Privacy Policy

Last updated: 10 September 2025

At Riff Raff Baby, we respect your privacy and are committed to protecting your personal information. This policy explains what we collect, how we use it, who we share it with, and your rights under applicable privacy laws - including:

  • The UK General Data Protection Regulation (UK GDPR)
  • The Data Protection Act 2018
  • The Privacy and Electronic Communications Regulations (PECR)
  • The Australian Privacy Principles (APPs), where relevant

By using our website or purchasing from us, you agree to the practices described in this policy.

1. What we collect

We collect the personal information needed to process your orders, improve your experience, and keep in touch, including:

  • Your name, billing and shipping address, and email
  • Payment details (handled securely via third-party payment providers)
  • Device and usage data — such as IP address, browser type, and operating system
  • Your marketing preferences and communication history
  • Any information you share with us when shopping, contacting us, or engaging on social platforms

We also collect non-personal data (e.g. browsing activity and site usage) to help improve our store and services.

2. How We Collect Your Info

We collect information when you:

  • Place an order, create an account, or subscribe to our emails
  • Browse our website (via cookies and analytics tools)
  • Use third-party services such as payment gateways or shipping partners

3. How We Use Your Info

We use your personal data to:

  • Process and deliver your orders
  • Provide customer service and support
  • Improve our website and services
  • Send you marketing emails (only if you’ve consented)
  • Meet our legal obligations
  • Protect against retail fraud and chargebacks using secure third-party verification tools

You can withdraw consent for marketing communications at any time by clicking “unsubscribe” in our emails or contacting us directly.

4. Our Legal Basis for Processing (UK Customers)

Under UK GDPR, we must have a lawful basis for processing your data. We rely on:

  • Contractual necessity – to process and deliver your order
  • Consent – for marketing emails and optional communications
  • Legitimate interests – to improve our website, prevent fraud, and provide a better shopping experience
  • Legal obligations – where required by law or regulators

5. Who We Share Your Info With

We never sell or rent your data. However, we may share your information with trusted third parties to provide our services, including:

  • Shopify – our e-commerce platform
  • Payment processors – e.g. Stripe, PayPal, Afterpay
  • Delivery and fulfilment providers
  • Analytics and marketing platforms (e.g. Google Analytics, Klaviyo)
  • Authorities when legally required
  • Potential buyers if our business is sold or merged

Some providers may store your data outside the UK (e.g. in Australia, Canada, or the US). Where this happens, we ensure your data is protected through appropriate safeguards such as UK-approved Standard Contractual Clauses.

6. Third-Party Services

We use Shopify Inc. to power our store and securely process data. You can read their privacy policy here. Other third-party services (such as payment gateways) have their own privacy policies, which we encourage you to review.

7. Keeping Your Info Safe

We take security seriously. To protect your personal data, we:

  • Use SSL encryption on all transactions
  • Follow PCI-DSS payment security standards
  • Restrict access to personal data within our team
  • Regularly review security practices

That said, no online system is 100% secure. Please use our services at your own discretion.

8. Cookies & Tracking

We use cookies and similar technologies to:

  • Improve your shopping experience
  • Enable key site features (e.g. your cart and checkout)
  • Analyse website traffic and performance
  • Personalise marketing content

By using our website, you consent to our use of cookies. You can manage or disable cookies in your browser settings.

For UK visitors, we comply with PECR, which requires consent for certain tracking cookies. You’ll see a cookie banner when you first visit our site.

9. Your Privacy Rights (UK Customers)

Under UK GDPR, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate or incomplete data
  • Request deletion of your data (“right to be forgotten”)
  • Restrict processing in certain circumstances
  • Object to processing for direct marketing
  • Data portability – request a copy of your data in a portable format
  • Withdraw consent for marketing at any time

To exercise these rights, contact us at support@riffraffbaby.com. We will respond within 30 days.

10. How Long We Keep Your Info

We only retain personal data for as long as necessary to:

  • Fulfil your order
  • Provide customer support
  • Meet our legal, tax, and accounting obligations

After that, your data will be securely deleted or anonymised.

11. Children’s Privacy

Our services are not directed to children under 13 in the UK or 16 in the EU. If we learn we’ve collected data from a child without parental consent, we’ll delete it immediately.

12. Updates to This Policy

We may update this policy from time to time. If there are significant changes, we’ll notify you via email or a notice on our website.

13. Contact Us

For privacy-related questions or requests, please contact:

Privacy Compliance Officer
Riff Raff Baby
1 Tinning St, Brunswick VIC 3056, Australia
Email: support@riffraffbaby.com

If you’re based in the UK and unhappy with our response, you also have the right to lodge a complaint with the Information Commissioner’s Office (ICO): https://ico.org.uk.