Privacy policy
Privacy Policy – Archies Footwear Europe
Last updated: 24/11/2025
Archies Footwear Pty Ltd (“we”, “our”, “us”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website www.archiesfootwear.eu or make a purchase through our online store.
We process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable national data-protection laws.
1. Data Controller, Data Protection Officer, EU Representative, and Lead Supervisory Authority
Contact: Jackie Simpkin – jackie@archiesfootwear.com.au
Data Protection Officer (DPO): We are not required to appoint a DPO.
EU Representative (Article 27 GDPR): We have appointed an EU representative under Article 27 GDPR (details below).
Our EU representative pursuant to Article 27 of the GDPR is:
kraatz digital
Rudolf-Diesel-Straße 11
69115 Heidelberg
Deutschland
E-Mail: privacy@kraatz.digital
Website: https://kraatz.digital/
2. Personal Data We Collect
We collect personal data directly from you or, in some cases, from third-party providers (e.g., payment processors, social media logins, analytics tools) where permitted by law. If we obtain your email during a purchase of our products, we may send you marketing about similar products on an opt-out basis, provided we offered you a clear opportunity to refuse at collection and in every message.
Other personal data collected may include:
- Identification and contact details such as name, billing and delivery address, phone number, and any other email addressed supplied;
- Order and payment details relating to purchases, payment method, and transaction history;
- Device and usage data including IP address, browser type, operating system, and activity on our website (via cookies and analytics tools);
- Marketing and communication preferences such as newsletter subscription, feedback, and participation in promotions.
We do not intentionally collect personal data from children under 16 years of age, and we may collect birth dates for purposes including age verification for promotions, in accordance with the applicable Member-State specific age. If you are a parent or guardian and believe your child has provided data to us, please contact us to request deletion.
3. Purposes and Legal Bases for Processing
We process your personal data only when a lawful basis applies under Article 6 GDPR:
|
Purpose |
Legal Basis |
|
Processing and delivering orders |
Performance of a contract (Art. 6 (1)(b)) |
|
Managing payments and preventing fraud |
Legitimate interest and/or legal obligation (Art. 6 (1)(f), (c)) |
|
Providing customer support |
Performance of a contract (Art. 6 (1)(b)) |
|
Sending marketing communications |
Consent (Art. 6 (1)(a)) |
|
Improving website performance and analysing usage |
Consent for cookies (Art. 6 (1)(a)); legitimate interest for essential analytics (Art. 6 (1)(f)) |
|
Complying with accounting, tax or legal obligations |
Legal obligation (Art. 6 (1)(c)) |
|
Direct marketing to existing customers (similar products or services), including notification of promotions |
Legitimate interest (Art. 6(1)(f)), in accordance with Recital 47 GDPR; you can opt out at any time. |
You can withdraw your consent at any time by contacting us or adjusting your cookie preferences.
4. Cookies and Tracking Technologies
We use cookies and similar technologies to operate our website, enhance functionality, analyse visitor behaviour, and deliver relevant content and offers.
Cookies are small text files stored on your device when you visit our website. They help us provide essential features such as retaining your shopping cart if you leave our website and return later, and to remember your preferences.
Types of Cookies We Use Include:
- Essential cookies – necessary for website operation (e.g. shopping cart, checkout);
- Analytics cookies – to collect information about site usage to help us improve performance;
- Marketing cookies – used to deliver relevant advertisements and measure campaign effectiveness; and
- Preference cookies – remember your language and region settings
Non-essential cookies and similar tracking technologies (including pixels, SDKs, local storage, etc.) only load after opt-in. You can manage or withdraw consent for non-essential cookies at any time through the cookie banner or your browser settings. If you disable certain cookies, some functions of the website may not operate properly.
Cookies Used on Our Website
|
Necessary |
||||
|
Name |
Function |
Provider |
Expiry |
Type |
|
cart |
Stores cart contents throughout the session and into checkout |
Shopify |
2 weeks |
First-party |
|
cart_currency |
Ensures cart/checkouts use correct currency for region |
Shopify |
2 weeks |
First-party |
|
keep_alive |
Helps maintain Shopify session; identifies first request |
Shopify |
Session |
First-party |
|
localization |
Remembers visitor’s country to show correct pricing/experience |
Shopify |
2 weeks |
First-party |
|
user |
Authenticates a user in the Shop/Shop Pay environment |
Shop App |
1 year |
Third-party |
|
user_cross_site |
Maintains Shop/Shop Pay login across surfaces |
Shop App |
1 year |
Third-party |
|
privacy_signal |
Stores user consent under regional privacy laws |
Shopify |
1 year |
First-party |
|
zaraz-consent |
Saves visitor’s consent preferences for Cloudflare Zaraz tags |
Cloudflare |
1 year |
Third-party |
|
cookies-analytics |
Records whether visitor allowed analytics cookies |
Archies Footwear |
1 year |
First-party |
|
cookies-functional |
Records whether visitor allowed functional cookies |
Archies Footwear |
1 year |
First-party |
|
cookies-marketing |
Records whether visitor allowed marketing cookies |
Archies Footwear |
1 year |
First-party |
|
cookies-preferences |
Stores full set of cookie consent choices |
Archies Footwear |
1 year |
First-party |
|
smsbump_form_pages_session… |
Keeps Yotpo/SMSBump form session active |
Yotpo |
Session |
First-party |
|
Functional |
||||
|
Name |
Function |
Provider |
Expiry |
Type |
|
cookiehub |
Stores Yotpo widget-specific consent settings |
Yotpo |
1 year |
Third-party |
|
loop_cid_* |
Identifies device/customer for Loop returns portal |
Loop |
1 year |
First-party |
|
loop_sid_* |
Session identifier for Loop returns flow |
Loop |
Session |
First-party |
|
wd |
Stores browser window dimensions so Facebook UI renders correctly |
Meta (Facebook) |
Session |
Third-party |
|
Analytics |
||||
|
Name |
Function |
Provider |
Expiry |
Type |
|
lo-uid |
Unique visitor ID for session replay analytics (Lucky Orange or equivalent) |
Lucky Orange |
2 years |
First-party |
|
lo-visits |
Counts number of return visits for behavioural analytics |
Lucky Orange |
Persistent |
First-party |
|
fs_uid |
Unique visitor ID for Yotpo analytics |
Yotpo |
1 year |
Third-party |
|
ajs_user_id |
Persistent visitor ID for Amplitude/Yotpo analysis |
Yotpo / Amplitude |
1 year |
Third-party |
|
amp_bdbbfc |
Stores session data for Amplitude analytics |
Yotpo / Amplitude |
1 year |
Third-party |
|
analytics_session_id |
Analytics session ID for Yotpo |
Yotpo |
30 minutes |
Third-party |
|
analytics_session_id.last_access |
Latest timestamp for the analytics session |
Yotpo |
30 minutes |
Third-party |
|
cfz_amplitude |
Amplitude analytics identifiers set via Cloudflare Zaraz |
Cloudflare |
1 year |
Third-party |
|
cfz_google-analytics_v4 |
GA4 analytics identifier via Zaraz |
Google / Cloudflare |
1 year |
Third-party |
|
ar_debug |
Enables debug analytics mode for GA/Ads |
|
Session |
Third-party |
|
sparrow_id |
Cloudflare device ID used for performance analytics & security |
Cloudflare |
30 days |
Third-party |
|
Marketing |
||||
|
Name |
Function |
Provider |
Expiry |
Type |
|
yotpo_pixel |
Tracks behaviour to attribute Yotpo-powered marketing |
Yotpo |
1 year |
First-party |
|
yotpo_tracker_subscriber_identifier |
Identifies Yotpo subscribers for attribution |
Yotpo |
1 year |
First-party |
|
pixel |
Used by Yotpo for marketing campaign tracking |
Yotpo |
Session |
Third-party |
|
cfz_facebook-pixel |
Meta Pixel identifier via Cloudflare Zaraz |
Meta |
1 year |
Third-party |
|
cfz_reddit |
Reddit Ads identifier via Cloudflare Zaraz |
|
1 year |
Third-party |
|
cfz_adobe |
Adobe advertising integration via Zaraz |
Adobe |
1 year |
Third-party |
|
datr |
Browser identifier for Facebook ads + security |
Meta |
2 years |
Third-party |
|
fr |
Main Facebook advertising cookie for conversions |
Meta |
3 months |
Third-party |
|
ps_l |
Tracks interactions with Meta plugins/ads |
Meta |
1 year |
Third-party |
|
ps_n |
Works with ps_l to measure ad performance |
Meta |
90 days |
Third-party |
|
sb |
Browser identifier used for login security + ad personalisation |
Meta |
2 years |
Third-party |
|
sfau |
Tracks click data for Meta ads |
Meta |
Session |
Third-party |
|
sfiu |
Tracks interactions with Meta ads for conversion measurement |
Meta |
Session |
Third-party |
|
ttcsid / ttcsid_* |
TikTok click/session IDs for conversion attribution |
TikTok |
Session – 30 days |
Third-party |
|
utm_medium |
Stores marketing channel (email, CPC, social, etc.) |
Shopify |
Session or persistent |
First-party |
|
utm_source |
Stores traffic source (Google, Meta, affiliate) |
Shopify |
Session or persistent |
First-party |
Session cookies last until you stop browsing; persistent cookies last until they expire or are deleted (between 30 minutes and two years).
Most browsers automatically accept cookies, but you can change this through your browser’s Tools or Preferences menu. Further details can be found at www.allaboutcookies.org.
Our website may include links to external websites or services operated by third parties. We are not responsible for the content or privacy practices of these websites. We recommend reviewing the privacy policies of these third parties before providing any personal information.
5. Data Sharing and International Transfers
We share your data only with trusted service providers who help us operate our business efficiently, such as:
- E-commerce platform: Shopify International Ltd. (Ireland)
- Payment processors: Shopify Payments (Shopify International Ltd., Ireland)
- Analytics and advertising tools: Microsoft Clarity (Microsoft Corporation, USA), Meta (Facebook and Instagram, USA), Pintrest, Inc. (USA), Okendo Pty Ltd (AUS), Klaviyo, Inc. (USA), Zigpoll (Inc., USA), Loop (Xariable, Inc. (USA), North Beam, Inc. (USA), Gorgias Inc. (USA)/France.
- Shipping partners: Supply Chain Solutions Europe B.V., DHL Group
- Reviewing tools: Okendo Pty Ltd (Australia)
- Returns partner: Loop (Xariable, Inc. (USA)
- Email marketing provider: Klaviyo, Inc. (USA) and Yotpo (USA/Israel).
These partners act as data processors under Article 28 GDPR and are bound by contracts ensuring confidentiality and security. These partners may use technological tools, including artificial intelligence to process your data.
Certain processing activities, such as payment authentication, fraud prevention, and analytics, are conducted jointly with Shopify International Ltd. (Ireland), which may act as an independent controller for those purposes. We have a transparent Art. 26 arrangement in place to assign rights requests and other esseentials. For further information on Shopify’s data practices, please see their privacy policy at https://www.shopify.com/legal/privacy/customers.
As Archies Footwear Pty Ltd is based in Australia, your data may be transferred outside the EEA. Some of our service providers (e.g. Shopify, Meta Platforms, Google) may process data in countries such as the United States, Canada, or Australia. Where no adequacy decision exists, we rely on the European Commission’s Standard Contractual Clauses (2021/914/EU), which may be supplemented by technical and organisational safeguards (e.g. encryption and access controls) to ensure an adequate level of protection based on transfer risk assessments. Where our service providers participate in the EU-US Data Privacy Framework, we may rely on their certification.
6. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes outlined in this policy or to comply with legal obligations.
For example:
- Order and transaction data: retained for up to 10 years to meet accounting and tax requirements;
- Marketing data: email/SMS data is collected relying on consent, including “soft opt-in” for existing customers – this data is retained until consent is withdrawn;
- Technical and analytics data: typically deleted within 30–90 days.
Once the retention period expires, personal data is securely deleted or anonymised unless required for ongoing legal proceedings.
7. Your Rights Under GDPR
You have rights regarding your personal data, including:
- Right to transparency (Art. 13 and Art. 14) – your right to clear and transparent communication in respect of your rights, the use of your data, the consequences of not providing your data and the source of your data.
- Right of access (Art. 15) – to obtain confirmation and a copy of your data;
- Right to rectification (Art. 16) – to correct inaccurate information;
- Right to erasure (Art. 17) – to request deletion of your data;
- Right to restriction of processing (Art. 18) – to limit how your data is used;
- Right to data portability (Art. 20) – to receive your data in a structured format;
- Right to object (Art. 21) – to object to processing, especially for direct marketing; and
- Right to withdraw consent (Art. 7(3)) – to withdraw previously given consent at any time.
We do not use automated decision-making that produces legal or similarly significant effects. We may, however, use profiling to tailor marketing content based on your prior purchases or browsing behaviour, but only with your consent.
To exercise these rights, please contact legals@archiesfootwear.com.
We will respond to any rights request within one month as required by Article 12 GDPR. If your identity cannot be verified, we may request additional information.
8. Right to Lodge a Complaint
You may lodge a complaint with a data-protection authority in your country of residence, place of work, or where an alleged infringement occurred.
A list of EU supervisory authorities can be found at https://edpb.europa.eu/about-edpb/about-edpb/members_en.
9. Data Security
We implement appropriate technical and organisational measures to secure your data, including encryption, access controls, and regular security reviews. While we take all reasonable precautions, no online system is completely secure, and we cannot guarantee absolute protection against unauthorised access. We rely on reputable service providers that publicly commit to industry-standard security practices (such as ISO 27001 or equivalent).
10. Policy Updates
We may update this Privacy Policy from time to time to reflect legal or operational changes. Material updates will be announced on our website or via email prior to becoming effective. The most recent version and effective date will always be displayed at the top of this page. Previous versions of this Privacy Policy can be requested at any time by contacting us.
Contact
For privacy-related questions or concerns, please contact:
Jackie Simpink
Email: legals@archiesfootwear.com.au
Mail: Archies Footwear Pty Ltd, Level 2 456 High Street, Echuca, Victoria 3564, Australia
- Choosing a selection results in a full page refresh.