) 2016 / 679 and the UK Data Protection Act 2018 (the Data Protection Regulations).


Any future changes to our website which may affect the personally identifiable information collected or used, will be communicated in an update to this Privacy Notice and made available on our website.


What we collect, the source, the purpose of processing and lawful basis

The types of personal data we collect when using our site:


Source of dataInformation storedPurpose/Processing activityLawful basis of processing
Customer dataName name, address, email address, user ID, passwordTo process orders and deliveriesTo perform a contract
Customer dataName, address, purchases, cost, transaction dateIssuing of invoices, refunds etcTo perform a contract
Customer dataMarketing preferences, , birth day/monthNewsletters, special offersConsent
Customer DataBank detailsTo pay for ordersTo perform a contract


Please read this notice carefully for details about the information we collect when you use this site. If you do not wish to accept cookies in connection related to this site, you must disable them using your browser settings.


Links to other websites

Our site may contain links to other sites of interest. However, once you use these links we do not have any control over that external site. We cannot be responsible for the protection and privacy of any information you provide whilst visiting sites that are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to external sites.


Recipients of your data


We use third-party providers (data processors/joint data controllers) to help us deliver our services to you.  Where we use third parties to process any personal data collected from this site, we ensure that they have committed to ensuring appropriate technical and organisational measures are in place to meet their obligations under the Data Protection regulations.


Credit/Debit Card payments using a third party

We never collect or store your payment card details and use a third-party payment gateway for purchases made on our website.  We only use PCI-DSS complaint payment systems procured from reliable third- party providers, such as Mastercard and Paypal.


Our technology systems do not directly collect or store any payment card information and our online payment solutions are carried out using a ‘payment gateway’.  This is a direct connection to a payment service provided by a bank or payment provider.


This means that when you input your payment card data you are communicating directly with the bank.  As such your payment card information is handled by the bank or payment provider only.


Automated decision making

No automated decisions are made using any personal information collected using this site.



We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.


Controlling your personal information

You may choose to unsubscribe from newsletters at any time.


You may choose to restrict the collection or use of your information, via cookies.  Please see our Cookie Policy for more information.  Our cookie pop up banner allows you to manage your cookie preferences.


Data Transfers outside the EEA

We use selected third parties who are based in the USA.

  • Our payment providers may store certain data in data centers located in the USA, however we only use providers who are PCI-DSS compliant and therefore adhere to strict security standards
  • Mailchimp may store data outside of the EEA and are regulated through their adherence to the US Privacy Shield


Aside from our selected third parties, we do not send any Personally Identifiable data collected via our site outside the EEA unless you have consented for us to do so, for example: if you provide contact data which is outside of the EEA.


Your rights

You are entitled to ask about the data that is held about you, subject to certain exceptions.  This is called a Subject Access Request (SAR).  These should be made by email or in writing at the following addresses:



Address: Data Protection Manager,

130 Old Street, London, EC1V 9BD.


In addition, the Data Protection Regulations provide the following rights for individuals:  (

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling


If you would like to exercise any of your rights under the Data Protection Regulations, please contact us at the addresses above.


We will make every attempt to ensure you are satisfied with our handling of your data queries or requests.  However, you have the right to complain to the Information Commissioners Office (ICO) if you are not satisfied with our handling of your requests about the protection of your data.  Follow the link below to report a concern to the ICO.


Last updated: November 2019