Privacy Policy

Effective Date: April 14th 2026
Last Updated: April 14th 2026

VARRA (“VARRA,” “we,” “us,” or “our”) values your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and otherwise process personal information when you visit our website, place an order, create an account, subscribe to our marketing, request customer support, submit a review, use our size recommendation tools, or otherwise interact with us.

This Privacy Policy applies to VARRA’s online store and related services made available through our Shopify-powered website (collectively, the “Services”).

1. Business Information

The controller responsible for the processing of your personal information is:

Heslenfeld Works, Eenmanszaak
Trading as VARRA
Nieuwendammerdijk 182
1025 LT Amsterdam
The Netherlands
Email: help@varrawear.com

2. What Personal Information We Collect

We may collect the following categories of personal information, depending on how you interact with the Services:

A. Information you provide directly

We may collect personal information that you provide to us, including:

  • full name
  • billing address
  • shipping address
  • email address
  • phone number
  • order details
  • account details
  • return and refund information
  • customer service messages
  • review submissions
  • sizing information you provide through our size recommendation tools
  • any other information you choose to provide

B. Information collected automatically

When you visit or use our Services, we and our service providers may automatically collect certain information from your browser or device, such as:

  • IP address
  • browser type and version
  • device type
  • operating system
  • pages viewed
  • session data
  • referring and exit pages
  • date and time of access
  • clicks, browsing behavior, and interactions with the Services
  • cookie identifiers and similar technology-based identifiers

We collect this information through server logs, cookies, pixels, tags, analytics tools, and similar technologies. Under current cookie guidance, non-essential cookies and similar technologies generally require clear prior consent, while strictly necessary technologies may be used where they are genuinely required to provide the service requested by the user.

C. Information from third parties

We may receive personal information from third parties that support our business operations, including:

  • Shopify, our e-commerce platform provider
  • Klaviyo, for email and SMS marketing
  • PayPal and other payment-related providers
  • card networks and wallet-enabled payment methods such as Visa, Mastercard, American Express, Maestro, Apple Pay, Google Pay, Shop Pay, and similar payment facilitators
  • Meta Pixel and Google Analytics 4, for analytics and advertising measurement

3. How We Use Personal Information

We use personal information for the following purposes:

  • to operate, maintain, and improve the Services
  • to process and fulfill orders
  • to accept and process payments
  • to arrange shipping, delivery, returns, refunds, and exchanges
  • to provide customer support
  • to communicate with you about your order or account
  • to send marketing emails and SMS messages where permitted by law or where you have provided the required consent
  • to display and manage product reviews
  • to provide sizing guidance and recommendations
  • to detect, prevent, and investigate fraud, abuse, chargebacks, and other unlawful or harmful activity
  • to analyze website usage, customer journeys, and campaign performance
  • to personalize content, product recommendations, and marketing
  • to comply with legal obligations
  • to establish, exercise, or defend legal claims

4. Legal Bases for Processing

If you are located in the EEA, UK, or another jurisdiction requiring a lawful basis for processing, we may process your personal information on one or more of the following bases:

  • Performance of a contract: where processing is necessary to take steps at your request or to perform a contract with you, including processing payments, fulfilling orders, arranging shipping, and handling returns.
  • Legal obligation: where processing is necessary to comply with legal or regulatory obligations, including tax, accounting, consumer protection, or law enforcement requirements.
  • Legitimate interests: where processing is necessary for our legitimate business interests, such as operating the store, improving the Services, securing the website, preventing fraud, maintaining records, and limited direct marketing, provided those interests are not overridden by your rights and freedoms.
  • Consent: where required by law, including for non-essential cookies, certain analytics and advertising technologies, and certain email or SMS marketing activities. Valid consent must be freely given, specific, informed, and unambiguous.

5. Cookies and Similar Technologies

We use cookies and similar technologies to:

  • keep the website secure and functioning properly
  • remember your shopping cart and preferences
  • support checkout and store features
  • analyze traffic and website performance
  • understand how visitors interact with the Services
  • measure advertising effectiveness
  • support retargeting and personalized advertising, where permitted

Some cookies are strictly necessary and do not require consent where applicable law allows it. Other cookies and similar technologies, especially those used for analytics, advertising, personalization, and retargeting, are used only with appropriate consent where required. ICO guidance states that users must be clearly informed about cookies and that consent for non-essential cookies must be actively and clearly given.

You can manage cookie preferences through your browser settings and, where available, our cookie banner or privacy controls. Blocking cookies may affect the functionality of certain features of the Services.

6. Shopify Platform

Our store is hosted on Shopify. Shopify provides merchant-facing privacy settings and tools, including privacy policies, cookie banners, and certain opt-out settings, but Shopify also states that use of its services alone does not guarantee legal compliance.

7. Orders, Payments, Shipping, and Fulfillment

When you place an order, we use your personal information to process your purchase, confirm your order, accept payment, ship your items, and handle returns, exchanges, and customer support.

We may share relevant personal information with payment providers and payment-related services necessary to complete your transaction, and with logistics and fulfillment providers, including CJ Dropshipping, to prepare, fulfill, and deliver your order.

We disclose only the information reasonably necessary for those purposes.

8. Email and SMS Marketing

We use Klaviyo for email and SMS marketing.

If you subscribe to our email marketing, we may send you promotional messages about product launches, updates, offers, restocks, and related brand communications. You can unsubscribe at any time by clicking the unsubscribe link in an email or by contacting us.

If you subscribe to SMS marketing, we may send you text messages about offers, launches, cart reminders, and other promotional or transactional communications, where permitted. SMS consent must be collected explicitly and separately from other forms of consent. Klaviyo’s own documentation states that individuals must explicitly agree to receive SMS messages and that SMS consent must be separately collected.

We may keep records of your consent status, subscription method, and opt-out history where required for compliance and operational purposes.

9. Analytics and Advertising

We use Google Analytics 4 and Meta Pixel to understand website traffic, customer behavior, campaign effectiveness, and conversion activity, and to support remarketing and ad measurement where lawful.

These tools may collect information such as device identifiers, browser activity, page views, events, and interactions with ads or the Services. Depending on your settings and applicable law, this processing may be based on consent.

Google provides configurable privacy and retention controls for Analytics properties, and Shopify provides customer privacy controls that merchants can configure by region.

If applicable law requires it, you may be given the option to accept or reject certain analytics or advertising technologies before they are activated.

10. Reviews and User-Generated Content

We use Judge.me to collect and display customer reviews. If you submit a review, rating, image, video, or other content, we may process the information you provide in connection with that submission, including your name, order information, review content, and related metadata.

By submitting content, you acknowledge that your review and associated content may be displayed publicly on the Services, subject to our moderation and applicable law.

11. Size Recommendation Tools

We use Kiwi Size Chart & Recommender to provide size charts and size recommendation functionality. If you use these features, we may process the measurements, fit preferences, or other sizing-related information you provide in order to generate recommendations and improve the sizing experience.

12. Fraud Prevention and Security

We may use personal information to help detect, prevent, and investigate fraud, payment abuse, chargebacks, unauthorized transactions, bots, misuse of the Services, and security incidents. We may also use personal information to secure our business, systems, and customers.

This may include transaction review, account-level risk analysis, device or browser signals, shipping and payment consistency checks, and use of relevant service providers.

13. How We Share Personal Information

We may share personal information with:

  • e-commerce platform providers
  • payment processors and payment-related facilitators
  • shipping, fulfillment, and logistics providers
  • email and SMS marketing providers
  • analytics and advertising providers
  • review and customer experience providers
  • sizing and recommendation tool providers
  • fraud prevention and security providers
  • professional advisers, such as accountants, legal advisers, and insurers
  • courts, regulators, law enforcement, or other authorities where required by law or necessary to protect our rights

We do not sell personal information in exchange for money. However, some targeted advertising or tracking activities may be treated as “sharing,” “sale,” or “targeted advertising” under certain U.S. state privacy laws, depending on the facts and applicable law. California’s official guidance confirms consumer rights relating to the right to know, delete, opt out of sale or sharing, and non-discrimination.

14. International Transfers

Because we use service providers that may process personal information outside your country, your personal information may be transferred internationally, including to countries that may not provide the same level of data protection as your home jurisdiction.

Where required, we rely on appropriate safeguards for international data transfers, such as:

  • adequacy decisions
  • the EU-U.S. Data Privacy Framework, where applicable
  • the UK Extension to the EU-U.S. Data Privacy Framework, where applicable
  • the Swiss-U.S. Data Privacy Framework, where applicable
  • Standard Contractual Clauses or other valid transfer mechanisms

The European Commission adopted the EU-U.S. Data Privacy Framework adequacy decision in July 2023.

15. Data Retention

We retain personal information only for as long as reasonably necessary for the purposes described in this Privacy Policy, including to:

  • provide and improve the Services
  • complete orders and transactions
  • maintain business and accounting records
  • comply with tax, legal, and regulatory obligations
  • resolve disputes
  • enforce agreements
  • detect fraud and maintain security
  • defend legal claims

Retention periods may vary depending on the type of information, the purpose of processing, and applicable legal requirements.

16. Your Privacy Rights

Depending on your location, you may have rights under applicable privacy laws, including the right to:

  • access personal information we hold about you
  • request correction of inaccurate information
  • request deletion of your personal information
  • object to or restrict certain processing
  • withdraw consent where processing is based on consent
  • request portability of certain information
  • opt out of certain marketing communications
  • opt out of sale, sharing, or targeted advertising, where applicable
  • lodge a complaint with a supervisory authority or regulator

California guidance confirms that eligible consumers may have rights including the right to know, delete, opt out of sale or sharing, and non-discrimination, and the regulations provide guidance on verification and request handling.

To exercise your privacy rights, contact us at: help@varrawear.com

We may need to verify your identity before responding to your request.

17. California and Other U.S. State Disclosures

If you are a resident of California or another U.S. state with applicable privacy rights, you may have additional rights under state law, subject to statutory thresholds, exemptions, and verification requirements.

Where applicable, these rights may include:

  • the right to know what categories of personal information we collect and how we use and disclose them
  • the right to access specific pieces of personal information
  • the right to request deletion
  • the right to request correction
  • the right to opt out of sale or sharing
  • the right to opt out of certain targeted advertising
  • the right not to be discriminated against for exercising privacy rights

California official materials also recognize opt-out rights that may be exercised through the Global Privacy Control where applicable.

18. Children’s Privacy

Our Services are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13 without authorization where required by law. If you believe a child has provided personal information to us, please contact us so that we can take appropriate action.

19. Security

We use reasonable technical, organizational, and administrative safeguards designed to protect personal information against unauthorized access, disclosure, misuse, alteration, and destruction. However, no internet transmission or storage system can be guaranteed to be completely secure.

20. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect operational, legal, or regulatory changes. When we do, we will revise the “Last Updated” date at the top of this Privacy Policy.

21. Contact

If you have any questions about this Privacy Policy or our privacy practices, please contact:

Heslenfeld Works, Sole Proprietorship
Trading as VARRA
Nieuwendammerdijk 182
1025 LT Amsterdam
The Netherlands
Email: help@varrawear.com