PersonalBusiness / Wholesale
Find a store·Support·Contact us·Sign in
R
Ryden.
Currency
Bikes
Road bikesMountain bikesHybrid / CityGravelElectric bikesFoldingBMXKids bikesBrowse all bikes →
Parts
Chains & drivetrainBrakesWheels & tiresFrame & cockpitBrowse all parts →
Accessories
Lights & visibilityLocks & securityBottles & cagesBags & storageTools & maintenanceBrowse all accessories →
SaleNew ArrivalsJournalSign inFind a storeSupport

Privacy Policy

Last updated:

In this guide

1. Who we are

This policy applies to Ryden (the "shop", "we", "us", "our"), operated by [LEGAL ENTITY NAME], registered at [BUSINESS ADDRESS], company number [COMPANY NUMBER].

For data protection purposes, [LEGAL ENTITY NAME] is the data controller for personal information collected through ryden.store. Our data protection contact is [privacy@ryden.store].

If we appoint a Data Protection Officer (DPO) or EU/UK representative, their details will be added here.

2. What we collect

We collect personal data in three ways:

2.1 Data you give us

  • Account details — name, email, password (hashed, never stored in plaintext).
  • Order details — shipping address, billing address, phone number (for couriers).
  • Communications — anything you write to us via email, contact forms, or live chat.
  • Marketing preferences — whether you've opted into newsletters and which lists.

2.2 Data we collect automatically

  • Device & browser — IP address, user agent, screen size, referring URL.
  • Usage — pages visited, items added to cart, time on page (aggregated where possible).
  • Cookies — see section 4 below.

2.3 Data from third parties

  • Payment processors — when you pay, our processor (see section 5) tells us whether the charge succeeded, the last four digits of your card, and the billing country. We never see your full card number or CVC.
  • Couriers — delivery confirmations and exceptions (failed delivery, redelivery requests).
  • Social login (if enabled) — name and email from the provider, only if you choose to sign in this way.

What we do NOT collect: your full card number, your social security / national insurance number, biometric data, or precise GPS location.

3. How we use your data

Under GDPR / UK GDPR, every use of personal data must have a lawful basis. Here are ours:

What we doWhyLawful basis
Process your order, take payment, arrange shippingWithout this, the shop can't functionContract (Art. 6(1)(b))
Send order confirmations, shipping updates, delivery notificationsYou need to know where your stuff isContract (Art. 6(1)(b))
Detect and prevent fraud, chargebacks, abuseProtect the shop and other customersLegitimate interest (Art. 6(1)(f))
Comply with tax, accounting, consumer-law obligationsWe have to keep certain recordsLegal obligation (Art. 6(1)(c))
Send marketing emails about products and salesYou signed upConsent (Art. 6(1)(a))
Analyse aggregate site usage to improve the shopMake the site better, faster, less brokenLegitimate interest (Art. 6(1)(f))
Respond to your questions, complaints, returnsCustomer supportContract / Legitimate interest

We do not use your personal data to make solely automated decisions with legal or similarly significant effects (e.g. credit scoring). Fraud screening uses automated signals but a human reviews any rejected order.

4. Cookies & tracking

A cookie is a small text file your browser stores when you visit a site. We use three categories:

  • Strictly necessary — these run the cart, keep you signed in, and remember your currency. No consent required because the site doesn't work without them.
  • Functional — remember things like your wishlist or recent searches. Stored on your device only.
  • Analytics — anonymous, aggregated traffic data. We use [ANALYTICS PROVIDER, e.g. Plausible / Vercel Analytics], which we believe is privacy-respecting and does not build cross-site profiles.

We do not use cookies to track you across other websites, build advertising profiles, or sell data to data brokers.

If you set up a cookie banner with consent for analytics or marketing cookies, this section needs to match the banner's exact categories. You can withdraw consent at any time by [LINK TO COOKIE SETTINGS] or clearing cookies in your browser.

5. Who we share your data with

We share personal data only with these categories of recipients, and only what they need to do their job:

RecipientWhat they getWhy
Payment processor — [STRIPE / ADYEN / ETC]Order amount, billing details, encrypted card dataTake payment, prevent fraud
Couriers — [ROYAL MAIL, DHL, FEDEX, ETC]Name, delivery address, phone, order weightDeliver your order
Email platform — [KLAVIYO / POSTMARK / RESEND]Email, name, order summarySend transactional and (with consent) marketing emails
Hosting & infrastructure — [VERCEL / AWS]IP addresses, request logsRun the website
Customer support tool — [INTERCOM / ZENDESK / NONE]Your messages and emailReply to your questions
Tax & accounting — [ACCOUNTANT NAME / SOFTWARE]Invoice dataLegal obligation

We will also disclose personal data if compelled by a court, regulator, or law enforcement — and only the minimum required.

For California residents: in the past 12 months, we have not "sold" or "shared" your personal information for cross-context behavioural advertising (as those terms are defined under the CCPA/CPRA). We have no plans to.

6. International transfers

Some of our processors are based outside the UK / EEA (notably in the US). When personal data is transferred there, we rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission and the UK ICO, where the recipient is in a country without an adequacy decision;
  • Adequacy decisions (e.g. the EU-US Data Privacy Framework, where applicable);
  • Additional safeguards such as encryption in transit and at rest.

You can request a copy of the SCCs we rely on by emailing [privacy@ryden.store].

7. How long we keep your data

  • Account data — for as long as your account is open, plus 12 months after closure.
  • Order, invoice, and tax records — at least [6 / 7 / 10] years, as required by tax law in [JURISDICTION].
  • Marketing consent — until you unsubscribe, then we keep a suppression record indefinitely to honour your unsubscribe.
  • Support tickets — 2 years after resolution.
  • Server logs — 30 days, then aggregated or deleted.

8. Security

We take reasonable technical and organisational measures, including:

  • HTTPS everywhere (TLS 1.2+).
  • Passwords hashed with a modern algorithm — we never store them in plaintext, and even our staff cannot read your password.
  • Card data never touches our servers — it's tokenised by our payment processor.
  • Role-based access for staff; production database access is restricted and logged.
  • Regular dependency updates and vulnerability monitoring.

No system is unbreakable. If we suffer a personal-data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours, as required by GDPR Article 33–34.

9. Your rights

Subject to local law, you have the right to:

  • Access — get a copy of the personal data we hold on you.
  • Rectification — correct anything inaccurate.
  • Erasure ("right to be forgotten") — ask us to delete your data, subject to legal retention requirements.
  • Restriction — ask us to stop processing your data in certain situations.
  • Portability — get your data in a machine-readable format.
  • Object — to processing based on legitimate interests, including direct marketing.
  • Withdraw consent — at any time, for any processing based on consent (this doesn't affect prior lawful processing).

To exercise any of these, email [privacy@ryden.store]. We'll respond within 30 days (one month under GDPR), free of charge. We may ask you to verify your identity first.

If you're in California (CCPA/CPRA): you also have the right to know what categories of personal information we collect, to delete it, to correct it, to opt out of "sale" or "sharing" (we don't do either), and to non-discrimination for exercising any right.

If you're in the EU or UK: if you think we've mishandled your data, you have the right to complain to your local supervisory authority (e.g. the UK ICO at ico.org.uk). We'd prefer you come to us first, but you don't have to.

10. Children's privacy

Ryden is not intended for children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we'll delete it.

11. Changes to this policy

We may update this policy when our practices change, when we add new tools, or when the law requires it. The "Last updated" date at the top of this page always reflects the current version. Material changes will be announced via email if you have an account, or via a banner on the site.

12. Contact us

For any privacy question, request, or complaint:

For general support, see our contact page.