Privacy policy

Last updated: March 25, 2026

Strutt operates this store and website, including all related information, content, features, tools, products and services, in order to provide you, the customer, with a curated shopping experience (the "Services"). Strutt is powered by Shopify, which enables us to provide the Services to you. This Privacy Policy describes how we collect, use, and disclose your personal information when you visit, use, or make a purchase or other transaction using the Services or otherwise communicate with us. If there is a conflict between our Terms of Service and this Privacy Policy, this Privacy Policy controls with respect to the collection, processing, and disclosure of your personal information.

Please read this Privacy Policy carefully. By using and accessing any of the Services, you acknowledge that you have read this Privacy Policy and understand the collection, use, and disclosure of your information as described in this Privacy Policy.

Personal Information We Collect or Process

When we use the term "personal information," we are referring to information that identifies or can reasonably be linked to you or another person. Personal information does not include information that is collected anonymously or that has been de-identified, so that it cannot identify or be reasonably linked to you. We may collect or process the following categories of personal information, including inferences drawn from this personal information, depending on how you interact with the Services, where you live, and as permitted or required by applicable law:

  • Contact details including your name, address, billing address, shipping address, phone number, and email address.
  • Financial information including credit card, debit card, and financial account numbers, payment card information, financial account information, transaction details, form of payment, payment confirmation and other payment details. For individuals in the EEA, UK, or Switzerland, financial information processed for payment purposes is subject to strict security and limited retention requirements.
  • Special Categories of Data (Sensitive Data). We generally do not collect special categories of personal data. If we process such data, it will be based on a specific legal ground under applicable law, such as your explicit consent or necessity for the establishment, exercise, or defense of legal claims.
  • Account information including your username, password, security questions, preferences and settings.
  • Transaction information including the items you view, put in your cart, add to your wishlist, or purchase, return, exchange or cancel and your past transactions.
  • Communications with us including the information you include in communications with us, for example, when sending a customer support inquiry.
  • Device information including information about your device, browser, or network connection, your IP address, and other unique identifiers.
  • Usage information including information regarding your interaction with the Services, including how and when you interact with or navigate the Services.

Provision of personal information may be required to enter into a contract with us or to receive certain services. If you choose not to provide personal information where required, we may not be able to provide certain products or services

Personal Information Sources

We may collect personal information from the following sources:

  • Directly from you including when you create an account, visit or use the Services, communicate with us, or otherwise provide us with your personal information;
  • Automatically through the Services including from your device when you use our products or services or visit our websites, and through the use of cookies and similar technologies;
  • From our service providers including when we engage them to enable certain technology and when they collect or process your personal information on our behalf;
  • From our partners or other third parties.

How We Use Your Personal Information

Depending on how you interact with us or which of the Services you use, we may use personal information for the following purposes. Under data protection laws, particularly the General Data Protection Regulation (GDPR), we are required to inform you of the legal bases for our processing of your personal information. These bases are as follows:

  • Provide, Tailor, and Improve the Services. We use your personal information to provide you with the Services, including to perform our contract with you, to process your payments, to fulfill your orders, to remember your preferences and items you are interested in, to send notifications to you related to your account, to process purchases, returns, exchanges or other transactions, to create, maintain and otherwise manage your account, to arrange for shipping, to facilitate any returns and exchanges, to enable you to post reviews, and to create a customized shopping experience for you, such as recommending products related to your purchases. This may include using your personal information to better tailor and improve the Services. This processing is necessary for the performance of our contract with you.
  • Marketing and Advertising. We use your personal information for marketing and promotional purposes, such as to send marketing, advertising and promotional communications by email, text message or postal mail, and to show you online advertisements for products or services on the Services or other websites, including based on items you previously have purchased or added to your cart and other activity on the Services.

    For individuals in the EEA, UK, or Switzerland:

    Where we use your email or phone number for direct marketing via email or SMS, we will only do so with your prior explicit consent (opt-in).

    Where we use cookies or similar technologies to deliver targeted advertising (behavioral advertising) on the Services or other websites, we rely on your consent obtained through our cookie consent management tool.

    Where we conduct limited marketing activities based on our legitimate interests (e.g., postal marketing), we have balanced these interests against your rights. You may object to such processing at any time.
  • Managing Communication Preferences. We may send you promotional emails, and you may opt out of receiving these at any time by using the unsubscribe option displayed in our emails to you or by contacting us. If you opt out, we may still send you non-promotional emails, such as those about your account or orders that you have made, which are necessary for the performance of our contract with you. If you have previously consented to our processing for other purposes, you have the right to withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing based on your consent before its withdrawal. You can withdraw your consent by contacting us using the contact details below. You can withdraw your consent by contacting us using the contact details below or, where applicable, by adjusting your cookie preferences.
  • Security and Fraud Prevention. We use your personal information to authenticate your account, to provide a secure payment and shopping experience, detect, investigate or take action regarding possible fraudulent, illegal, unsafe, or malicious activity, protect public safety, and to secure our services. If you choose to use the Services and register an account, you are responsible for keeping your account credentials safe. We highly recommend that you do not share your username, password or other access details with anyone else. This processing is necessary for our legitimate interests in protecting our business and services and for compliance with legal obligations.
  • Communicating with You. We use your personal information to provide you with customer support, to be responsive to you, to provide effective services to you and to maintain our business relationship with you. This processing is necessary for the performance of our contract with you and for our legitimate interests in maintaining our business relationship.
  • Legal Reasons. We use your personal information to comply with applicable law or respond to valid legal process, including requests from law enforcement or government agencies, to investigate or participate in civil discovery, potential or actual litigation, or other adversarial legal proceedings, and to enforce or investigate potential violations of our terms or policies. This processing is necessary for compliance with a legal obligation to which we are subject.

Where we rely on our legitimate interests as a legal basis for processing, these interests include improving our services, preventing fraud, securing our systems, and promoting our products and services. We carefully assess and balance our legitimate interests against your rights and freedoms before processing your personal information. You may request further information about this balancing test by contacting us.

How We Disclose Personal Information

In certain circumstances, we may disclose your personal information to third parties for legitimate purposes subject to this Privacy Policy. Such circumstances may include:

  • With Shopify, vendors and other third parties who perform services on our behalf (e.g. IT management, payment processing, data analytics, customer support, cloud storage, fulfillment and shipping).
  • With business and marketing partners to provide marketing services and advertise to you. For example, we use Shopify to support personalized advertising with third-party services based on your online activity with different merchants and websites. Our business and marketing partners will use your information in accordance with their own privacy notices. For individuals in the EEA, UK, or Switzerland, any sharing of personal information for targeted advertising purposes is based on your prior consent obtained through our cookie consent tool. You may withdraw your consent at any time.
  • When you direct, request us or otherwise consent to our disclosure of certain information to third parties, such as to ship you products or through your use of social media widgets or login integrations.
  • With our affiliates or otherwise within our corporate group.
  • In connection with a business transaction such as a merger or bankruptcy, to comply with any applicable legal obligations (including to respond to subpoenas, search warrants and similar requests), to enforce any applicable terms of service or policies, and to protect or defend the Services, our rights, and the rights of our users or others.

Relationship with Shopify

The Services are hosted by Shopify, which collects and processes personal information about your access to and use of the Services in order to provide and improve the Services for you. Information you submit to the Services will be transmitted to and shared with Shopify as well as third parties that may be located in countries other than where you reside, in order to provide and improve the Services for you. In addition, to help protect, grow, and improve our business, we use certain Shopify enhanced features that incorporate data and information obtained from your interactions with our Store, along with other merchants and with Shopify. To provide these enhanced features, Shopify may make use of personal information collected about your interactions with our store, along with other merchants, and with Shopify. In these circumstances, Shopify is responsible for the processing of your personal information, including for responding to your requests to exercise your rights over use of your personal information for these purposes. To learn more about how Shopify uses your personal information and any rights you may have, you can visit the Shopify Consumer Privacy Policy. Shopify also acts as an independent data controller for certain processing activities. Where Shopify acts as a controller, you should refer to its privacy policy for information on how to exercise your rights.

Third Party Websites and Links

The Services may provide links to websites or other online platforms operated by third parties. If you follow links to sites not affiliated or controlled by us, you should review their privacy and security policies and other terms and conditions. We do not guarantee and are not responsible for the privacy or security of such sites, including the accuracy, completeness, or reliability of information found on these sites. Information you provide on public or semi-public venues, including information you share on third-party social networking platforms may also be viewable by other users of the Services and/or users of those third-party platforms without limitation as to its use by us or by a third party. Our inclusion of such links does not, by itself, imply any endorsement of the content on such platforms or of their owners or operators, except as disclosed on the Services.

Children's Data

The Services are not intended to be used by children, and we do not knowingly collect any personal information about children under the age of 16, or under the age of 13 if a Member State has adopted a lower age threshold, provided such threshold is not lower than 13. If you are the parent or guardian of a child who has provided us with their personal information, you may contact us using the contact details set out below to request that it be deleted. We will verify parental consent where required by applicable law before processing any personal data of a child.

Security and Retention of Your Information

Please be aware that no security measures are perfect or impenetrable, and we cannot guarantee "perfect security." In addition, any information you send to us may not be secure while in transit. We recommend that you do not use unsecure channels to communicate sensitive or confidential information to us.

We retain your personal information only for as long as necessary for the purposes for which it was collected, including for the duration of your account, to fulfill our contractual obligations, to comply with legal, accounting, or regulatory requirements (typically up to Seven (7) years where required by law), and to resolve disputes or enforce agreements. Retention periods are determined based on the type of data, the purpose of processing, and applicable legal obligations. Where retention is no longer necessary, we securely delete or anonymize your personal information..

Your Rights and Choices (EEA, UK, and Switzerland)

If you are located in the EEA, UK, or Switzerland, you have the following rights under applicable data protection law:

  • Right to Access. You may request confirmation as to whether we process your personal data and access to that data, including information about the purposes of processing, categories of data, recipients, and retention period.
  • Right to Rectification. You may request correction of inaccurate or incomplete personal data.
  • Right to Erasure (Right to be Forgotten). You may request deletion of your personal data where, for example, the data is no longer necessary for the purposes for which it was collected, you withdraw consent, or you object to processing and there are no overriding legitimate grounds.
  • Right to Restriction of Processing. You may request restriction of processing in certain circumstances, such as while we verify the accuracy of data or the lawfulness of processing.
  • Right to Data Portability. You may request to receive your personal data in a structured, commonly used, and machine-readable format and have the right to transmit it to another controller, where processing is based on consent or contract and carried out by automated means.
  • Right to Object. You may object at any time to processing based on our legitimate interests, including for direct marketing purposes
  • Right to Withdraw Consent. Where processing is based on your consent, you may withdraw consent at any time without affecting the lawfulness of processing based on before withdrawal.
  • Right to Lodge a Complaint. You have the right to lodge a complaint with your local supervisory authority (in the EEA or UK).

To exercise any of these rights, please contact us using the details below. We may need to verify your identity before processing your request. We will respond within one month, which may be extended by two further months where necessary.

Complaints

If you have complaints about how we process your personal information, please contact us using the contact details provided below. If you are in the EEA or UK and are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority. For the EEA, you can find a list of the responsible data protection supervisory authorities here.

International Transfers

Please note that we may transfer, store and process your personal information outside the country you live in. For example, as we are based in the Netherlands and use Shopify as our service provider, your information may be processed in Singapore, the United States, and other jurisdictions where Shopify or its sub-processors operate.

If we transfer your personal information out of the European Economic Area or the United Kingdom to countries that have not been deemed to provide an adequate level of data protection by the European Commission or the UK Government, we will implement appropriate safeguards, including but not limited to the European Commission’s Standard Contractual Clauses (or the UK International Data Transfer Agreement / Addendum), to ensure that your personal information receives a level of protection essentially equivalent to that required under applicable data protection laws. You have the right to request a copy of the appropriate safeguards we have in place for such international transfers by contacting us using the details below.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time, including to reflect changes to our practices or for other operational, legal, or regulatory reasons. We will post the revised Privacy Policy on this website, update the "Last updated" date and provide notice as required by applicable law. For material changes, we will provide more prominent notice, such as by email or through the Services.

Data Protection Officer

We have appointed a Data Protection Officer (“DPO”) who can be contacted at service@strutt.inc. If you have any questions regarding the processing of your personal data or the exercise of your rights, you may contact our DPO at the same address.

Contact

Should you have any questions about our privacy practices or this Privacy Policy, or if you would like to exercise any of the rights available to you, please call or email us at service@strutt.inc or contact us at Verdunplein 17, UNIT C2208 5627SZ Eindhoven, Netherlands. For the purpose of applicable data protection laws, we are the data controller of your personal information. For individuals in the EEA, UK, or Switzerland, our representative (if required under Article 27 GDPR) can be contacted at the same address for matters related to GDPR compliance.