PRIVACY NOTICE
Last updated: 13 March 2026
TABLE OF CONTENTS
1. WHAT DOES PRINCESS POLLY DO?
2. PERSONAL DATA WE COLLECT AND PROCESS
3. HOW WE USE YOUR PERSONAL DATA (OUR PURPOSES) AND OUR LEGAL BASIS FOR PROCESSING IT
4. WHO WE SHARE YOUR PERSONAL DATA WITH
5. COOKIES AND SIMILAR TRACKING TECHNOLOGY
6. HOW WE KEEP YOUR PERSONAL DATA SECURE
7. INTERNAL DATA TRANSFERS
8. DATA RETENTION
9. YOUR DATA PROTECTION RIGHTS
10. UPDATES TO THIS PRIVACY NOTICE
11. HOW TO CONTACT US
We recommend that you read this Privacy Notice in full to ensure you are completely informed about your personal data. However, if you only want to access a particular section of this Privacy Notice, then you can click on the relevant link above to jump to that section.
If you do not live in the European Economic Area (EEA), the United Kingdom or Switzerland then this Privacy Notice will apply instead.
At Princess Polly, trust is the cornerstone of a great brand and respecting the privacy rights of our customers is an integral part of building that trust. In this Privacy Notice, the terms “Princess Polly,” “we,” and “us” refer to Princess Polly, its parent company a.k.a. Brands Holding Corp., and Princess Polly’s respective subsidiaries and affiliated companies. This Privacy Notice explains who we are, how we collect, share and use personal data about you and how you can exercise your privacy rights. This Privacy Notice only applies to personal data that we collect through our UK website at princesspolly.com.uk, our UK or regional (EU or Gulf Coast) social media pages as well as other websites, mobile sites, social pages, online applications, platforms and tools where this Privacy Notice appears or is linked. It also applies to personal data that we collect through communications between you and Princess Polly, including SMS, MMS, chat, and instant messaging communications (collectively, the "Website"). To understand the terms under which you use our Website and the services that we provide, please read our Terms of Use.
If you have any questions or concerns about our use of your personal data, then please contact us using the contact details under the “How to contact us” heading below.
1. WHAT DOES PRINCESS POLLY DO?
Princess Polly is an online fashion retailer, headquartered in Australia and the USA, with group companies all around the world. We create, market and sell women's apparel and accessories through our online store, enabling you to browse, purchase and receive fashion products, manage your orders and contact our customer services team.
For more information about Princess Polly, please see the “About Us” section of our Website.
2. PERSONAL DATA WE COLLECT AND PROCESS
a) The personal data we collect from you, either directly or indirectly, will depend on how you interact with us and with our Website. We collect personal data about you from the following different sources:
-
Information that you provide directly
We collect personal data directly from you when you choose to provide us with this information online and through your other interactions with us (such as data collected via social media and any surveys, customer service communications, competitions or other promotional programmes in which you may participate). Certain parts of our Website ask you to provide personal data when you engage with the following services: Account creation, customer service and communication channels, purchase of goods from our Website, promotions, tools to help personalise your shopping experience such as shade finder, colour analysis, virtual try on, returns processing and product reviews.
-
Information that we collect indirectly
We collect your personal data indirectly, including through automated means from your device when you use our Website. Some of the information we collect indirectly is captured using cookies and other tracking technologies, as explained further in our Cookies Notice.
-
Information from third parties
We also collect your personal data from third party sources, i.e. our service providers that provide operational assistance, email, marketing and analytics services, as well as financial and credit related services, payment services (including instalment payments ) and social media platforms. Information received from third parties will be checked to ensure that the third party either has your consent or are otherwise legally permitted or required to disclose your personal data to us.
If you choose to register for a Website account with us via a social media account you hold, we will collect your email from your social media account to set up your account with us and to confirm whether you logged into our Website using your social media account. We do not access your personal account settings on your social media account.
b) The table below describes the categories of personal data we collect from and about you through our online services and activities on our Website and on social media pages.
| Personal Data Description |
Source |
|
Online Order Information such as your name, email address and shipping address, phone number and payment information. |
· Directly from you · Third parties |
|
Online Account Data such as your login information(username, email and password) and profile information (contact details including your name, surname, postcode, phone number, payment card information and product preferences) and, in some cases, your birthday, gender, or student status. |
· Directly from you |
|
Social Media Information (if you connect your social media account to your online account), such as your name, email address, photo, list of social media contacts, social media handle and any other information that may be accessible to us when you connect your social media account to your online account. |
· Directly from you |
|
Transaction Data such as truncated credit or debit card details, payment method, transaction statements, your billing address, your delivery address or the delivery address of the intended recipient of your order, payments and orders to and from you, and other details of products that you have supplied to or purchased through the Website. We do not collect or store your full credit or debit card details (which are processed by payment service providers who are separate controllers of your data. Please refer to your payment service provider's privacy notice (such as PayPal or Apple Pay) for further details on their data collection practices). |
· Directly from you |
|
Communication Data such as your feedback on our products and services or the performance of our Website and other communications with us (including when you interact with our customer service ), any queries you raise, phone, SMS, MMS, email, chat, instant messaging or through social media platforms. This will include information as to how you contact customer services and the channel of communication that you use or any information that you send to us. |
· Directly from you |
|
Marketing Data such as your interests based on your use of our Website and other websites and online services, your purchases, survey responses, promotions you enter, preferences in relation to receiving marketing materials from us, communication preferences, your preferences for particular products. |
·Directly from you |
|
Promotions Data If you sign up for promotions or a contest, you may need to provide certain information such as your name, email, telephone number, or mailing address. |
· Directly from you
|
|
Device Data collected from (or as a result of your using) your device (including by means of cookies and similar tracking technology), including your IP address or MAC address, your ISP, and the browser you use to visit our Website, device type, unique device identification numbers or other identifiers including advertising identifiers. |
·Indirectly from you |
|
Website Usage Data such as activity and Website page and interaction, information that we capture using cookies and similar technologies (see the "Cookies and similar tracking technology" section below. This will include page views and searches, log-in information, clicks, operating system, information about content viewed, watched or downloaded for offline access, length of visits to certain pages, length of Website use, purchase history and other functional information on Website performance (for example, application version information, diagnostics, and crash logs). |
· Indirectly from you |
|
Investigation Data such as information about you in connection with investigations into fraudulent or criminal activities on our Websites. |
· Indirectly from you |
|
Location Data collected using WiFi access points / and/or GPS]from which we can identify your precise geographic location, e.g., technical information that associates your location to your use of the Website such as the delivery / pick-up status of orders or to provide you with the information about deals near your actual location. |
· Indirectly from you |
|
Uploaded Content such as any personal data in photographs / videos or audio recordings that you upload onto our Website or provide as part of product reviews, requests for assistance from customer service, or when you take part in competitions, or upload photos to social media (where you allow us to use such images). |
· Directly from you |
We do not collect any sensitive personal data about you, such as health-related information or information about your race or ethnicity, or sexual orientation.
3. HOW WE USE YOUR PERSONAL DATA (OUR PURPOSES) AND OUR LEGAL BASIS FOR PROCESSING IT
We use the personal data that we collect from and about you only for the purposes described in this Privacy Notice or for purposes that we explain to you at the time we collect your information. Depending on our purpose for collecting your information, we rely on one of the following legal bases:
-
Contract - we require certain personal data in order to provide our Website, products and services you purchase or request from us;
-
Consent – in certain circumstances, we may ask for your consent (separately from any contract between us) before we collect, use, or disclose your personal data, in which case you can voluntarily choose to give or deny your consent without any negative consequences to you;
-
Legitimate interests – we will use or disclose your personal data for the legitimate interests of either Princess Polly or a third party, but only when we are confident that your privacy rights will remain appropriately protected. If we rely on our (or a third party's) legitimate interests, these interests will normally be to: operate, provide and improve our business, including our Website; communicate with you and respond to your questions; improve our Website or use the insights to improve or develop marketing activities and promote our products and services; detect or prevent illegal activities (for example, fraud); and/or to manage the security of our IT infrastructure, and the safety and security of our employees, customers, vendors and visitors. Where we require your data to pursue our legitimate interests or the legitimate interests of a third party, it will be in a way which is reasonable for you to expect as part of the running of our business and which does not materially affect your rights and freedoms. We have identified below what our legitimate interests are.
- Legal obligation – there are instances where we must process and retain your personal data to comply with laws or to fulfil certain legal obligations.
The following table provides more details on our purposes for processing your personal data and the related legal bases. The legal basis under which your personal data is processed will depend on the data concerned and the specific context in which we use it.
| Purpose/Activity | Type of personal data | Lawful basis for processing including basis of legitimate interest |
|
Register your account on our Website, to manage and administer your account, to facilitate purchases you make (including, where applicable, providing special discounts and managing online loyalty programmes) and to manage returns. |
Online Order Information |
· Performance of a contract with you. |
|
Provide you with our Website, products and services, including to process, fulfil and communicate with you about your orders. |
Online Order Information |
· Performance of a contract with you. |
|
Process transactions online / ecommerce payments, including using delayed payment options (via PayPal, Shopify Payments, Clearpay Klarna and transaction fee recovery. |
Online Order Information |
· Performance of a contract with you. |
|
Respond to your communications regarding our products and services, such as when you place an order, call us, make a request or inquiry, enter a contest or sweepstakes, complete a survey; or share a comment or concern; |
Online Order Information |
· Performance of a contract with you. · Otherwise, as necessary for our legitimate interests to operate, provide and improve our business and to communicate with you – where our communications are not necessary to perform or enter into a contract with you. |
|
Reviewing communications with you for customer support and quality assurance and training purposes, and related |
Online Order Information |
· Necessary for our legitimate interests (to operate, provide and improve our business; to communicate with you) – where our communications are not necessary to perform or enter into a contract with you. |
|
Keep our business, including our Website secure and to detect and prevent fraud online. For example, we use malware and spyware monitoring tools to detect suspicious activity and algorithms to detect |
Online Order Information |
· Necessary for our and our third parties' |
|
For our business purposes, such as to maintain our programs, accounts, and records (including customer records) ; for research; to determine your satisfaction with our products and services; and for any other business purpose that is permitted by law. |
Online Order Information |
· Performance of a contract with you. |
|
To administer and maintain our Website and our IT systems (including monitoring, troubleshooting, data |
Online Order Information |
· Our and our third parties' legitimate interests (to operate, provide and improve our business, including our Website; to detect or prevent Illegal activities (e.g. fraud) and/or to manage the security of our IT infrastructure). |
|
Manage our use of tracking |
Online Account Data |
· Consent (where required under applicable law – see cookie consent tool on our website). · Otherwise (for strictly necessary cookies) our legitimate interests to operate, provide and improve our business, including our Website, to improve our Website or use the insights to improve or develop marketing activities and promote our products and services. |
|
Analyse data including metrics related to consumer transactions and behaviour (online), to assess trends and the effectiveness of our advertising and marketing campaigns, to help us understand your needs and provide you with better service and offers, to drive customer engagement, promote our brand, and inform other business decisions by |
Online Account Data |
· Consent (where required under applicable law). · Otherwise our legitimate interests (to operate, provide and improve our business, including our Website, to improve our Website or use the insights to improve or develop marketing activities and promote our products and services). |
|
Contact current and prospective customers (including Website visitors) about our products and services, promotions, competitions and events we think may be of interest, including our |
Online Account Data |
· Consent (where required under applicable law). · Otherwise our legitimate interests (to operate, provide and improve our business; to communicate with you and to develop marketing activities and promote our products and services). |
|
Personalise and customise your experience, including to remember your interests and preferences; customise the products and services we share with you; facilitate your interactions with our stylists and salespeople; track and categorize your activity and interests on our Website, including by identifying the different devices you use; and to enrich your experience on our Websites, and through our mobile applications. |
Online Account Data |
· Consent (where required under applicable law). · Otherwise our legitimate interests to operate, provide and improve our business, including our Website, to use the insights to improve or develop marketing activities and promote our products and services). |
|
Personalise, target, and deliver advertising for our products and services on third party websites, apps, and other online services |
Online Account Data |
· Personalise and customise your experience, including to remember your interests and preferences; customise the products and services we share with you; facilitate your interactions with our stylists and salespeople; track and categorise your activity and interests on our Website, including by identifying the different devices you use; and to enrich your experience on our Websites, and through our mobile applications. |
|
Comply with legal and regulatory obligations to which we are subject, including our obligations to respond to your requests under data protection law. |
Online Order Information |
· Legal obligation. |
|
Protect our legal rights (including where necessary, to share information with law enforcement and others), for example to defend claims against us and to conduct litigation to defend our interests. |
Online Order Information |
· Our legitimate interests to protect our business interests. |
We share your personal data with the following categories of recipients:
-
our brands and group companies, When you provide information to one of our brands, we may share it with our other brands under the a.k.a. Brands Holding Corp., such as Princess Polly, Petal & Pup, Culture Kings, and mnml who provide data processing services necessary to provide you with our goods and services (for example, to support the delivery of, provide functionality on, or help to enhance the security of our Website, or who otherwise process personal data for purposes described in this Privacy Notice. Our brands operate under a number of corporate subsidiaries and affiliates, which you can see HERE;
- Princess Polly's third party service providers and partners who provide data processing services to us as necessary to provide you with our goods and services (to support delivery of, provide functionality on, or help to enhance the security of our Website; manage customer information; fulfil of promotions; send marketing communications, conduct surveys; analyse data; process payments; fulfilment and shipping orders; or provide network security, accounting, auditing and other services), or who otherwise process personal data for purposes described in this Privacy Notice. The following table lists the main third party service providers we engage to process your personal data, the categories of services they provide, and the types of personal data they receive in order to provide us these services;
|
Service Provider |
Services | Personal data |
| Google, Snowflake, Shopify | Analytics Provider | Email, Email opt in and opt out, SMS opt in and opt out, Loyalty data, Order data, Coupon codes, Purchase date and amount, Location data, Device data, Browsing time and behaviour, Website/App usage data, Communication data, Return data |
| Klaviyo |
Email, SMS, App Marketing |
Name, Email, Phone, Home address, Gender, Birth month and day, Email opt in and opt out, SMS opt in and opt out, Order ID, Loyalty ID, Loyalty tier, Coupon code, Push token, Device ID |
| Shopify, Yotpo | Marketing and Advertising Partners | Name, Email, Phone, Home address, Gender, Birth month and day, Email opt in and opt out, SMS opt in and opt out, Order ID, Loyalty ID, Loyalty tier, Loyalty reward, Coupon code, Review score, Social medial contact details / username /handle |
| Friendbuy | Affiliate Marketing | IP address, Email, Browsing time and behaviour, Website/App history |
|
Gorgias, Simpplr |
Customer Service Enquiries |
Name, Email, Phone number, Address, Order ID, Purchase date and amount, Return data |
| Yotpo | Product Returns (eCommerce purchases) | Name, Email, Shipping address, Order ID, Purchase date and amount, Return data |
-
third party services when you use third party services linked through our Website, for example, third party payment services, your personal data will be collected by the provider of such services. Please note that when you use third party services, their own terms and privacy notices will govern your use of their services;
-
any competent law enforcement body, regulatory, government agency, court or other third party (such as our professional advisers) where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights or so a third party can defend theirs, or (iii) to protect your vital interests or those of any other person;
-
a buyer (and its agents and advisers) in connection with any actual or proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your personal data only for the purposes disclosed in this Privacy Notice; or
- any other person with your consent to the disclosure (obtained separately from any contract between us).
We use cookies and similar tracking technology (collectively, “Cookies”) to collect and use personal data about you, including to serve interest based advertising. For further information about the types of Cookies we use, why, and how you can control Cookies, please see our Cookie Notice.
6. HOW WE KEEP YOUR PERSONAL DATA SECURE
We use appropriate technical and organisational measures to protect the personal data that we collect and process about you. The measures are designed to provide a level of security appropriate to the risk of processing. Specific measures we use include encrypting your personal data in transit and at rest; using an industry standard framework as part of any Information Security programme; employing advance malware protections; implementation of other reasonable security defences (including vulnerability management, access management and recovery/resilience measures.
Where you have created an account with us that uses a unique password to enable you to access our Website, it is your responsibility to keep this password secure and confidential.
7. INTERNATIONAL DATA TRANSFERS
In some cases, where your personal data is transferred to another brand under the a.k.a. Brands Holding Corp. or other third parties, it is processed in countries other than the country in which you are resident. These countries may have data protection laws that are different to the laws of your country (and, in some cases, may not be as protective).
Specifically, our Website servers are located in the United States, and our group companies are located in the United Kingdom, European Economic Area and Australia. Our third party service providers and partners operate around the world. This means that when we collect your personal data we may process it in any of these countries.
Where we transfer your personal data to countries or organisations outside of the European Economic Area and the UK, which have been formally recognised as providing an adequate level of protection for personal data, we rely on the relevant “adequacy decisions” from the European Commission and “adequacy regulations" (data bridges) from the Secretary of State in the UK.
Where the transfer is not subject to an adequacy decision or regulations, we have taken appropriate safeguards to ensure that your personal data will remain protected in accordance with this Privacy Notice and applicable laws. The safeguards we strive to use to transfer personal data are, if required, in case of both our group companies and third party service providers and partners, the European Commission’s Standard Contractual Clauses as issued on 4 June 2021 under Article 46(2) including the UK Addendum permitted under Article 46(2) of the UK GDPR for the transfer of data originating in the UK.
If you would like further information about our international data transfers, please contact us (see the “How to contact us” Section below).
8. DATA RETENTION
We will retain your personal information where we have an ongoing legitimate need to do so (for example, as long as you have an online account with us) or as needed to fulfil our own obligations, such as preventing fraud, meeting legal or other regulatory requirements, resolving disputes, improving our services or maintaining security, and in each case, as consistent with applicable law.
Different retention periods apply for different types of personal information. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of personal information; the potential risk from unauthorised use or disclosure of the personal information; the purpose(s) for which we use or may use the personal information; whether we can achieve the purpose(s) through other means; and the applicable legal requirements.
When we have no ongoing legitimate need or legal reason to process your personal data, we will either delete or anonymise it or, if this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible.
9. YOUR DATA PROTECTION RIGHTS
Individuals located in the UK and EEA have the following data protection rights. To exercise any of them see specific instructions below or contact us using the contact details provided under the “How to contact us” heading below or use this form.
- You may access, correct, update or request deletion of your personal data.
- You can object to processing of your personal data, ask us to restrict processing of your personal data or request portability of your personal data, (i.e. your data to be transferred in a readable and standardised format.
- You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the electronic marketing we send you. To opt-out of other forms of marketing (such as SMS/telemarketing), please contact us using the contact details provided under the “How to contact us” heading below or use the unsubscribe link we provided you within any of our messages. If you choose to opt out of marketing communications, we will still send you non-promotional emails, such as emails about your account or our ongoing business relations.
- If we have collected and processed your personal data with your consent, then you can withdraw your consent at any time by using the contact details provided under the “How to contact us” heading below OR use the unsubscribe link we provided you within any of our messages. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful processing grounds other than consent.
- You have the right to complain to a supervisory authority about our collection and use of your personal data. For more information, please contact your local supervisory authority. Contact details for supervisory authorities in Europe are available here and for the UK here. Certain supervisory authorities will require that you exhaust our own internal complaints process before looking into your complaint.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
10. UPDATES TO THIS PRIVACY NOTICE
We may update this Privacy Notice from time to time in response to changing legal, regulatory, technical or business developments. When we update our Privacy Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make including by email to the email we have on record for you.
You can see when this Privacy Notice was last updated by checking the “last updated” date displayed at the top of this Privacy Notice.
11. HOW TO CONTACT US
If you have any questions or concerns about our use of your personal data, please contact us using the following details: privacy@princesspolly.com. You may also write to us at the below address(es) and where applicable, contact our representative in the UK.
Attention: Privacy Office
Princess Polly USA. Inc.
10 Montgomery Street, Suite 2270
San Francisco, CA 94104 USA
Attention: Privacy Office
Princess Polly UK Limited
Carpenter Court
1 Maple Road
Branham
Stockport
Cheshire SK7 2 DH United Kingdom
The data controller of your personal data is Princess Polly USA, Inc. which is registered with the State of Delaware in the United States of America.
| Country | Representative Contact |
| EEA | privacy@princesspolly.com |
| United Kingdom | privacy@princesspolly.com |
| Global | privacy@princesspolly.com |