Privacy policy

Last updated: 8 October 2025


This Privacy Policy explains how Broke Boutique Ltd (“we”, “us”, “our”) collects, uses, and shares your personal information when you visit brokeboutique.com or purchase from us.

 

1) Who we are

Data controller: Broke Boutique Ltd (Company No. 13629446)

Contact: broke_boutique@outlook.com

Postal address: Unit 5B, The High Cross Centre, Fountayne Road, London, N15 4QN, United Kingdom


2) What we collect

  • Device & usage data – IP address, browser, time zone, cookie IDs, pages viewed, referring sites, on-site interactions.
  • Order & account data – name, email, phone (optional), billing/shipping address, order details, notes.
  • Payment data – processed securely by our payment providers (we do not store full card details).
  • Marketing preferences – your consent choices and interests (if provided).
  • Support messages – emails/DMs you send us.
  • Appointments (if used) – fitting/booking details you choose to provide.


 

3) How we use your data (and lawful bases)

  • Provide our services (create an account, process/fulfil orders, returns, customer support). (Contract)
  • Communicate (order updates, service messages, replies to enquiries). (Contract/Legitimate interests)
  • Personalise & improve the site (analytics, troubleshooting, A/B testing). (Legitimate interests)
  • Send marketing when you opt in (news, launches, offers). (Consent)
  • Comply with law / protect our business (tax/accounting, fraud/security, regulator requests). (Legal obligation/Legitimate interests)


 

4) Sharing your data

We share data with trusted processors that help us run our business, for example:

  • Shopify (store platform & checkout),
  • Payment providers (e.g., Shopify Payments/PayPal),
  • Email service (e.g., Klaviyo or Shopify Email) for newsletters and automations,
  • Couriers/fulfilment partners (to deliver your order),
  • Analytics/anti-fraud tools (to protect the site).
    We do not sell your personal data.


 

5) Cookies & similar tech

We use cookies for core site functions, analytics and preferences. You can manage cookies via your browser and our cookie banner; blocking some cookies may affect features. (If you keep a separate Cookie Policy, link it here.)


6) International transfers

Some processors (including Shopify and our email/analytics tools) operate globally. Where personal data is transferred outside the UK/EEA, we rely on legal mechanisms such as adequacy regulations and Standard Contractual Clauses.


7) Retention

We keep order records for at least 6 years (for tax and accounting). Marketing data is retained while you subscribe; we delete or anonymise it when no longer needed.

 


8) Your rights (UK GDPR)

You can access, rectify, erase, restrict or object to processing, and port your data in certain cases. Where we rely on consent, you may withdraw consent at any time (for example via unsubscribe links).

To exercise rights, email broke_boutique@outlook.com. You can also complain to the UK data regulator, the Information Commissioner’s Office (ICO).


9) Marketing

We send marketing only with your consent (we use double opt-in for email). You can unsubscribe any time via the link in our emails or by contacting us. If we offer SMS, it requires separate opt-in; standard rates may apply.


10) Children’s data

Our Services are intended for adults. We do not knowingly collect personal data from anyone under 18. If you believe a person under 18 has provided personal data, contact us and we will delete it.


11) Security

We use technical and organisational measures appropriate to the risk to keep your data secure. No method of transmission or storage is 100% secure, but we work to protect your information.


12) Third-party links

Our site may contain links to other websites. We’re not responsible for their privacy practices or content.


13) Changes

We may update this policy to reflect operational, legal or regulatory changes. We’ll post the new date at the top.


Contact: broke_boutique@outlook.com