Privacy Policy

Privacy and Cookie Policy

  1. Background

We are the White Fox Group of companies, whose parent company, White Fox Boutique Pty Ltd, ABN 35 606 710 114 is a company registered in Australia with offices at 45-49 Dunning Avenue, Rosebery 2018, NSW, Australia and whose registered address is Suite 1, 51 Victoria Road, ROZELLE NSW 2039, Australia. "We", "us" and "our" means firms within the White Fox Group.

This Privacy and Cookie Policy sets out what information we collect about you when you access our websites at whitefoxboutique.com.au, whitefoxboutique.com, whitefoxboutique.co.uk, and other White Fox Boutique sites and related apps or internet locations (Website), what we use it for and who we share it with. It also explains your rights and what to do if you have any concerns about your personal data.

We may sometimes need to update this notice, to reflect any changes to the way the goods on the Website (Goods) are provided or to comply with new business practices or legal requirements. You should check this Privacy and Cookie Policy to see whether any changes have occurred. Your continued use of our Website or interactions with us will constitute your acceptance of the updated policy. If you disagree with any changes to this Privacy Policy, you must not access or use our Website or interact with any other aspect of our business.

For all visitors to our Website and for users who purchase our Goods, we are the controller of your information (which means we decide what information we collect and how it is used).

Please read this Privacy Policy carefully. By providing personal information or personal data to us, you consent to us collecting, holding, processing using and disclosing your personal information in accordance with this Privacy Policy.

If you are under 16 years of age, you must have and have, and warrant to the extent permitted by law to us that you have, your parent or legal guardian’s permission to access and use the Website and they (your parents or guardian) have consented to you providing us with your personal information. You do not have to provide personal information to us, however, if you do not, it may affect your use of this Website or the products and/or services offered on or through it.

  1. Information we collect from you

 Personal data means any information which does, or could be used to, identify a person. We have grouped together the types of personal data that we collect from you when you access the Website, send us an email, create an account with us (Account), purchase our Goods, enter a competition, join our loyalty scheme or make any other use of the Website:

  • Profile data – your first and last name, title, email address, telephone numbers, address, password, username, birthday;

  • Login details;

  • Any other information you provide when using the Website or interacting with us – for example, when you create an Account, submit an application to our student ambassador program, join our loyalty club, answer a survey, request or consent to marketing materials, enter a competition, when you shop or browse online, send us an email, use our chat service or provide feedback;

  • Information about your purchases, including purchases made as a guest before you created an Account with us, your payment or card data, information on your purchases, orders, returns, etc.);

Marketing and Communication Data - this includes your preferences in receiving marketing from us and our third parties and your communication preferences;
Technical data – internet protocol (IP) address, advertising identifiers or other tracking technologies, browser type and version, time zone setting and generic location, browser plug-in types and versions, operating system and platform on the devices you use to access our systems

  • Usage data – information about how and when you use our Website, which pages you access and information about your tastes and preferences;

  1. Information from third parties:

 If we receive personal information about you from a third party, for example by sending you a gift card or shipping an order to your address, we will protect it as set out in this Privacy Policy. In these cases, we only process your data where relevant to this feature or service, as stated in this Policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person’s consent to provide the personal information to us.

Data we collect from third party sources and platforms includes data from data validation services, authentication service providers, social networking sites, online marketing and segmentation providers and ad targeting companies) to supplement the information we collect directly from you. We also collect and link past purchase data from Shopify when you choose to check out as an account holder, having previously checked out only as a guest with the same email address or identifying information.

We do not collect any information about your racial or ethnic origin, political opinions, religious or philosophical beliefs, sex life or sexual orientation, which you may choose to provide to us.

  1. Lawful basis for, and purpose of, processing

The table below sets out:

  • how we use your personal data;

  • the purpose for using it in each case; and

  • for individuals in the European Economic Area (EEA) and UK, the ‘lawful basis’ we rely on when we use your personal data. We collect and process information about you only where we have legal basis for doing so under applicable EU laws. There are six legal justifications which organisations can rely on. The most relevant of these to us are where we use your personal data to:

    • Fulfil our contract with you

    • Comply with legal obligations that we have

    • Pursue our legitimate interests (our justifiable business aims) but only if those interests are not outweighed by your other rights and freedoms (e.g. your right to privacy)

    • Do something for which you have given your consent

If we intend to use your personal data for a new reason that is not listed in the table, we will update our privacy notice.  

 

LAWFUL BIAS

Purpose for using your personal data

CONTRACT

  • To administer or perform our contract with you.

  • To process your payment information in connection with any contract we have with you.

  • To deliver your Goods.

  • To process returns or contact you about returns.

  • To send you updates about Goods you have bought (e.g. confirmation of order, arrival time).

  • To enable you to take part in competitions or promotions.

LEGAL OBLIGATION

  • Recording your preferences (e.g. marketing) to ensure that we comply with applicable data protection laws.

  • Sending you information to comply with legal obligations (e.g. where we send you information about your legal rights).

  • Retaining information to enable us to bring or defend legal claims.

LEGITIMATE INTEREST

Where using your information is necessary to pursue our legitimate business interests to:

  • ensure the proper functioning of, improve and optimise our Website, for example to ensure that checkout is smooth and that there are no errors while you are browsing our Website;

  • provide customer support and train our staff members to ensure that you receive the best possible customer service;

  • protect our business, our users and the public and to protect our/their rights and property;

  • register and maintain your user account and to verify your identity or age;

  • defend ourselves against legal claims;

  • detect, prevent, or otherwise address fraud or security issues and promote brand safety;

  • to optimise future marketing campaigns and future marketing strategy;

  • monitor and enforce compliance with our Terms and Conditions, including dispute resolution; and

  • comply with internal risk controls, the terms of our access to payment processing, financial or banking services such as credit card disputes, fraud, billing errors, or any applicable law.

Where we use your information for our legitimate interests, we have assessed whether such use is necessary and that such use will not infringe on your other rights and freedoms.

CONSENT

  • To send you marketing materials, where you have consented to this. This includes making personalised suggestions and recommendations to you about Goods that may be of interest to you based on your personal data. This could be via email, or notifications & messages to your mobile device;

  • To share your data with our advertising and marketing partners, where you have consented to this, who may use your data to, for example, send you targeted and personalised adverts to your interests, attributes, preferences and experiences, and provide us with statistical reporting in connection with our Website and mobile applications;

  • To process your participation in our promotions and giveaways (including contacting you if you win, displaying your details online, publishing your name in relevant newspapers or disclosing details of winners to relevant authorities, if required by law), initiatives or any request for additional Personal Data such as customer surveys; and

  • To ask you to submit a review across our review platforms.

We may anonymise the personal data we collect (so it can no longer identify you) and then combine it with other anonymous information so it becomes aggregated data. Aggregated data helps us identify trends (e.g. what percentage of users responded to a specific survey). Data protection law does not govern the use of aggregated data and the various rights described below do not apply to it.

Where we need to collect your personal data (for example, in order to fulfil a contract we have with you), failure to provide us with your personal data may mean that we are not able to provide you with the Goods. Where we do not have the information required about you to fulfil an order, we may have to cancel the Goods ordered.

            5. Who we share your information with

We share (or may share) your personal data with:

  • Our group companies: companies within the White Fox Group.

  • Our personnel: our employees (or other types of workers) who have contracts containing confidentiality and data protection obligations.

  • Our supply chain partners: such as delivery companies, courier, fulfilment or parcel-pickup services, parcel return partners and payment service providers. We ensure these organisations only have access to the information required to provide the support we use them for and have a contract with them that contains confidentiality and data protection obligations.

  • Financial institutions.

  • Promotional partners: vendors in connection with the processing of any promotion, event or service organised by us.

  • Regulatory authorities: such as tax authorities.

  • Our professional advisers: such as our accountants or legal advisers where we require specialist advice to help us conduct our business.

  • Advertising and marketing partners, and analytics providers (where you have consented to this): these include Meta, TikTok and Rakuten. These advertising and marketing partners have their own privacy policies and we are not responsible for the manner in which they use your data.

  • Cloud services and related providers: agents, contractors or service providers who provide operational services to us, such as online cloud storage and processing, fraud detection and monitoring, marketing optimisation, information technology, telecommunications, security or other relevant services which requires that entity’s collection, use or disclosure of your personal data.

  • Any actual or potential buyer of our business: including in anticipation of a merger, consolidation, investment, change in control, transfer of substantial corporate assets, reorganisation, liquidation, or similar business transaction or corporate event.

  • Any other party whom you authorise us to disclose your Personal Data to.

If we were asked to provide personal data in response to a court order or legal request (e.g. from the police), we would seek legal advice before disclosing any information and carefully consider the impact on your rights when providing a response.

        6. Where your information is located or transferred to and how we keep it safe

We process personal data in multiple countries. By providing us with personal information, you consent to the disclosure of your personal information to third parties who reside outside the country in where you live. If personal data is so transferred, we will comply with applicable laws in doing so. Recipients of your personal data are likely to be located in Australia, the United Kingdom, United States of America and other countries or jurisdictions depending on the nature of the services those recipients provide to us.

 For residents in Australia, the UK or EEA, your personal data is transferred directly to White Fox Boutique Pty Ltd in Australia. For residents in the US, your personal data is transferred via White Fox Group local subsidiary to White Fox Boutique Pty Ltd.

 White Fox has implemented a range of administrative, organisational, technical and physical safeguards to prevent your personal data from being accidentally or illegally lost, used or accessed by those who do not have permission. These measures include:

  • access controls and user authentication (including multi-factor authentication);

  • the use of firewalls;

  • the pseudonymisation and encryption of personal information;

  • ensuring all payments are encrypted as per PCI-DSS requirements;

  • the use of secure databases;

  • regular review of our security measures;

  • requiring all employees to comply with internal information security policies and keep information secure;

  • business continuity and disaster recovery processes; and

  • the restriction of physical access to our offices.

If there is an incident which has affected your personal data, we will notify each applicable regulator and keep you informed (where required under applicable data protection law).

We cannot guarantee the security of any information that is transmitted to or by us over the internet. The transmission and exchange of information are carried out at your own risk. Although we take measures to safeguard against unauthorised disclosures of information, we cannot assure you that the personal information we collect will not be disclosed in a manner that is inconsistent with this Privacy Policy. If you notice any unusual activity on the Website, please contact us at info@whitefoxboutique.com.

Where the disclosure of your personal information is solely subject to Australian privacy laws (and not subject to the EU GDPR, the UK DPA, or the Californian CCPA), you acknowledge that we are not required to ensure that those third parties comply with Australian privacy laws.

  1. How long we keep your information

Where we act as the controller, we will only retain your personal data for as long as necessary to fulfil the purposes we collected it for.

 To decide how long to keep personal data (also known as its retention period), we consider the volume, nature, and sensitivity of the personal data, the potential risk of harm to you if an incident were to happen, whether we require the personal data to achieve the purposes we have identified or whether we can achieve those purposes through other means (e.g. by using aggregated data instead), and any applicable legal requirements (e.g. minimum accounting records for tax authorities).

 If you browse our Website, we keep personal data collected through our analytics tools for only as long as necessary to fulfil the purposes we collected it for.

 If you have asked for information from us or you have subscribed to our mailing list, we keep your details until you ask us to stop contacting you.

 We may keep certain data, including any exchanges between us by email or any other means, for up to seven years after the end of our contractual relationship with you.

  1. Cookies

 Cookies are small text files that we store on your browser, or the hard drive of your computer, if you agree. Cookies contain information that is transferred to your computer's hard drive.

Our Website uses our own cookies, as well as (a) third party cookies of external partners we use to help us manage our Website such as Shopify and (b) third party cookies of other providers, including advertisers and web traffic analysis providers, with whom we have no relationship and over whom we have no control.

The following cookies are used on our Website:

  • Necessary cookies. These are cookies that are required for the operation of our Website. These essential cookies are always enabled because our Website won’t work properly without them. They include, for example, cookies that enable shopping cart functionality, the secure storage of customer credentials and other security functions.

  • Preference cookies. These enable us to recognise you when you return to our Website, to personalise our content for you and remember your preferences (for example, your choice of language or region).

  • Statistics cookies. These help us to understand how visitors interact with our Website. They include cookies that tell us why and when visitors drop out of a potential purchase, how long people spend on our Website and the number of times they visit.

  • Marketing cookies. These are used to record your visit to the Website, to make our Website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose so that they can serve you with relevant advertising on their websites, where you have consented to this.

 For further details about the cookies used on our Website, please see here.

 You can choose which preference, statistics and marketing cookies we can set by clicking here. You cannot choose to reject necessary cookies, since these are essential for the functioning of our Website.

  1. Your legal rights

You have specific legal rights in relation to your personal data, as follows:

  • Access: You must be told if your personal data is being used and you can ask for a copy of your personal data as well as information about how we are using it to make sure we are abiding by the law.

  • Correction: You can ask us to correct your personal data if it is inaccurate or incomplete. We might need to verify the new information before we make any changes. We will take reasonable steps to appropriately correct or update the information to ensure that, having regard to the purpose for which we hold it, the information is accurate, up-to-date, complete, relevant and not misleading. We will respond to correction requests as soon as reasonably possible.

  • Deletion: You can ask us to delete or remove your personal data if there is no good reason for us to continuing holding it or if you have asked us to stop using it (see below). If we think there is a good reason to keep the information you have asked us to delete (e.g. to comply with regulatory requirements), we will let you know and explain our decision.

  • Restriction: If you’re a resident in the UK or EEA, You can ask us to restrict how we use your personal data and temporarily limit the way we use it.

  • Objection: You can object to us using your personal data if you want us to stop using it. If we think there is a good reason for us to keep using the information, we will let you know and explain our decision.

  • Portability: If you’re a resident in the UK or EEA, you can ask us to send you or another organisation an electronic copy of your personal data.

Please note that certain types of personal data access and correction requests may be exempt under applicable laws or where the information in question is legally privileged, would compromise the privacy or other legitimate rights of other persons, or where the information requested comprises proprietary business information. We can decide not to take any action in relation to a request where we have been unable to confirm your identity or if we feel the request is unfounded or excessive. We may charge a fee where we decide to proceed with a request that we believe is unfounded or excessive. If this happens we will always inform you in writing in advance.

If you wish to make any of the right requests listed above, you can reach us at info@whitefoxboutique.com.

  1. Marketing messages

As set out in this policy, we provide marketing and advertising materials to you through various channels, where you have consented to this. To unsubscribe to any of our marketing materials, you can:

  • log in to your Account and select “opt out” of mailing lists - click here for customers in Australia, here for customers in the UK and here for customers in the US;

  • click “unsubscribe” at the bottom of any email received from us, and follow the instructions provided; or

  • to unsubscribe from mobile marketing materials and alerts, please click on the “unsubscribe” link included in all of our mobile marketing messages, or reply “STOP” to any of those messages.

Opting out of marketing will not affect our processing of your personal data in relation to any order you have with us and where we are required to use your personal data to fulfil that order or provide you with certain information.

Once we receive notification that you wish to withdraw your consent for receiving marketing or promotional materials or communications, it may take up to seven 7 days for your withdrawal to be reflected in our systems. Therefore, you may still receive marketing or promotional materials or communications during this period.

If you withdraw your consent to receive marketing or promotional materials through a specific communication mode (e.g. SMS), we may still contact you for other purposes in relation to the products and services via other communication modes you have subscribed to (e.g. email).

  1. Sharing with a friend and wish lists

Where our Website allows you to send lists of your favourite products, including wish lists, to others:

  • you agree not to use this functionality for any illegal purposes; and

  • we agree not to send the recipient(s) any marketing materials (unless they have provided their express consent).

  1. Get in touch with us, and how to complain

 Get in touch with our team. We would love to hear from you if:

  • You have feedback, questions or concerns regarding your privacy and how we engage with you;

  • You wish to exercise your rights in relation to your personal data as set out above; or

  • You wish to make a complaint about our use of your data.

You can reach us via email: info@whitefoxboutique.com 

We hope to discuss any concerns or complaints you have with our policy personally, but if you are not satisfied with our response, you can contact your local data protection authority within Australia, the EEA, the United Kingdom (as applicable) for unresolved complaints.

For the UK this is:

Information Commissioner’s Office:

Tel: 0303 123 1113

Web: www.ico.org.uk/concerns.

For Ireland this is:

Data Protection Commission (DPC)

Address: 21 Fitzwilliam Square South, Dublin 2. D02RD28.

Web: www.dataprotection.ie

Email: info@dataprotection.ie

 

For Australia this is:

Office of the Australian Information Commissioner (OAIC)

Tel: 1300 363 992

Web: www.oaic.gov.au

If you are based in another EU country, you can find the details of your local supervising authority here. EU SAs

  1. Contact

 Any further questions, comments and requests in relation to the information in this Privacy and Cookie Policy should be addressed to info@whitefoxboutique.com.