Privacy Policy

Data Protection & Privacy Policy

We are pleased that you are visiting our website and thank you for your interest in Pickarli. In this Privacy Policy we inform you about how your personal data is handled when you use our website and services.

Personal data is any information that can be used to identify you personally (e.g. name, address, email, IP address).

1) Introduction and Contact Details of the Controller

1.1 Controller
The controller responsible for data processing on this website in accordance with the UK GDPR / EU GDPR is:

Pickarli
Office 15242, 182–184 High Street North
East Ham, London, E6 2JA
United Kingdom
Phone: +44 7577 304625
Email: support@pickarli.com

The “controller” is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data.

1.2 Questions about privacy
If you have any questions about this Privacy Policy or your personal data, you can contact us anytime at support@pickarli.com.

2) Data Collection When You Visit Our Website

2.1 Server log files
If you use our website for informational purposes only (i.e. you do not create an account, place an order or otherwise actively send us data), we only collect the data that your browser automatically transmits to our server (“server log files”).

This includes:

  • Website visited
  • Date and time of access
  • Amount of data sent
  • Source/URL (referrer) from which you came to our website
  • Browser used and browser version
  • Operating system used
  • IP address (possibly in anonymised form)

Processing is carried out in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in ensuring the stability, security and proper functioning of our website. The data is not merged with other data sources and is generally not passed on. However, we reserve the right to check log files retrospectively if there are concrete indications of unlawful use.

2.2 SSL / TLS encryption
For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders, contact form entries), this website uses SSL or TLS encryption. You can recognise an encrypted connection by “https://” and the padlock symbol in your browser’s address bar.

3) Hosting & Content Delivery Network

3.1 Shopify
Our store is hosted on the platform of:

Shopify International Ltd.
Victoria Buildings, 2nd Floor, 1–2 Haddington Road
Dublin 4, D04 XN32, Ireland

Data may also be processed by:

Shopify Inc.
150 Elgin Street, Ottawa, ON K2P 1L4, Canada

All data collected through our website (e.g. order data, account data, IP addresses) is processed on Shopify’s servers. We have concluded a data processing agreement with Shopify to ensure your data is handled securely and not passed on to third parties without authorisation.

For data transfers to Canada and other regions, an adequate level of data protection is ensured by Shopify’s adherence to recognised data protection frameworks and contractual safeguards.

3.2 Content Delivery & Security Services (e.g. Cloudflare)
To improve performance and security, we may use content delivery and security services (such as Cloudflare) which deliver content via servers that are geographically closer to you. Processing is based on Art. 6(1)(f) GDPR and our legitimate interest in a fast, stable and secure website.

4) Cookies

Our website uses cookies to make your visit more attractive, enable certain functions (e.g. cart, login), and analyse usage.

Cookies are small text files stored on your device. We use:

  • Session cookies – automatically deleted after you close your browser
  • Persistent cookies – remain stored for a defined period or until you delete them

If personal data is processed using cookies:

  • Art. 6(1)(b) GDPR applies if necessary for contract performance (e.g. cart, checkout)
  • Art. 6(1)(f) GDPR applies for legitimate interests (e.g. user-friendly design, statistics)
  • Art. 6(1)(a) GDPR applies if we ask for your consent for marketing or analytics cookies

You can configure your browser to inform you about cookies, allow them only in individual cases, exclude them entirely, or automatically delete them when closing the browser. If you disable cookies, some functions of our site may be limited.

5) Contacting Us

5.1 General contact (email / contact form)
If you contact us via email, contact form, or other channels, we process the data you provide (e.g. name, email address, order number, message content) solely to handle and respond to your request.

The legal basis is our legitimate interest in responding to inquiries (Art. 6(1)(f) GDPR) or, where relevant, contract-related processing (Art. 6(1)(b) GDPR).

Your data will be deleted once your inquiry is fully resolved, unless legal retention obligations apply.

6) Data Processing When Opening a Customer Account

If you create a customer account in our online store, we collect and process your personal data in accordance with Art. 6(1)(b) GDPR to manage your account and process future orders more easily.

Required data is usually marked in the form (e.g. name, email address, password). You can delete your customer account at any time by contacting us at support@pickarli.com.

After account deletion, we will delete your data unless we are legally obliged to retain it or have a legitimate interest in continued limited storage (e.g. tax or accounting obligations).

7) Use of Customer Data for Direct Advertising

7.1 Email newsletter
If you subscribe to our newsletter, we will use your email address to send you information about new products, special offers and shoe-care tips.

Registration takes place via the double opt-in procedure. You only receive the newsletter if you confirm your email via the verification link.

The legal basis is your consent (Art. 6(1)(a) GDPR). You can withdraw your consent at any time by clicking “Unsubscribe” in any newsletter or contacting us.

7.2 Newsletter to existing customers
If you have purchased from us and provided your email address, we may send you emails about similar products and offers based on our legitimate interest in direct marketing (Art. 6(1)(f) GDPR and local law such as UK PECR / §7(3) UWG equivalent).

You can object to this use of your email at any time with effect for the future (e.g. via unsubscribe link or email to support@pickarli.com).

7.3 Email marketing tools (e.g. Klaviyo / Shopify Email)
To send newsletters and automated emails, we may use email marketing tools such as Klaviyo or Shopify Email. For this purpose, your email address and, if applicable, your name and purchase history are processed. We have data processing agreements in place with these providers.

8) Data Processing for Order Handling

8.1 General order processing
When you place an order, we process your data (name, address, email, payment data, ordered items) to fulfil the contract and deliver your products.

The legal basis is Art. 6(1)(b) GDPR (performance of a contract).

8.2 Shipping providers
To deliver your order, we share the necessary data (name, delivery address, and where needed, phone number or email) with shipping and logistics partners (e.g. postal services, couriers, fulfilment centres, dropshipping partners).

This is based on Art. 6(1)(b) GDPR, as it is necessary to fulfil the contract.

8.3 Payment service providers
We use various payment providers. When you choose a payment method at checkout, the relevant payment data is transmitted to that provider. This processing is necessary for payment and is based on Art. 6(1)(b) GDPR.

Depending on availability in your region, this may include, for example:

  • Shopify Payments / Stripe
  • PayPal
  • Apple Pay
  • Google Pay
  • Local card and wallet methods

Some providers may carry out credit checks or risk assessments in their own responsibility based on Art. 6(1)(f) GDPR (legitimate interests in fraud prevention and risk management). For more details, please refer to the respective provider’s privacy policy.

9) Web Analytics & Statistics

To better understand how visitors use our website, improve our store and marketing, and create statistics, we may use analytics tools such as:

  • Google Analytics 4
  • Google Tag Manager
  • Hotjar (session recordings / heatmaps)
  • Triple Whale or similar e-commerce analytics tools

These tools typically use cookies or similar technologies to collect pseudonymous data such as:

  • Pages visited and actions taken
  • Time spent on our store
  • Device, browser type, approximate location
  • Referrer URLs and campaigns

Where required, we use these services only with your consent (Art. 6(1)(a) GDPR) via our cookie banner. You can withdraw your consent at any time via the cookie settings on our site.

10) Remarketing, Advertising & Conversion Tracking

To show you relevant ads and measure the success of our marketing, we may use advertising tools such as:

  • Meta Pixel (Facebook / Instagram)
  • Google Ads Remarketing & Conversion Tracking
  • TikTok Pixel

These tools help us understand if you visited our site after clicking one of our ads and what actions you took (e.g., viewing a product, starting checkout, purchase).

Data processed may include pseudonymous identifiers (e.g., cookies, advertising IDs), IP address, browser information, and the actions performed on our store.

Legal basis: Such processing typically takes place only with your consent (Art. 6(1)(a) GDPR) via the cookie banner. You can withdraw your consent at any time via the cookie settings on our site.

11) Tools & Security Features

11.1 Google reCAPTCHA
To protect forms on our website (e.g. contact, account, checkout) from spam and automated abuse, we may use Google reCAPTCHA. This tool analyses certain user behaviour (e.g. mouse movements, time spent on page) to distinguish humans from bots.

Legal basis: Art. 6(1)(f) GDPR, our legitimate interest in preventing misuse and ensuring security.

11.2 Cookie consent tool
We use a cookie consent tool to manage your preferences for analytics and marketing cookies. The tool stores your choices in a technically necessary cookie. This is based on our legitimate interest in lawful operation of our website (Art. 6(1)(f)) and our legal obligation to obtain consent where required (Art. 6(1)(c) GDPR).

12) Your Rights as a Data Subject

You have the following rights regarding your personal data, subject to the conditions of applicable data protection law:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (“right to be forgotten”) (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to withdraw consent at any time (Art. 7(3) GDPR)
  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

Right to object (Art. 21 GDPR)
If we process your data based on our legitimate interests (Art. 6(1)(f) GDPR), you have the right to object at any time on grounds relating to your particular situation. If you object, we will stop processing your data unless we can demonstrate compelling legitimate grounds that override your interests, rights and freedoms, or if the processing serves the establishment, exercise or defence of legal claims.

If your data is processed for direct marketing purposes, you have the right to object at any time. If you object, we will no longer use your data for direct marketing.

13) Duration of Storage

The duration of storage of personal data depends on:

  • The legal basis for processing
  • The purpose of processing
  • Statutory retention periods (e.g. tax and commercial law)

In general:

  • Data processed based on your consent is stored until you withdraw your consent, unless longer retention is legally required.
  • Data processed for contract performance is stored for the duration of the contract and any statutory retention periods (usually 6–10 years for tax/accounting in many jurisdictions).
  • Data processed based on legitimate interests is stored until you object, unless we have overriding legitimate grounds or legal obligations.

Once the purpose of processing has been fulfilled and no further legal basis for storage exists, personal data will be deleted or anonymised.

Last updated: [Insert Date]