Privacy Policy

Privacy Policy

Last updated: 22 September 2025

This Privacy Policy explains how Kirra Boutique ("we", "us", "our") processes personal data when you visit our website and use our products or services.

Business Information
Kirra Boutique
Website: kirraboutique.com
Email: info@kirraboutique.com

1. Data Controller

Kirra Boutique is the controller of your personal data under applicable privacy laws (such as the GDPR if you are located in the EU/EEA).

2. What Data We Collect

Depending on how you use our website, we may collect:

  • Identification and contact details: name, email, phone number, shipping and billing address.

  • Order and payment data: products ordered, order number, payment status, payment method (processed by payment provider – we never receive full card details).

  • Account details: login details, order history, preferences.

  • Communication data: emails, customer service messages, reviews.

  • Technical data: IP address, device and browser information, cookie IDs, session and usage data.

  • Marketing preferences: newsletter opt-ins/opt-outs and tracking preferences.

3. Purpose and Legal Basis

We process data for the following purposes:

  • Contract performance: to process and deliver your order, and provide customer support.

  • Legal obligations: for tax, accounting, and compliance purposes.

  • Legitimate interests: to secure our site, prevent fraud/misuse, perform analytics, and improve services. We balance these against your rights.

  • Consent: for newsletters (if you are not an existing customer) and for non-essential cookies/trackers.

4. Retention

We keep personal data only as long as necessary:

  • Orders & invoices: 7 years (legal obligation).

  • Accounts & customer service data: up to 24 months after last contact, unless legally required to keep longer.

  • Marketing preferences/consent logs: until withdrawn + 24 months.

  • Technical & analytics data: up to 26 months.

5. Data Sharing

We only share data with:

  • Processors: hosting providers, payment providers, shipping/logistics companies, email services, analytics and ad platforms. All under proper data processing agreements.

  • Authorities: when legally required.

  • Outside Australia/EU transfers: if data is transferred abroad, we ensure adequate safeguards (e.g. standard contractual clauses).

6. Your Rights

You have the right to access, correct, erase, restrict, or transfer your data, and to object (including to direct marketing). Where we rely on consent, you may withdraw it at any time.
Requests: info@kirraboutique.com. We respond within one month. You may also lodge a complaint with your local data protection authority.

7. Security

We apply technical and organizational measures to secure personal data, including encryption (TLS), access restriction, logging, and regular vendor reviews.

8. Children

Our website is not intended for children under 16. We do not knowingly collect data from minors.

9. Changes

We may update this policy from time to time. Substantial changes will be announced on our website and/or by email.

Contact

Questions about this policy? Email info@kirraboutique.com.