Free worldwide shipping on every order
New drop: NOBODY DIES A VIRGIN — limited run
100+ orders shipped · 4.9★ average rating

Legal

Privacy Policy

Last updated: April 2025

SMIRK ("we", "us", "our") is committed to protecting your personal data. This policy explains what data we collect, why we collect it, and your rights under the EU General Data Protection Regulation (GDPR) and applicable national law.

Our registered contact: hello@smirktees.com

1. Data We Collect

When you place an order

  • Name, email address, delivery address, phone number
  • Payment details (processed securely by our payment provider — we never store card numbers)
  • Order history and purchase amounts

When you browse the site

  • IP address, browser type, pages visited, time on site
  • Cookie identifiers (see Section 5)

When you sign up for email

  • Email address and marketing preferences

2. Why We Use Your Data

  • Order fulfilment — to process payments, ship orders, and send confirmations (legal basis: contract)
  • Customer support — to respond to queries and handle returns (legal basis: contract)
  • Marketing emails — only if you opted in; unsubscribe any time (legal basis: consent)
  • Analytics — to understand how visitors use the site (legal basis: legitimate interests)
  • Legal obligations — tax, accounting, and fraud-prevention requirements

3. How Long We Keep It

  • Order data: 7 years (EU tax law)
  • Marketing email list: until you unsubscribe
  • Analytics data: 26 months (rolling)
  • Support correspondence: 3 years after last contact

4. Who We Share It With

We do not sell your personal data. We share it only with:

  • Shipping carriers (name, address) to deliver your order
  • Payment processors (Stripe, PayPal) to authorise transactions
  • Email service provider (Klaviyo / Mailchimp) for transactional and marketing emails
  • Analytics platform (Plausible / Google Analytics) — anonymised usage data only

All third-party processors are GDPR-compliant and operate under signed data processing agreements.

5. Cookies

  • Essential — shopping cart, session management. Cannot be disabled.
  • Analytics — page-view tracking to improve the site. Only set after consent.
  • Marketing — retargeting ads. Only set after consent.

6. Your Rights (GDPR)

  • Access — request a copy of the personal data we hold about you
  • Rectification — correct inaccurate data
  • Erasure — request deletion, subject to legal retention requirements
  • Restriction — limit how we process your data
  • Portability — receive your data in a machine-readable format
  • Object — opt out of legitimate-interests processing or direct marketing
  • Withdraw consent — at any time, without affecting prior processing

To exercise any right, email hello@smirktees.com. We respond within 30 days.

7. Data Security

We use SSL/TLS encryption for all data in transit. Payment data is handled exclusively by PCI-DSS certified processors. Access to customer data is limited to authorised personnel only.

8. Changes to This Policy

We may update this policy as our practices change or to comply with new regulations. The "last updated" date at the top will always reflect the current version.

9. Contact

Questions about this policy? Email hello@smirktees.com. We aim to respond within 2 business days.