Buy now, pay later with Klarna & ClearPay
Last updated: 30 May 2026
This Privacy Policy describes how Kora Strand (“we”, “us”, “our”) collects, uses, discloses, and protects your personal information when you visit or make a purchase from korastrand.com (the “Site”), or otherwise interact with us (together, the “Services”).
Kora Strand operates this store to provide a premium hair and beauty shopping experience. Our store is powered by Shopify, which enables us to deliver the Services. Where there is any conflict between our Terms of Service and this Privacy Policy, this Privacy Policy governs the collection and use of personal information.
By using the Services, you acknowledge that you have read and understood this Privacy Policy.
1. Who We Are (Data Controller)
Brand name: Kora Strand
Legal entity: Konaya Group Limited
Registered address: Swan Building, 20 Swan Street, Manchester, England, M4 5JW
Email: privacy@korastrand.com
For the purposes of applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, Konaya Group Limited is the data controller of your personal information.
2. Personal Information We Collect
When we refer to “personal information,” we mean information that identifies or can reasonably be linked to an individual. This does not include anonymised or de-identified data.
Depending on how you interact with the Services, we may collect the following categories of personal information:
Information You Provide
• Contact details: name, billing address, shipping address, email address, phone number
• Account information: login details, preferences, saved addresses
• Order information: products purchased, returns, exchanges, cancellations, delivery instructions
• Communications: messages sent to us via email, forms, or customer support
• Custom order details: selections such as wig type, lace type, length, density, texture, or other specifications where applicable
• Marketing preferences: consent to receive email or SMS marketing communications
Information Collected Automatically
• Device information: IP address, browser type, operating system, time zone
• Usage information: pages viewed, interactions with products, time spent on the Site
• Advertising identifiers: pixel data from Meta (Facebook/Instagram) and TikTok used for ad targeting and measurement
• Cookies and similar technologies: as described in Section 6 below
Information from Third Parties
• Shopify and related service providers
• Payment providers (Shopify Payments, PayPal, Klarna, Clearpay, PayPal Pay Later)
• Delivery and logistics partners
• Marketing and analytics platforms (including Klaviyo, Meta, TikTok)
• Fraud-prevention and security providers
3. How We Use Your Personal Information
Providing and Managing the Services
• Processing orders and payments
• Fulfilling deliveries
• Managing accounts, returns, and exchanges
• Providing customer support and communications
Marketing and Communications
• Sending marketing emails via Klaviyo (where you have consented)
• Sending SMS marketing messages (where you have explicitly opted in — see Section 11 for details)
• Informing you about products, launches, and promotions
• Measuring the effectiveness of marketing campaigns via email open rates, pixel events, and ad performance data
You can opt out of email marketing at any time using the unsubscribe link in our emails. To opt out of SMS marketing, reply STOP to any message we send you.
Improving and Securing the Site
• Analysing usage to improve functionality and user experience
• Preventing fraud, misuse, and unauthorised access
• Maintaining the security and integrity of our Services
Legal and Compliance Purposes
• Complying with legal obligations
• Responding to lawful requests from authorities
• Establishing, exercising, or defending legal claims
4. Legal Bases for Processing
We process personal information under the following lawful bases under UK GDPR:
• Contract: to fulfil orders, process returns, and provide the Services you have requested
• Legal obligation: to comply with applicable laws including tax, accounting, and fraud-prevention requirements
• Legitimate interests: to operate, secure, and improve our business — including fraud detection, site analytics, and service optimisation — where these interests are not overridden by your rights
• Consent: for marketing communications (email and SMS), and for non-essential cookies including analytics and advertising pixels
Where we rely on consent, you have the right to withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.
5. Payments
Payments are processed securely by third-party providers, including Shopify Payments, PayPal, Klarna, Clearpay, and PayPal Pay Later, which may be offered at our discretion and subject to eligibility.
We do not store full payment card details. Payment information is handled directly by these providers in accordance with their own privacy policies and applicable PCI DSS standards.
6. Cookies and Similar Technologies
We use cookies and similar tracking technologies on the Site.
These fall into the following categories:
• Essential cookies: required for the Site to function, including session management, shopping cart, and security. These cannot be disabled.
• Functional cookies: remember your preferences such as language or currency settings.
• Analytics cookies: help us understand how visitors use the Site (e.g. pages visited, time on site). We use tools such as Shopify Analytics for this purpose.
• Marketing cookies: used to deliver relevant advertising and measure campaign effectiveness. We use the Meta Pixel (Facebook/Instagram) and TikTok Pixel, which track actions on our Site to enable ad targeting and retargeting.
Under UK GDPR, non-essential cookies (including analytics and marketing cookies) require your consent. We use a cookie consent tool to collect this consent when you first visit the Site. You can update your cookie preferences at any time via the cookie settings link in our Site footer.
You can also control cookies through your browser settings, though disabling certain cookies may affect Site functionality.
7. Sharing Your Personal Information
We may share personal information with trusted third parties only where necessary, including:
• Shopify Inc. — our e-commerce platform and data processor
• Payment processors: Shopify Payments, PayPal, Klarna, Clearpay, PayPal Pay Later
• Delivery and logistics partners: couriers and shipping providers used to fulfil orders
• Marketing platforms: Klaviyo (email and SMS marketing), Meta (advertising and pixel tracking), TikTok (advertising and pixel tracking)
• Analytics providers: used to measure Site performance and user behaviour
• IT, security, and fraud-prevention services
We may also disclose personal information where required by law, by court order, or in connection with a business transaction such as a merger, acquisition, or restructuring. In such cases, we will take reasonable steps to ensure your information remains protected.
8. International Data Transfers
Your personal information may be transferred to and processed in countries outside the United Kingdom, including the United States, where many of our third-party service providers (including Shopify, Klaviyo, Meta, and TikTok) are based.
Where such transfers occur, we ensure appropriate safeguards are in place, including:
• The UK–US Data Bridge, where applicable, for transfers to certified US organisations
• UK-approved Standard Contractual Clauses (SCCs) for transfers to other third countries
• Adequacy regulations where the destination country has been deemed adequate by the UK Government
You can request further information about the specific safeguards applicable to your data by contacting us at privacy@korastrand.com.
9. Data Retention
We retain personal information only for as long as necessary to fulfil the purposes outlined in this Privacy Policy. Indicative retention periods include:
• Order and transaction data: retained for up to 7 years to comply with tax and accounting obligations
• Account data: retained for the duration of your account, plus up to 2 years following closure
• Marketing data: retained until you withdraw consent or opt out, after which it is suppressed or deleted
• Customer support communications: retained for up to 3 years
• Fraud prevention and security logs: retained for up to 2 years
When personal information is no longer required, it is securely deleted or anonymised.
10. Your Rights
UK and EEA Residents
If you are located in the United Kingdom or the European Economic Area, you have rights under applicable data protection laws, including the right to:
• Access your personal information
• Correct inaccurate or incomplete information
• Request deletion of your information (“right to be forgotten”)
• Restrict or object to certain processing
• Withdraw consent at any time where processing is based on consent
• Request data portability (receive your data in a structured, machine-readable format)
• Not be subject to solely automated decision-making that produces significant legal or similar effects
You may exercise these rights by contacting us at privacy@korastrand.com. We may need to verify your identity before responding. We will respond to valid requests within one month in accordance with UK GDPR requirements.
If you have concerns about how we handle your data, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) at ico.org.uk. EEA residents may also contact their relevant national supervisory authority.
California Residents (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the right to:
• Know what personal information we collect, use, disclose, or sell
• Delete your personal information (subject to certain exceptions)
• Correct inaccurate personal information
• Opt out of the sale or sharing of your personal information for cross-context behavioural advertising
• Non-discrimination for exercising your privacy rights
We do not sell personal information in exchange for monetary consideration. However, our use of advertising pixels (Meta, TikTok) may constitute “sharing” of data under the CPRA for cross-context behavioural advertising purposes. You can opt out of this by adjusting your cookie preferences via our cookie settings tool.
To exercise your California privacy rights, contact us at privacy@korastrand.com. We will respond within 45 days as required by law.
11. SMS Marketing
Where you have explicitly opted in to receive SMS marketing messages from Kora Strand, we will send you communications about new products, promotions, and brand updates via text message. Our SMS marketing is managed through Klaviyo.
By opting in, you consent to receiving recurring automated marketing text messages at the phone number provided. Consent is not a condition of purchase. Message and data rates may apply.
To opt out at any time, reply STOP to any SMS we send you. You may also contact us at privacy@korastrand.com to be removed from our SMS list.
For US customers, our SMS practices comply with applicable requirements under
the Telephone Consumer Protection Act (TCPA).
12. Automated Decision-Making
We do not make solely automated decisions about you that produce significant legal or similarly significant effects. Fraud detection tools used by Shopify and our payment providers may flag orders for review, but final decisions involving your order are subject to human oversight.
13. Children’s Data
Our Services are not intended for children under the age of 13, and we do not knowingly collect personal information from anyone under 13. If you believe we have inadvertently collected information from a child under this age, please contact us at privacy@korastrand.com and we will delete it promptly.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. Any changes will be posted on this page with an updated “Last updated” date. Where changes are material, we will take reasonable steps to notify you, such as via email or a notice on the Site.
15. Contact Us
If you have any questions about this Privacy Policy or our data practices,
please contact us at:
privacy@korastrand.com
Konaya Group Limited
Swan Building, 20 Swan Street,
Manchester, England, M4 5JW