Privacy Policy

Last updated: 3 April 2026

At Rabbit & Hare, we take your privacy seriously. This Privacy Policy explains how we collect, use, store and protect your personal data when you visit our website, place an order, subscribe to our Bunny Club newsletter, or contact us. We are committed to ensuring your data is handled in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Please read this policy carefully. By using our website, you acknowledge that you have read and understood this Privacy Policy.

1. Who We Are

Rabbit & Hare is a UK-based online baby clothing retailer. We operate exclusively online and do not have a physical shop.

Business name: Rabbit & Hare
Location: Suffolk, England, United Kingdom
Website: https://wordpress-hwowo4cgo4ogs8o0skos0kow.securephone.co.uk
Email: hello@rabbitandhare.co.uk

For the purposes of the UK GDPR, Rabbit & Hare is the data controller responsible for your personal data. If you have any questions about this Privacy Policy or our data practices, please contact us at hello@rabbitandhare.co.uk.

2. What Personal Data We Collect

We may collect and process the following personal data depending on how you interact with us:

When you place an order

• Full name
• Email address
• Billing address
• Shipping address
• Phone number (if provided)
• Order history and transaction details
• Payment information (processed securely by Stripe; we do not store your full card details)

When you subscribe to our Bunny Club newsletter

• Email address
• First name (if provided)
• Subscription preferences
• Email engagement data (opens, clicks)

When you contact us

• Name
• Email address
• Any personal data you include in your message

When you browse our website

• IP address
• Browser type and version
• Operating system
• Referring website
• Pages visited and time spent on our site
• Cookie data (see our Cookies section below)

3. Why We Collect Your Data (Legal Basis)

Under the UK GDPR, we must have a lawful basis for processing your personal data. The bases we rely on are:

Performance of a contract (Article 6(1)(b)): We need your personal data to fulfil your order, process payment, arrange shipping, and handle returns or exchanges. Without this data, we cannot complete your purchase.

Consent (Article 6(1)(a)): When you subscribe to our Bunny Club newsletter, you give us consent to send you marketing emails about new products, offers and gentle parenting tips. You can withdraw this consent at any time by clicking the unsubscribe link in any email or by contacting us at hello@rabbitandhare.co.uk.

Legitimate interests (Article 6(1)(f)): We use analytics data to understand how visitors use our website so we can improve your experience. We may also use your data to detect and prevent fraud. We have assessed that these interests do not override your fundamental rights and freedoms.

Legal obligation (Article 6(1)(c)): We may need to retain certain data to comply with legal obligations, including tax and accounting requirements under UK law.

4. How We Use Your Data

We use your personal data for the following purposes:

• Processing and fulfilling your orders, including shipping and delivery
• Sending order confirmations, dispatch notifications and delivery updates
• Processing refunds and handling returns
• Responding to your enquiries and providing customer support
• Sending Bunny Club newsletter emails (only with your consent)
• Improving our website, products and services
• Analysing website traffic and user behaviour through Jetpack/WordPress analytics
• Preventing fraud and ensuring the security of our website
• Complying with legal and regulatory obligations

5. Who We Share Your Data With

We do not sell, rent or trade your personal data to third parties. We only share your data with trusted third-party service providers who help us operate our business. These providers are contractually obligated to protect your data and may only use it for the purposes we specify.

Payment processing: Stripe processes all card payments on our behalf. Stripe is PCI DSS compliant and handles your payment data securely. We never see or store your full card number. You can view Stripe’s privacy policy at stripe.com/privacy.

Website hosting and analytics: Our website is hosted on WordPress. We use Jetpack for website analytics and security. Jetpack’s privacy policy can be found at jetpack.com/support/privacy.

Shipping and delivery: We share your name and shipping address with our delivery partners (such as Royal Mail, Evri, or other couriers) to fulfil your order. For international orders, your data may be shared with customs authorities as required by law.

Email marketing: If you subscribe to the Bunny Club, your email address and name are processed by our email marketing platform to send you newsletters. You can unsubscribe at any time.

Legal requirements: We may disclose your data if required to do so by law, regulation, or legal process, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

6. International Data Transfers

Some of our third-party service providers (such as Stripe and Jetpack/Automattic) are based outside the United Kingdom. Where your data is transferred outside the UK, we ensure it is protected by appropriate safeguards, including:

• Transfers to countries that the UK Government has deemed to provide an adequate level of data protection
• Standard Contractual Clauses (SCCs) approved by the Information Commissioner’s Office (ICO)
• Other lawful transfer mechanisms recognised under UK data protection law

If you ship internationally, your name and address will be shared with overseas postal and customs services as necessary to deliver your order.

7. How Long We Keep Your Data

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law:

• Order and transaction data: 6 years from the date of your last order, as required by HMRC for tax and accounting purposes
• Customer account data: For as long as your account remains active, plus 2 years after your last activity
• Newsletter subscriber data: Until you unsubscribe. Upon unsubscription, your data is deleted within 30 days
• Contact enquiries: 2 years from the date of your last communication
• Analytics data: Aggregated and anonymised analytics data may be retained indefinitely as it does not identify you personally
• Website logs: Up to 12 months

When your data is no longer needed, it is securely deleted or anonymised.

8. Your Rights Under the UK GDPR

Under UK data protection law, you have the following rights regarding your personal data. You can exercise any of these rights by contacting us at hello@rabbitandhare.co.uk. We will respond to your request within one month.

Right of access: You have the right to request a copy of the personal data we hold about you (a Subject Access Request). We will provide this free of charge within one month.

Right to rectification: If any of your personal data is inaccurate or incomplete, you have the right to ask us to correct or complete it.

Right to erasure (right to be forgotten): You can ask us to delete your personal data where there is no compelling reason for us to continue processing it. Please note that we may need to retain certain data for legal or contractual obligations.

Right to restrict processing: You can ask us to limit how we use your data in certain circumstances, for example while we verify its accuracy.

Right to data portability: You have the right to receive the personal data you have provided to us in a structured, commonly used, machine-readable format, and to transmit it to another data controller.

Right to object: You have the right to object to our processing of your personal data where we are relying on legitimate interests as our legal basis. You also have the absolute right to object to direct marketing at any time.

Rights related to automated decision-making: We do not use your data for automated decision-making or profiling that produces legal effects concerning you.

Right to withdraw consent: Where we rely on your consent to process your data (such as for our Bunny Club newsletter), you can withdraw that consent at any time. This will not affect the lawfulness of any processing carried out before you withdrew consent.

If you are not satisfied with how we handle your request or have concerns about our data practices, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

Information Commissioner’s Office
Website: ico.org.uk
Telephone: 0303 123 1113
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

9. Cookies

Our website uses cookies, which are small text files placed on your device when you visit our site. Cookies help us provide you with a better experience and allow certain features to function properly.

Essential cookies

These are necessary for the website to function and cannot be switched off. They include cookies that remember items in your shopping basket, maintain your session, and enable secure checkout. Legal basis: legitimate interests.

Analytics cookies

We use Jetpack/WordPress analytics to understand how visitors interact with our website. These cookies collect anonymised information about which pages are visited and how users navigate the site. This helps us improve our website. Legal basis: legitimate interests or consent, depending on your cookie preferences.

WooCommerce cookies

WooCommerce sets cookies to track your shopping basket contents, whether you are logged in, and your session data. These are essential for the shopping experience to work correctly.

You can control and manage cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our website, particularly the shopping basket and checkout process. For more information about cookies and how to manage them, visit allaboutcookies.org.

10. Third-Party Services

Our website may contain links to third-party websites and services. We are not responsible for the privacy practices of these external sites. We encourage you to read the privacy policies of any third-party sites you visit.

The key third-party services we use are:

• Stripe – Payment processing (stripe.com/privacy)
• WooCommerce – E-commerce platform (automattic.com/privacy)
• Jetpack by Automattic – Analytics and security (jetpack.com/support/privacy)
• Royal Mail / Evri / other couriers – Order delivery

11. Children’s Privacy

Rabbit & Hare sells baby and children’s clothing, but our website and services are intended for use by adults (parents, carers and gift buyers). We do not knowingly collect personal data from children under the age of 16. Our website is designed for adult customers purchasing on behalf of children.

If you believe we have inadvertently collected personal data from a child under 16, please contact us immediately at hello@rabbitandhare.co.uk and we will take steps to delete that data promptly.

12. Data Security

We take the security of your personal data seriously and use appropriate technical and organisational measures to protect it from unauthorised access, alteration, disclosure or destruction. These measures include:

• SSL/TLS encryption across our entire website
• Secure payment processing through Stripe (PCI DSS Level 1 compliant)
• Regular software updates and security patches
• Restricted access to personal data on a need-to-know basis
• Secure password policies and authentication measures

While we strive to protect your personal data, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security, but we are committed to maintaining the highest standards reasonably possible.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology or legal requirements. When we make changes, we will update the “Last updated” date at the top of this page.

For significant changes that materially affect how we use your personal data, we will make reasonable efforts to notify you, for example by posting a prominent notice on our website or sending an email to our Bunny Club subscribers.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

14. Contact Us

If you have any questions, concerns or requests regarding this Privacy Policy or how we handle your personal data, please do not hesitate to get in touch:

Rabbit & Hare
Data Protection Contact: Rabbit & Hare Customer Care
Email: hello@rabbitandhare.co.uk
Location: Suffolk, England, United Kingdom

We aim to respond to all data protection enquiries within 72 hours and will fulfil any formal data subject requests within one calendar month, as required by the UK GDPR.

This Privacy Policy was last reviewed and updated on 3 April 2026.
Rabbit & Hare is committed to protecting your privacy and handling your data with care.