Privacy Policy

Last Updated: November 2025

This Privacy Policy describes how we collect, use, and protect your personal data when you visit or make a purchase from our website (the “Site”). We comply with the General Data Protection Regulation (GDPR) for all visitors in the EU/EEA, as well as applicable international laws.

By using our Site, you consent to the practices described in this policy.

1. Data Controller

Under GDPR, the data controller is the business that determines how and why personal data is processed.

Data Controller Email:
Email: contact@blackwhiteboutique.com

If you have any questions about this policy or your data rights, please contact us at the email above.

2. Personal Data We Collect

We collect personal data in the following categories:

2.1 Information You Provide Directly

When you make a purchase, register an account, contact support, or subscribe to emails, you may provide:

Name
Email address
Billing and shipping address
Phone number (optional)
Payment details (processed securely by Shopify or third-party payment providers — we do not store full card information)
Order details
Communication history
Marketing preferences

2.2 Information Collected Automatically

When you browse our Site, we automatically collect:

IP address
Device information
Browser type and version
Pages visited
Referring links
Time spent on pages
Cookies and similar tracking technologies

(See Section 7 for details on cookies and consent.)

2.3 Information from Third Parties

We may receive information from:

Payment gateways (e.g., PayPal, Shopify Payments)
Advertising platforms (e.g., Meta, Google)
Shipping carriers
Shopify (e.g., fraud detection signals)

3. Legal Bases for Processing (GDPR Article 6)

We process your personal data under the following lawful bases:

Contract Performance

To process your order and deliver products, including:

Payment processing
Shipping
Customer communication
Order confirmations and updates

Legitimate Interests

To operate and improve our business, including:

Fraud prevention
Analytics and website improvement
Storage of minimal order history
Customer service

Consent

For:

Email marketing
Some cookies (non-essential)
Advertising personalization

Consent can be withdrawn at any time (see Section 9).

Legal Obligation

To maintain records for:

Tax and accounting compliance
Fraud investigations
Dispute resolution

4. How We Use Your Personal Data

We use your data to:

Process and fulfill orders
Provide customer support
Improve website functionality
Customize user experience
Send marketing communications (with consent)
Prevent fraud and comply with laws
Analyze traffic and performance
Manage your account

We do not sell your personal information.

5. How We Share Your Data

We may share your data with:

5.1 Service Providers (Processors)

Including:

Shopify (hosting, order management, checkout)
Payment processors
Shipping and fulfillment partners (including overseas suppliers in China for dropshipping)
Email marketing providers
Analytics and advertising services (only with proper consent for EU users)
Customer support platforms

These processors only access data as necessary to provide their services.

5.2 Legal Obligations

We may disclose information when required by:

Law
Court orders
Government or regulatory authorities

6. International Data Transfers

Because our store operates on Shopify and uses overseas suppliers, your data may be transferred to and processed in countries outside the EU/EEA.

Where this occurs, we rely on:

Shopify’s Standard Contractual Clauses (SCCs)
GDPR-compliant Data Processing Agreements
Additional safeguards and encryption

You may request more information on these safeguards by contacting us.

7. Cookies & Tracking Technologies

7.1 Essential Cookies

Required for site functionality, checkout, and security.
These cannot be disabled.

7.2 Non-Essential Cookies

Used for:

Analytics (e.g., Google Analytics)
Advertising (e.g., Meta Pixel, Google Ads)
Personalization

EU/EEA visitors must give explicit opt-in consent before these cookies load.
You can change or withdraw consent at any time via our cookie banner or browser settings.

8. Data Retention

We retain personal data only as long as necessary:

Order records: up to 7–10 years (for legal obligations)
Customer accounts: until deleted by the user
Marketing data: until you unsubscribe or withdraw consent
Analytics data: per provider policies (usually 26–38 months)

You may request deletion of your data at any time.

9. Your GDPR Rights

Under GDPR, you have the right to:

Access your personal data
Correct inaccurate information
Request deletion (“right to be forgotten”)
Restrict processing
Object to processing based on legitimate interests
Data portability (request a copy of your data)
Withdraw consent at any time
Opt out of marketing at any time
Opt out of certain cookies

To exercise these rights, email us at: contact@blackwhiteboutique.com

We may need to verify your identity before processing your request.

10. Right to File a Complaint

If you are in the EU/EEA, you have the right to lodge a complaint with your local data protection authority.

A list of authorities can be found here:
https://edpb.europa.eu/about-edpb/board/members_en

11. Children's Privacy

Our Site is not intended for children under 16.
We do not knowingly collect data from minors.
If you believe we have collected such data, contact us and we will delete it promptly.

12. Third-Party Links

Our website may contain links to external websites.
We are not responsible for their content or privacy practices.

13. Changes to This Policy

We may update this Privacy Policy from time to time.
The “Last Updated” date at the top reflects the latest revision.

Continued use of our Site constitutes acceptance of the updated policy.

14. Contact Information

If you have questions about this Privacy Policy or wish to exercise your rights, please reach out to us at:

contact@blackwhiteboutique.com

Country/Region