Effective Date: April 14th 2026
Last Updated: April 14th 2026
VARRA (“VARRA,” “we,” “us,” or “our”) values your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and otherwise process personal information when you visit our website, place an order, create an account, subscribe to our marketing, request customer support, submit a review, use our size recommendation tools, or otherwise interact with us.
This Privacy Policy applies to VARRA’s online store and related services made available through our Shopify-powered website (collectively, the “Services”).
1. Business Information
The controller responsible for the processing of your personal information is:
Heslenfeld Works, Eenmanszaak
Trading as VARRA
Nieuwendammerdijk 182
1025 LT Amsterdam
The Netherlands
Email: help@varrawear.com
2. What Personal Information We Collect
We may collect the following categories of personal information, depending on how you interact with the Services:
A. Information you provide directly
We may collect personal information that you provide to us, including:
- full name
- billing address
- shipping address
- email address
- phone number
- order details
- account details
- return and refund information
- customer service messages
- review submissions
- sizing information you provide through our size recommendation tools
- any other information you choose to provide
B. Information collected automatically
When you visit or use our Services, we and our service providers may automatically collect certain information from your browser or device, such as:
- IP address
- browser type and version
- device type
- operating system
- pages viewed
- session data
- referring and exit pages
- date and time of access
- clicks, browsing behavior, and interactions with the Services
- cookie identifiers and similar technology-based identifiers
We collect this information through server logs, cookies, pixels, tags, analytics tools, and similar technologies. Under current cookie guidance, non-essential cookies and similar technologies generally require clear prior consent, while strictly necessary technologies may be used where they are genuinely required to provide the service requested by the user.
C. Information from third parties
We may receive personal information from third parties that support our business operations, including:
- Shopify, our e-commerce platform provider
- Klaviyo, for email and SMS marketing
- PayPal and other payment-related providers
- card networks and wallet-enabled payment methods such as Visa, Mastercard, American Express, Maestro, Apple Pay, Google Pay, Shop Pay, and similar payment facilitators
- Meta Pixel and Google Analytics 4, for analytics and advertising measurement
3. How We Use Personal Information
We use personal information for the following purposes:
- to operate, maintain, and improve the Services
- to process and fulfill orders
- to accept and process payments
- to arrange shipping, delivery, returns, refunds, and exchanges
- to provide customer support
- to communicate with you about your order or account
- to send marketing emails and SMS messages where permitted by law or where you have provided the required consent
- to display and manage product reviews
- to provide sizing guidance and recommendations
- to detect, prevent, and investigate fraud, abuse, chargebacks, and other unlawful or harmful activity
- to analyze website usage, customer journeys, and campaign performance
- to personalize content, product recommendations, and marketing
- to comply with legal obligations
- to establish, exercise, or defend legal claims
4. Legal Bases for Processing
If you are located in the EEA, UK, or another jurisdiction requiring a lawful basis for processing, we may process your personal information on one or more of the following bases:
- Performance of a contract: where processing is necessary to take steps at your request or to perform a contract with you, including processing payments, fulfilling orders, arranging shipping, and handling returns.
- Legal obligation: where processing is necessary to comply with legal or regulatory obligations, including tax, accounting, consumer protection, or law enforcement requirements.
- Legitimate interests: where processing is necessary for our legitimate business interests, such as operating the store, improving the Services, securing the website, preventing fraud, maintaining records, and limited direct marketing, provided those interests are not overridden by your rights and freedoms.
- Consent: where required by law, including for non-essential cookies, certain analytics and advertising technologies, and certain email or SMS marketing activities. Valid consent must be freely given, specific, informed, and unambiguous.
5. Cookies and Similar Technologies
We use cookies and similar technologies to:
- keep the website secure and functioning properly
- remember your shopping cart and preferences
- support checkout and store features
- analyze traffic and website performance
- understand how visitors interact with the Services
- measure advertising effectiveness
- support retargeting and personalized advertising, where permitted
Some cookies are strictly necessary and do not require consent where applicable law allows it. Other cookies and similar technologies, especially those used for analytics, advertising, personalization, and retargeting, are used only with appropriate consent where required. ICO guidance states that users must be clearly informed about cookies and that consent for non-essential cookies must be actively and clearly given.
You can manage cookie preferences through your browser settings and, where available, our cookie banner or privacy controls. Blocking cookies may affect the functionality of certain features of the Services.
6. Shopify Platform
Our store is hosted on Shopify. Shopify provides merchant-facing privacy settings and tools, including privacy policies, cookie banners, and certain opt-out settings, but Shopify also states that use of its services alone does not guarantee legal compliance.
7. Orders, Payments, Shipping, and Fulfillment
When you place an order, we use your personal information to process your purchase, confirm your order, accept payment, ship your items, and handle returns, exchanges, and customer support.
We may share relevant personal information with payment providers and payment-related services necessary to complete your transaction, and with logistics and fulfillment providers, including CJ Dropshipping, to prepare, fulfill, and deliver your order.
We disclose only the information reasonably necessary for those purposes.
8. Email and SMS Marketing
We use Klaviyo for email and SMS marketing.
If you subscribe to our email marketing, we may send you promotional messages about product launches, updates, offers, restocks, and related brand communications. You can unsubscribe at any time by clicking the unsubscribe link in an email or by contacting us.
If you subscribe to SMS marketing, we may send you text messages about offers, launches, cart reminders, and other promotional or transactional communications, where permitted. SMS consent must be collected explicitly and separately from other forms of consent. Klaviyo’s own documentation states that individuals must explicitly agree to receive SMS messages and that SMS consent must be separately collected.
We may keep records of your consent status, subscription method, and opt-out history where required for compliance and operational purposes.
9. Analytics and Advertising
We use Google Analytics 4 and Meta Pixel to understand website traffic, customer behavior, campaign effectiveness, and conversion activity, and to support remarketing and ad measurement where lawful.
These tools may collect information such as device identifiers, browser activity, page views, events, and interactions with ads or the Services. Depending on your settings and applicable law, this processing may be based on consent.
Google provides configurable privacy and retention controls for Analytics properties, and Shopify provides customer privacy controls that merchants can configure by region.
If applicable law requires it, you may be given the option to accept or reject certain analytics or advertising technologies before they are activated.
10. Reviews and User-Generated Content
We use Judge.me to collect and display customer reviews. If you submit a review, rating, image, video, or other content, we may process the information you provide in connection with that submission, including your name, order information, review content, and related metadata.
By submitting content, you acknowledge that your review and associated content may be displayed publicly on the Services, subject to our moderation and applicable law.
11. Size Recommendation Tools
We use Kiwi Size Chart & Recommender to provide size charts and size recommendation functionality. If you use these features, we may process the measurements, fit preferences, or other sizing-related information you provide in order to generate recommendations and improve the sizing experience.
12. Fraud Prevention and Security
We may use personal information to help detect, prevent, and investigate fraud, payment abuse, chargebacks, unauthorized transactions, bots, misuse of the Services, and security incidents. We may also use personal information to secure our business, systems, and customers.
This may include transaction review, account-level risk analysis, device or browser signals, shipping and payment consistency checks, and use of relevant service providers.
13. How We Share Personal Information
We may share personal information with:
- e-commerce platform providers
- payment processors and payment-related facilitators
- shipping, fulfillment, and logistics providers
- email and SMS marketing providers
- analytics and advertising providers
- review and customer experience providers
- sizing and recommendation tool providers
- fraud prevention and security providers
- professional advisers, such as accountants, legal advisers, and insurers
- courts, regulators, law enforcement, or other authorities where required by law or necessary to protect our rights
We do not sell personal information in exchange for money. However, some targeted advertising or tracking activities may be treated as “sharing,” “sale,” or “targeted advertising” under certain U.S. state privacy laws, depending on the facts and applicable law. California’s official guidance confirms consumer rights relating to the right to know, delete, opt out of sale or sharing, and non-discrimination.
14. International Transfers
Because we use service providers that may process personal information outside your country, your personal information may be transferred internationally, including to countries that may not provide the same level of data protection as your home jurisdiction.
Where required, we rely on appropriate safeguards for international data transfers, such as:
- adequacy decisions
- the EU-U.S. Data Privacy Framework, where applicable
- the UK Extension to the EU-U.S. Data Privacy Framework, where applicable
- the Swiss-U.S. Data Privacy Framework, where applicable
- Standard Contractual Clauses or other valid transfer mechanisms
The European Commission adopted the EU-U.S. Data Privacy Framework adequacy decision in July 2023.
15. Data Retention
We retain personal information only for as long as reasonably necessary for the purposes described in this Privacy Policy, including to:
- provide and improve the Services
- complete orders and transactions
- maintain business and accounting records
- comply with tax, legal, and regulatory obligations
- resolve disputes
- enforce agreements
- detect fraud and maintain security
- defend legal claims
Retention periods may vary depending on the type of information, the purpose of processing, and applicable legal requirements.
16. Your Privacy Rights
Depending on your location, you may have rights under applicable privacy laws, including the right to:
- access personal information we hold about you
- request correction of inaccurate information
- request deletion of your personal information
- object to or restrict certain processing
- withdraw consent where processing is based on consent
- request portability of certain information
- opt out of certain marketing communications
- opt out of sale, sharing, or targeted advertising, where applicable
- lodge a complaint with a supervisory authority or regulator
California guidance confirms that eligible consumers may have rights including the right to know, delete, opt out of sale or sharing, and non-discrimination, and the regulations provide guidance on verification and request handling.
To exercise your privacy rights, contact us at: help@varrawear.com
We may need to verify your identity before responding to your request.
17. California and Other U.S. State Disclosures
If you are a resident of California or another U.S. state with applicable privacy rights, you may have additional rights under state law, subject to statutory thresholds, exemptions, and verification requirements.
Where applicable, these rights may include:
- the right to know what categories of personal information we collect and how we use and disclose them
- the right to access specific pieces of personal information
- the right to request deletion
- the right to request correction
- the right to opt out of sale or sharing
- the right to opt out of certain targeted advertising
- the right not to be discriminated against for exercising privacy rights
California official materials also recognize opt-out rights that may be exercised through the Global Privacy Control where applicable.
18. Children’s Privacy
Our Services are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13 without authorization where required by law. If you believe a child has provided personal information to us, please contact us so that we can take appropriate action.
19. Security
We use reasonable technical, organizational, and administrative safeguards designed to protect personal information against unauthorized access, disclosure, misuse, alteration, and destruction. However, no internet transmission or storage system can be guaranteed to be completely secure.
20. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect operational, legal, or regulatory changes. When we do, we will revise the “Last Updated” date at the top of this Privacy Policy.
21. Contact
If you have any questions about this Privacy Policy or our privacy practices, please contact:
Heslenfeld Works, Sole Proprietorship
Trading as VARRA
Nieuwendammerdijk 182
1025 LT Amsterdam
The Netherlands
Email: help@varrawear.com