Effective Date: 
- Data Controller OXMFit acts as the data controller for the personal information collected through our website (“Site”).
- Lawful Basis for Processing We will only process personal data if we have a lawful basis to do so under the GDPR. The lawful bases include the necessity of processing for the performance of a contract, compliance with a legal obligation, protection of vital interests, consent, or legitimate interests pursued by the data controller or a third party.
- Types of Personal Data We may collect and process the following types of personal data:
- Email address
- Contact information
- Billing and shipping address
- Payment information
- Purpose and Use of Personal Data We collect and use personal data for the following purposes:
- To provide and maintain our services
- To process and fulfill orders
- To communicate with you regarding your account, purchases, or inquiries
- To send you marketing communications if you have provided consent
- To improve our Site, services, and customer experience
- To comply with legal obligations or resolve disputes
- Data Security We implement appropriate technical and organizational measures to protect personal data from unauthorized access, disclosure, alteration, or destruction. However, no data transmission or storage system can be guaranteed to be 100% secure.
- Data Subject Rights Under the GDPR, you have the following rights regarding your personal data:
- The right to access and rectify your personal data.
- The right to erasure (“right to be forgotten”) under certain circumstances.
- The right to restrict or object to the processing of your personal data.
- The right to withdraw the consent if you have previously provided it.
- The right to data portability of your personal data.
- The right to lodge a complaint with a supervisory authority.
- Data Transfers We may transfer personal data to recipients located in countries outside the European Economic Area (EEA). In such cases, we ensure that appropriate safeguards are in place to protect the data, such as using standard contractual clauses approved by the European Commission.