Last updated: 20 March 2026. This policy governs how Richard Mundi collects, processes, and protects your personal data in compliance with UK GDPR, EU GDPR, CCPA, UAE PDPL, Singapore PDPA, and applicable international law.
Richard Mundi ("we", "us", "our") operates the website richardmundi.com (the "Site"). We design and retail luxury menswear crafted from responsible, natural fibres for a discerning global clientele.
We are committed to handling your personal data with the same care and precision that goes into every Richard Mundi garment. For all data privacy matters, please contact us at info@richardmundi.com.
This Privacy Policy applies to all visitors and registered members of richardmundi.com, wherever you are in the world.
We collect only what is necessary to provide and improve our services. We do not collect data for its own sake.
| Category | Data Collected | Purpose | Legal Basis (GDPR) |
|---|---|---|---|
| Account & Identity | First name, last name, email address, country, phone (optional) | Creating and managing your account; personalising your experience | Contract performance — Art. 6(1)(b) |
| Communication Preferences | Opt-in/opt-out selections for editorial, discounts, and events | Ensuring we only contact you regarding matters you have explicitly requested | Consent — Art. 6(1)(a) |
| Analytics & Technical | IP address (anonymised), browser type, device type, pages visited, session duration | Understanding how visitors use the Site to improve usability and content | Consent — Art. 6(1)(a); requires cookie acceptance |
| Contact Enquiries | Name, email, message content submitted via our contact form | Responding to your enquiry; maintaining records of correspondence | Legitimate interests — Art. 6(1)(f) |
| Functional / Session | Cart contents, currency preference, session token (browser only) | Site functionality — ensuring the cart and preferences persist during your visit | Strictly necessary — does not require consent |
Account data (current, pre-launch): Account information is currently stored locally within your browser using localStorage. No account data is transmitted to, or held on, any external server at this stage. This is a temporary pre-launch arrangement.
Future (Shopify integration): When our e-commerce checkout is activated, account and order data will be transferred to and stored on Shopify Inc. servers (ISO 27001 certified, GDPR and UK GDPR compliant, with Standard Contractual Clauses in place for international transfers).
Analytics: Visitor data is processed by Google LLC via Google Analytics 4, subject to your cookie consent. IP addresses are anonymised. Google may process data in the United States; Google maintains compliance via Standard Contractual Clauses.
Contact form: Enquiries submitted via our contact page are processed by Formspree Inc. and forwarded to our email. Formspree retains submissions in accordance with their own privacy policy.
We apply appropriate technical and organisational security measures to protect your data against unauthorised access, loss, or disclosure.
| Data Type | Retention Period |
|---|---|
| Account data | Until you delete your account or clear your browser data |
| Analytics data (GA4) | 14 months (our configured retention setting) |
| Contact form submissions | Up to 24 months from receipt |
| Marketing preference records | Until withdrawal of consent or account deletion |
| Transactional / order data (future) | 7 years (legal and accounting obligation) |
When data is no longer required for its stated purpose, we securely delete or anonymise it.
We do not sell, rent, or trade your personal data. We share data only where necessary and only with the following processors:
| Third Party | Purpose | Transfer Safeguard |
|---|---|---|
| Google LLC (GA4) | Analytics — only with your consent | Standard Contractual Clauses (EU/UK) |
| Formspree Inc. | Contact form processing | Standard Contractual Clauses |
| Shopify Inc. (future) | E-commerce, orders, and checkout | Standard Contractual Clauses; ISO 27001 |
| Competent legal authorities | Where required by applicable law | Legal obligation — Art. 6(1)(c) GDPR |
Richard Mundi serves a global clientele including visitors from the United Kingdom, European Union, United Arab Emirates, Singapore, Japan, South Africa, Brazil, and beyond. Depending on your location, your data may be subject to additional national laws:
Where we transfer data outside the UK or EEA, we ensure appropriate safeguards are in place (Standard Contractual Clauses or equivalent mechanisms).
Depending on your country of residence, you hold the following rights regarding your personal data. To exercise any of these rights, contact info@richardmundi.com. We will respond within 30 days (or within the timeframe required by applicable law).
| Right | What It Means | Applies Under |
|---|---|---|
| Access | Request a copy of all personal data we hold about you | UK/EU GDPR, UAE PDPL, PDPA, CCPA, LGPD, POPIA |
| Rectification | Correct inaccurate or incomplete personal data | UK/EU GDPR, UAE PDPL, PDPA, LGPD, POPIA |
| Erasure ("Right to be Forgotten") | Request deletion of your data where no overriding legal basis exists | UK/EU GDPR, UAE PDPL, LGPD, CCPA, POPIA |
| Restriction of Processing | Restrict how we use your data in certain circumstances | UK/EU GDPR, LGPD |
| Data Portability | Receive your data in a structured, machine-readable format | UK/EU GDPR, LGPD |
| Object to Processing | Object to processing based on legitimate interests or for direct marketing | UK/EU GDPR, LGPD, POPIA |
| Withdraw Consent | Withdraw any consent given at any time, without detriment | All jurisdictions |
| Opt-Out of Sale (CCPA) | We do not sell personal data — this right is automatically satisfied | CCPA / CPRA (California) |
| Lodge a Complaint | Complain to your local supervisory authority (see below) | All jurisdictions |
Supervisory authorities: UK — Information Commissioner's Office (ico.org.uk) · EU — your national data protection authority · UAE — UAE Data Office · Singapore — PDPC (pdpc.gov.sg) · South Africa — Information Regulator (inforegulator.org.za)
We use cookies and similar technologies in accordance with your preferences. Strictly necessary cookies are always active. All optional cookies (including analytics) require your explicit consent before activation.
For full details of every cookie we use, its purpose, and its retention period, please see our Cookie Policy. You may update your preferences at any time:
The Site is not directed at, and does not knowingly collect personal data from, individuals under the age of 16 (or the applicable age of digital consent in your jurisdiction). If you believe we have inadvertently received data from a minor, please contact us immediately at info@richardmundi.com and we will delete it without delay.
We implement appropriate technical and organisational security measures commensurate with the nature of the data we process. These include access controls, encrypted communications (HTTPS), and limited data retention. However, no method of electronic storage or internet transmission is entirely secure — we cannot guarantee absolute security and accept no liability for breaches beyond our reasonable control.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware, and will inform affected individuals where required by law.
We may update this Privacy Policy periodically to reflect changes in our data practices, technology, or legal obligations. The revision date is shown at the top of this page. Where changes are material, we will notify registered users by email where practicable. Continued use of the Site after a revised policy is posted constitutes acceptance of the updated terms.
To exercise any data rights, raise a concern, or simply ask a question about how we handle your information:
This policy is governed by the laws of England and Wales. Nothing in this policy limits any statutory rights you hold under the law of your country of residence.