Privacy Policy
Privacy Policy
Last updated: September 1, 2025
This Privacy Policy describes how Anna & Rose Toronto (the “Site,” “we,” “us,” or “our”) collects, uses, and discloses your personal information when you visit our Site, use our services, or make a purchase on our website (the “Site”), or otherwise communicate with us regarding the Site (collectively, the “Services”). For purposes of this Privacy Policy, “you” and “your” refer to you as a user of the Services, whether you are a customer, website visitor, or another individual whose information we have collected pursuant to this Policy.
Please read this Privacy Policy carefully.
Changes to this Privacy Policy
We may update this Privacy Policy from time to time, including to reflect changes to our practices or for operational, legal, or regulatory reasons. We will post the updated Privacy Policy on the Site, update the “Last updated” date, and take any other steps required by applicable law.
How we collect and use your personal information
To provide the Services, we collect personal information about you from various sources, as set out below. The information we collect and use depends on how you interact with us.
In addition to the specific uses described below, we may use information we collect about you to communicate with you, provide or improve the Services, comply with applicable legal obligations, enforce applicable terms of service, and protect or defend the Services, our rights, and the rights of our users or others.
What personal information we collect
The types of personal information we obtain about you depend on how you interact with our Site and use our Services. When we use the term “personal information,” we mean information that identifies, relates to, describes, or can be associated with you. The categories and specific types of personal information we collect are described below.
Information you provide directly
Information you provide to us via the Services may include:
-
Contact information such as your name, address, phone number, and email address.
-
Order information including your name, billing address, shipping address, payment confirmation, email address, and phone number.
-
Account information including your username, password, security questions, and other information used for account security.
-
Customer support information including information you share when communicating with us, e.g., when you send a message via the Services.
Some features of the Services may require you to provide certain information about yourself. You may choose not to provide this information, but then some features may not be available.
Information we collect about your use
We may also automatically collect certain information about your interactions with the Services (“Usage Data”). We may use cookies, pixels, and similar technologies (“Cookies”) for this purpose. Usage Data may include information about how you access and use our Site and your account, including device information, browser information, network connection information, your IP address, and other information about your interaction with the Services.
Information we obtain from third parties
We may obtain information about you from third parties, including vendors and service providers that collect information on our behalf, such as:
-
Companies supporting our Site and Services, such as Shopify.
-
Payment processors, which collect payment details (e.g., bank account, credit/debit card information, billing address) to process your payment, fulfill your orders, and deliver products or services you request so we can perform our contract with you.
When you visit our Site, open or click emails we send, or interact with our Services or ads, we or third parties we work with may automatically collect certain information using online tracking technologies, such as pixels, web beacons, software development kits, third-party libraries, and cookies.
Any information we obtain from third parties will be treated in accordance with this Privacy Policy. See also Third-party websites and links below.
How we use your personal information
-
Providing products and services: We use your personal information to deliver the Services under our contract with you, including processing payments, fulfilling orders, sending account-, purchase-, return-, exchange-, or other transaction-related notifications, creating and managing your account, arranging shipping, facilitating returns/exchanges, and other account features. We may also enhance your shopping experience by enabling Shopify to match your account with other Shopify services you may wish to use. In such cases, Shopify processes your data as set out in its Privacy Policy and Consumer Privacy Policy.
-
Marketing and advertising: We may use your personal information for marketing and promotional purposes, including sending marketing, advertising, and promotional communications via email, SMS, or post, and showing you ads for products or services. This may involve tailoring the Services and ads on our Site and on other websites. If you are an EEA resident, the legal basis is our legitimate interests in promoting our products under Art. 6(1)(f) GDPR.
-
Security and fraud prevention: We use your personal information to detect, investigate, or take action regarding potential fraudulent, illegal, or malicious activities. If you choose to use the Services and register an account, you are responsible for safeguarding your login credentials. Do not share your username, password, or other access data. If you suspect your account has been compromised, contact us immediately. For EEA residents, the legal basis is our legitimate interests in keeping our website secure under Art. 6(1)(f) GDPR.
-
Communication and service improvement: We use your personal information to provide customer support and improve the Services. This is in our legitimate interests to communicate with you, provide effective services, and maintain our business relationship with you under Art. 6(1)(f) GDPR.
How we disclose personal information
In certain circumstances, we may disclose your personal information to third parties for contract performance, legitimate purposes, and other reasons covered by this Policy, including:
-
Vendors/service providers performing services on our behalf (e.g., IT administration, payment processing, data analytics, customer support, cloud storage, fulfillment, and shipping).
-
Business and marketing partners to provide services and show you advertisements (they will use your data in accordance with their own privacy notices).
-
With your direction/consent, for example to deliver products or via social media widgets or login integrations.
-
Within our corporate group/affiliates in our legitimate interests to operate a successful business.
-
In connection with a business transaction (e.g., merger or bankruptcy), to comply with legal obligations (including responding to subpoenas or similar requests), to enforce applicable terms, and to protect the Services, our rights, and the rights of users or others.
We disclose the following categories of personal information and sensitive personal information for the purposes described above in How we collect and use your personal information and How we disclose personal information:
| Category | Categories of Recipients |
|---|---|
| Identifiers (basic contact details and certain order/account info) | Service providers (e.g., internet providers, payment processors, fulfillment partners, customer support partners, data analytics providers) |
| Commercial information (orders, shopping, support info) | Business and marketing partners |
| Internet/network activity (usage data) | Affiliates |
| Geolocation data (e.g., by IP address or other technical measures) | Service providers |
We do not use or disclose sensitive personal information without your consent or to infer characteristics about you.
With your consent, we share personal information as described for advertising and marketing activities.
Third-party websites and links
Our Site may contain links to websites or other online platforms operated by third parties. If you follow links to sites not affiliated with or controlled by us, you should review their privacy and security policies and other terms. We are not responsible for the privacy or security of such sites, including the accuracy, completeness, or reliability of information on those sites. Information you provide in public or semi-public areas, including on third-party social networks, may be visible to other users of the Services and/or users of those platforms, without limitation as to its use by us or a third party. Inclusion of such links on our Site does not imply endorsement of the content on such platforms or of their owners/operators, except as stated in the Services.
Children’s data
The Services are not intended for use by children, and we do not knowingly collect personal information about children. If you are a parent or guardian of a child who has provided us with personal information, you may contact us using the details below to request deletion.
As of the effective date of this Privacy Policy, we are not actually aware of “sharing” or “selling” (as those terms are defined by applicable law) personal information of individuals under 16.
Security and retention of your information
No security measure is perfect or impenetrable, and we cannot guarantee “perfect security.” Data you transmit to us may not be secure in transit. Please avoid using insecure channels to send sensitive or confidential information.
How long we retain your personal information depends on several factors, including whether we need the information to maintain your account, provide the Services, comply with legal obligations, resolve disputes, or meet other contractual and policy requirements.
Your rights
Depending on where you live, you may have some or all of the rights below regarding your personal information. These rights are not absolute and may apply only in certain circumstances. In some cases, we may deny your request to the extent permitted by law.
-
Right of access/know: You may request access to personal information we hold about you, including details of how we use and share it.
-
Right to deletion: You may request that we delete personal information we hold about you.
-
Right to correction: You may request that we correct inaccurate personal information.
-
Right to portability: In certain cases, you may receive a copy of your personal information and request that we transfer it to a third party.
-
Right to opt out of sale/sharing/targeted advertising: You may request that we do not “sell” or “share” your personal information or process it for “targeted advertising” as defined by applicable law. Note: If you visit our Site with the Global Privacy Control opt-out preference signal enabled, we will, where applicable, treat this as a request to opt out of “sale” or “sharing” for the device and browser used to access the Site.
-
Restriction of processing: You may request that we stop or limit processing of your personal information.
-
Withdrawal of consent: Where we rely on your consent, you may withdraw it.
-
Appeal: You may have the right to appeal our decision if we decline your request by responding directly to our denial.
Managing communications: We may send you promotional emails; you can opt out at any time via the unsubscribe option in those emails. We may still send non-promotional messages (e.g., about your account or orders).
You can exercise your rights where indicated on our Site or by contacting us using the details below. We will not discriminate against you for exercising your rights. We may need to collect information to verify your identity (e.g., email address or account details) before responding. Where permitted by law, you may designate an authorized agent to submit requests on your behalf; we will require proof of authorization and may ask you to verify your identity directly with us. We will respond within the timelines required by applicable law.
Complaints
If you have concerns about how we process your personal information, contact us using the details below. If you are not satisfied with our response, you may, depending on your location, appeal our decision or lodge a complaint with your local data protection authority. For the EEA, a list of supervisory authorities is available from the European Data Protection Board.
International users
We may transfer, store, and process your personal information outside your country of residence. Your personal information may also be processed by staff and third-party service providers and partners in these countries.
Where we transfer your personal information outside Europe, we rely on recognized transfer mechanisms such as the European Commission’s Standard Contractual Clauses (or UK-approved equivalents, where relevant), unless the destination country has been deemed to provide an adequate level of protection.
Contact
If you have any questions or requests regarding this Privacy Policy or your personal information, please contact us at:
info@annarosetoronto.com