Sophia Anthony

Legal

Privacy Policy

Last updated: April 2025

1. Who We Are

Sophia Anthony is a luxury handbag brand based in Lagos, Nigeria. We sell our products globally through sophiaanthonyy.com. When we say “we” or “Sophia Anthony” in this policy, we mean Sophia Anthony and its operators.

Questions about this policy or your data? Email us at: support@sophiaanthonyy.com

2. What We Collect

When you place an order or contact us, we collect:

  • Your name and contact details (email address, phone number)
  • Delivery address (street, city, state, country)
  • Order details (products purchased, quantities, transaction reference)
  • Payment confirmation from Paystack. We do not store your card details. Payments are handled entirely by Paystack.
  • Messages you send us through our contact form or email

We do not collect sensitive data such as national ID numbers, biometric data, or bank account information.

3. How We Use Your Information

We use your information to:

  • Process and fulfil your orders
  • Keep you updated on your order status
  • Respond to your questions and support requests
  • Send you marketing emails (only if you opted in)
  • Meet our legal obligations under Nigerian law
  • Detect and prevent fraud

We will never sell, rent, or trade your information to third parties for their marketing.

4. Legal Basis for Processing

This policy is governed by the Nigeria Data Protection Regulation (NDPR) 2019 and its 2023 Act. For customers in the EU or UK, we also comply with GDPR and UK GDPR where applicable.

We process your data on these lawful bases:

  • Contract performance — to process and deliver your order
  • Legitimate interests — fraud prevention, security, improving our service
  • Consent — for marketing emails, which you can withdraw at any time
  • Legal obligation — to comply with applicable laws

5. Who We Share It With

We only share your data where we have to:

  • Paystack — our payment processor. They handle payments under their own privacy policy.
  • Delivery partners — your name and address go to the logistics company fulfilling your order.
  • Supabase — our database provider, operating under enterprise data protection standards.
  • Legal authorities — where required by Nigerian law or a valid legal process.

6. International Transfers

We operate globally and use cloud infrastructure, so your data may be stored or processed outside Nigeria. Where this happens, we make sure appropriate safeguards are in place in line with the NDPR and applicable international standards.

7. How Long We Keep Your Data

We keep order records for at least 5 years to meet Nigerian tax and record-keeping requirements. Marketing data is kept until you withdraw consent. Support messages are kept for 2 years.

8. Your Rights

Under the NDPR, you have the right to:

  • Access the data we hold about you
  • Correct anything that is wrong or incomplete
  • Request deletion of your data (subject to our legal retention requirements)
  • Withdraw consent for marketing at any time
  • Lodge a complaint with the Nigeria Data Protection Bureau (NDPB)

To use any of these rights, email support@sophiaanthonyy.com. We will respond within 30 days.

9. Cookies

Our website uses only essential cookies for the shopping cart and secure login. We do not use tracking or advertising cookies. No cookie banner is required for essential cookies under Nigerian law.

10. Changes to This Policy

We may update this policy from time to time. The date at the top of this page shows when it was last changed. If you keep using our website after an update, that counts as acceptance.