Wear Now. Pay Later
FREDDY STORE USA — PRIVACY POLICY
At Freddy Store, we value your style — and your privacy. This policy explains how we collect, use, share, and protect your personal information when you visit or shop at www.freddystore.com. It applies to U.S. customers and is designed to comply with applicable federal and state privacy laws, including the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the Telephone Consumer Protection Act (TCPA), and the comprehensive privacy laws of Virginia (VCDPA), Colorado (CPA), and Connecticut (CTDPA).
Key Definitions
-
"Sell" / "Sale": means exchanging your personal information with a third party for monetary or other valuable consideration. Freddy Store does not sell your personal information.
-
"Share" / "Sharing": means disclosing your personal information to a third party for cross-context behavioural advertising — including retargeting you with ads based on your activity on our website — regardless of whether money changes hands. This is distinct from a 'sale' but is subject to opt-out rights under CPRA.
-
"Sensitive Personal Information" (SPI): a specific subset of personal information afforded heightened protection under CPRA, such as precise geolocation, financial account data, and health information.
1. CATEGORIES OF PERSONAL INFORMATION WE COLLECT
In the past 12 months, we have collected the following categories of personal information:
|
Category |
Examples |
|
Identifiers |
Name, shipping/billing address, email address, IP address, account login credentials. |
|
Commercial Information |
Records of products purchased, browsing history on our site, wish lists, and items considered. |
|
Internet / Network Activity |
Browsing and search history on our website, interactions with our emails and advertisements. |
|
Geolocation Data |
General location derived from IP address (city/region level). |
|
Sensitive Personal Information (SPI) |
Payment card data — processed but never stored by us; handled solely by our PCI-DSS compliant payment providers. |
|
Inferences |
Profiles drawn from the above reflecting your shopping preferences and likely product interests. |
Sources of Personal Information
We collect personal information from the following categories of sources:
-
Directly from you — when you place an order, create an account, sign up for emails or SMS, submit a review, or contact customer support.
-
Automatically, via tracking technologies — when you browse our website, cookies, pixels, and similar tools collect data about your device, session, and interactions. See Section 3 for full details.
-
From third-party service providers and partners — such as payment processors confirming transaction completion, shipping carriers providing delivery status, and advertising platforms providing audience and conversion data.
2. HOW WE USE YOUR INFORMATION
We process your personal information for the following purposes, categorised as required under CPRA:
Business Purposes (Internal Operations)
These are internal uses necessary to operate our business and fulfil our obligations to you:
-
Order Fulfilment: Processing, shipping, and tracking your purchases; managing returns and exchanges.
-
Payment Processing: Verifying and completing secure transactions via our PCI-DSS compliant payment partners.
-
Customer Support: Responding to enquiries, complaints, and service requests via our helpdesk platform (Gorgias).
-
Security & Fraud Prevention: Detecting, investigating, and preventing fraudulent transactions, abuse, and security incidents.
-
Legal Compliance: Meeting obligations under applicable laws, including tax, accounting, consumer protection, and data retention regulations.
-
IT & Platform Operations: Maintaining, improving, and debugging our website and internal systems.
Commercial Purposes (Advertising & Marketing)
These uses are related to our advertising and commercial activities:
-
Email Marketing: Sending you promotional emails, new arrivals, and exclusive offers where you have opted in or where permitted by law.
-
SMS Marketing: Sending you text message promotions and alerts where you have expressly opted in (see Section 9).
-
Personalised Advertising: Sharing behavioural data with advertising platforms (Meta, Google, Instant Audiences) to serve you targeted and retargeted advertisements on third-party platforms. This constitutes 'sharing' under CPRA and is subject to your opt-out right.
-
Freddy Brand Marketing: Where you consent to receive marketing communications about Freddy products, we may share your contact details, purchase history, browsing behaviour, preferences, and marketing engagement data with Freddy S.p.A., the Italian owner of the Freddy trademark, and its subsidiaries, so they may support, coordinate, personalise, and send marketing communications relating to Freddy products
-
Analytics & Performance Measurement: Using tools such as Google Analytics to understand how customers interact with our website and improve our commercial offering.
-
Financial Incentives: Administering our newsletter sign-up discount and loyalty programmes (see Section 8).
Sensitive Personal Information: We do not use or disclose Sensitive Personal Information (SPI) for purposes beyond those strictly necessary to provide our services, as permitted under CPRA Section 1798.121. Specifically, we do not use SPI to infer characteristics about you or for targeted advertising.
3. COOKIES AND TRACKING TECHNOLOGIES
We use cookies, pixels, and similar tracking technologies on our website. These are categorised below by function. You can manage your cookie preferences at any time through our cookie consent banner.
Consent Model
-
Strictly Necessary cookies: Always active — they are essential for the website to function (e.g., your shopping cart and login session).
-
Analytics & Functional cookies: Opt-in required in states where applicable law mandates it. You may opt out at any time via our cookie banner.
-
Advertising & Targeting cookies: Opt-in required where required by law. California residents may also opt out of the 'sharing' these cookies enable via Section 7 of this policy.
|
Cookie / Technology |
Type |
Purpose & Opt-Out |
|
Shopify Session Cookies |
Strictly Necessary |
Maintain session, cart, and login state. |
|
Google Analytics |
Analytics |
Track site traffic and user behaviour. Opt-out: tools.google.com/dlpage/gaoptout |
|
Meta Pixel |
Advertising |
Retargeting for Facebook and Instagram. Opt-out: facebook.com/adpreferences |
|
Google Ads |
Advertising |
Retargeting for Google Search/Display. Opt-out: adssettings.google.com |
|
Instant Audiences |
Advertising |
Cross-site retargeting based on browsing behavior. |
4. PAYMENT SECURITY & PCI COMPLIANCE
We operate on a zero-knowledge model regarding your payment card data. We do not store, access, or see your full credit card number at any point during or after a transaction. All payment processing is delegated to PCI-DSS Level 1 compliant providers:
-
Shopify Payments — shopify.com/legal/privacy
-
PayPal — paypal.com/us/legalhub/privacy-full
-
Afterpay — afterpay.com/en-US/privacy-policy
-
Klarna — klarna.com/us/legal/privacy
Card data is handled via secure tokenisation and AES-256 encryption in transit. No cardholder data is retained on our systems after transaction completion. All providers adhere to PCI-DSS standards as managed by the PCI Security Standards Council.
5. DISCLOSURE & SHARING OF INFORMATION
We do not sell your personal information for monetary consideration. We do share certain information with third parties for cross-context behavioural advertising, which constitutes 'sharing' under CPRA. You have the right to opt out of this sharing — see Section 7.
|
Third Party |
Purpose |
|
Shopify |
Website hosting and platform infrastructure. |
|
Shipping Carriers |
Delivery fulfilment and tracking communications. |
|
Meta / Facebook |
Retargeting advertising on Facebook and Instagram. |
|
|
Retargeting advertising on Google Search/Display. |
|
Instant Audiences |
Cross-site retargeting based on behavioural data. |
|
Google Analytics |
Website performance analytics and reporting. |
|
Afterpay / Klarna |
Buy-now-pay-later payment plans. |
|
Gorgias |
Customer support and helpdesk platform. |
|
Freddy S.p.A. |
Brand owner and affiliated Freddy companies. Where you have consented to marketing relating to Freddy products, we may share relevant customer, purchase, browsing, preference, and marketing engagement data so they may support, coordinate, personalise, and conduct Freddy-product marketing activities |
We may also disclose your personal information when required by law, court order, or government authority, or to protect the rights, property, or safety of Freddy Store, our customers, or the public. In the event of a business acquisition or merger, your information may transfer to the new entity solely to continue providing services to you.
6. YOUR U.S. STATE PRIVACY RIGHTS
Depending on your state of residence, you have some or all of the following rights. These apply to residents of California, Virginia, Colorado, Connecticut, Utah, and other states with enacted comprehensive privacy laws:
|
Your Right |
What It Means |
|
Right to Know / Access |
Request details about the categories and specific pieces of personal information we have collected, and how we use and share it. |
|
Right to Delete |
Request deletion of your personal information, subject to legal exceptions (e.g., tax records, fraud prevention). |
|
Right to Correct |
Request correction of inaccurate personal information we hold about you. |
|
Right to Opt-Out of Sharing/Selling |
Direct us to stop sharing your personal information for cross-context behavioural advertising. |
|
Right to Limit Use of Sensitive Personal Information |
Request we limit processing of your SPI to what is strictly necessary to perform our services. |
|
Right to Data Portability |
Request a copy of your personal information in a machine-readable format, where technically feasible. |
|
Right to Non-Discrimination |
We will not penalise you — via price increases, reduced service quality, or denial of access — for exercising any of these rights. |
|
Right to Opt-Out of Profiling / Automated Decision-Making |
Where applicable (e.g., Colorado residents under CPA), you may opt out of profiling that produces legal or similarly significant effects. We do not currently use fully automated decision-making that produces such effects, but you may contact us to enquire. |
How to Submit a Rights Request
You or your authorised agent may submit a request by:
-
Emailing hello@freddystore.com with the subject line: 'Privacy Rights Request'
-
Including your full name and the email address associated with your Freddy Store account for identity verification
We will acknowledge your request within 10 business days and respond fully within 45 calendar days. If we require an extension (up to a further 45 days), we will notify you before the initial deadline expires.
Authorised Agent Requests
You may designate an authorised agent (such as a family member or legal representative) to submit a rights request on your behalf. The agent should contact us at hello@freddystore.com and provide written confirmation of their authorisation. We may verify your identity directly to protect against fraudulent requests.
Right to Appeal
If we decline to act on your request, we will inform you of our reason(s) within the applicable response window. Residents of Virginia, Colorado, and Connecticut have the right to appeal our decision. To submit an appeal:
-
Email hello@freddystore.com with the subject line: 'Privacy Rights Request — Appeal'
-
Reference your original request and the reason you are appealing
We will respond to valid appeals within 60 days. If your appeal is denied, we will provide you with information on how to contact your state's Attorney General to submit a complaint.
7. DO NOT SELL OR SHARE MY PERSONAL INFORMATION
You have the right to opt out of the sharing of your personal information for cross-context behavioural advertising (i.e., targeted and retargeted advertising based on your browsing behaviour). You can exercise this right by:
-
Email Request: Send an email to hello@freddystore.com with the subject line 'Do Not Sell or Share My Information'. Include your name and the email address associated with your account.
We will process your opt-out request within 15 business days.
8. NOTICE OF FINANCIAL INCENTIVE
We offer promotional discounts (such as a discount off your first order) in exchange for signing up for our marketing newsletter or loyalty programme. This constitutes a 'financial incentive' under CCPA/CPRA.
|
Element |
Details |
|
The Offer |
A promotional discount code or exclusive offer provided upon email or SMS sign-up. |
|
Data Collected |
Your email address, phone number (if SMS), and shopping preferences. |
|
Value Basis |
The value of this incentive is calculated based on the cost of customer acquisition relative to the discount offered and the estimated lifetime value of a subscribed customer. We assess this periodically and the calculation is available upon request. |
|
How to Withdraw |
Unsubscribe via the link in any email, reply STOP to any SMS, or contact hello@freddystore.com. Withdrawal will not affect any discount already applied to a completed order. |
9. DATA RETENTION
We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, consistent with our legitimate business interests, and as required or permitted by law. We determine the appropriate retention period based on: (a) the nature and sensitivity of the data; (b) the potential risk of harm from unauthorised use or disclosure; (c) the purposes for which we process the data and whether those purposes can be achieved through other means; and (d) applicable legal, regulatory, accounting, or reporting requirements.
|
Data Type |
Retention Period & Basis |
|
Transaction & Order Records |
Up to 7 years — required for tax, accounting, and legal audit compliance. |
|
Customer Account Data |
For the lifetime of your account, plus up to 2 years following account closure or last login. |
|
Marketing Data (Email / SMS) |
Until you opt out or submit a valid deletion request, whichever is earlier. |
|
Fraud & Security Logs |
Up to 5 years, or as required by applicable law or our insurance obligations. |
|
Analytics Data |
Rolling 26-month window (Google Analytics default), subject to anonymisation after 14 months. |
|
Customer Support Records |
Up to 3 years from the date of last interaction, for quality assurance and legal purposes. |
10. CALIFORNIA "SHINE THE LIGHT" DISCLOSURE
Under California Civil Code Section 1798.83, California residents may request information about the personal information we have disclosed to third parties for their direct marketing purposes during the preceding calendar year. To make such a request, contact us at:
Email: hello@freddystore.com
Subject Line: 'California Shine the Light Request'
We will respond to verified Shine the Light requests within 30 days of receipt.
11. CHILDREN'S PRIVACY
Our website, www.freddystore.com, is not directed to children under the age of 16. We do not knowingly collect, sell, or share the personal information of any person under 16 years of age. If we become aware that we have inadvertently collected personal information from a child under 16, we will delete it promptly.
If you are a parent or guardian and believe we may have collected information from your child, please contact us at hello@freddystore.com.
|
Age threshold note: The minimum age of 16 applies to general data collection on our website under CCPA/CPRA. A separate minimum age of 13 (with parental consent for users aged 13–17) applies to SMS Programme participation under COPPA, as described in Section 9. |
12. SECURITY
We implement industry-standard technical and organisational safeguards to protect your personal information, including:
-
SSL/TLS encryption for all data transmitted between your browser and our website.
-
AES-256 encryption for data stored by our payment processing partners.
-
Access controls limiting employee access to personal data on a need-to-know basis.
-
Regular security assessments of our platform and third-party integrations.
While no method of transmission over the Internet is 100% secure, we follow all applicable PCI-DSS requirements and industry best practices. In the event of a data breach affecting your rights, we will notify you in accordance with applicable state breach notification laws.
14. SMS/MMS MOBILE MESSAGING MARKETING PROGRAM
We respect your privacy. We will only use information you provide through the Program to transmit your mobile messages and respond to you, if necessary. This includes, but is not limited to, sharing information with platform providers, phone companies, and other vendors who assist us in the delivery of mobile messages. WE DO NOT SELL, RENT, LOAN, TRADE, LEASE, OR OTHERWISE TRANSFER FOR PROFIT ANY PHONE NUMBERS OR CUSTOMER INFORMATION COLLECTED THROUGH THE PROGRAM TO ANY THIRD PARTY. Nonetheless, We reserve the right at all times to disclose any information as necessary to satisfy any law, regulation or governmental request, to avoid liability, or to protect Our rights or property. When you complete forms online or otherwise provide Us information in connection with the Program, you agree to provide accurate, complete, and true information. You agree not to use a false or misleading name or a name that you are not authorized to use. If, in Our sole discretion, We believe that any such information is untrue, inaccurate, or incomplete, or you have opted into the Program for an ulterior purpose, We may refuse you access to the Program and pursue any appropriate legal remedies.
California Civil Code Section 1798.83 permits Users of the Program that are California residents to request certain information regarding our disclosure of the information you provide through the Program to third parties for their direct marketing purposes. To make such a request, please contact us at the following address:
FREDDY USA
support@freddystore.com
This Privacy Policy is strictly limited to the Program and has no effect on any other privacy policy(ies) that may govern the relationship between you and Us in other contexts.
15. INSTANT AUDIENCES
We use Instant to help us understand how our customers use our site, and use this information to retarget for marketing purposes. You can read more about how Instant uses your Personal Information here: https://www.instant.one/privacy-policy. You can opt-out by contacting help@instant.one
16. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or applicable law. When we make material changes, we will:
-
Update the 'Last Updated' date at the top of this policy.
-
Post a prominent notice on our website or send an email notification where the change materially affects how we use your personal information.
We encourage you to review this policy periodically. Your continued use of our website after the effective date of changes constitutes your acceptance of the updated policy.
17. CONTACT OUR PRIVACY OFFICER
-
Privacy Email: hello@freddystore.com
-
Mailing Address: 66 West Flagler Street, Suite 900, PMB 11738, Miami, FL 33130
-
General Customer Support: hello@freddystore.com