Privacy policy


1.1 The Mercantile Limited (trading as “Paris Georgia”) values the relationship we have with you, and we are committed to protecting your personal information and privacy rights generally.

1.2 Paris Georgia is also referred to as “we” and “us” in this privacy policy and when referred to, such reference includes any person or organisation to which it has licensed or assigned its rights and obligations.

1.3 When we refer to personal information throughout this privacy policy (“Privacy Policy”), we mean personal information as defined in the New Zealand Privacy Act 2020, being any information about an identifiable individual (“Personal Information”).

1.4 This policy applies to all Personal Information under the control of Paris Georgia. It does not apply to other Personal Information collected or held by other entities outside of our control, or to the Personal Information of our employees, contractors, or directors.

1.5 This Privacy Policy sets out how we will collect, use, disclose, and protect Personal Information collected in relation to products accessed and sold through the Paris Georgia website (“Website”).

1.6 When dealing with Personal Information, Paris Georgia will comply with this Privacy Policy and with applicable privacy laws in New Zealand, Australia, the European Union, and California in the United States of America (together “Applicable Privacy Laws”, and separately “Applicable Privacy Law”). If you are not in any of these locations, this Privacy Policy may not comply with the privacy regulations in your location. If you live elsewhere in the world and access or purchase products from our Website, you so do at your own risk knowing that you are providing us with Personal Information (which we will deal with as if you were subject to the New Zealand Privacy Act 2020).

1.7 This Privacy Policy does not limit or exclude any of rights under the Applicable Privacy Laws in the countries in which the Website is available. For more information, see:

(a) For Australian residents, the Australian Privacy Act 1988.
(b) For New Zealand residents, the New Zealand Privacy Act 2020.
(c) For European Union Residents, the General Data Protection Regulation.
(d) For residents of California, United States of America, the California Consumer Privacy Act 2018 and the California Online Privacy Protection Act 2013.

1.8 By using our Website, or completing and submitting orders or account information, or corresponding with us, you agree to accept this Privacy Policy. You also agree to receive marketing communications from us, although you can unsubscribe at any time.

Collection of Personal Information

We will collect Personal Information as follows:

2.1 Using, or placing an order on, our Website

When using, or placing an order on, the Website, we will collect Personal Information that is required to facilitate your use of the Website and process any order. This includes but is not limited to your:

  • name;
  • email address;
  • physical address;
  • phone number; and
  • browsing data.

If you are signed in as an account holder, other Personal Information will be collected by us such as your subscription status and previous order history. When creating an account, customers are automatically enrolled in our loyalty programme, and the terms and conditions relating to our loyalty programme (which you can view here) will apply.

2.2 Subscribing to our mailing list

When subscribing to the Paris Georgia mailing list, we will collect Personal Information including your name, email address and browsing data. After subscribing to the mailing, you may wish to provide the information required to be an account holder and join our loyalty programme, and/or to make a purchase.

2.3 Browsing data

Browsing data is tracked using cookies. Cookies are small data files that are sent to your device from our website. Cookies do not collect identifiable information about you but will identify your device.

If required to by any Applicable Privacy Laws, we will ask for your consent when placing cookies on your device. Your browser settings can be changed to disable cookies, which can be done on a per-site basis. However, this may mean that you cannot use all of the features on the Website, or other websites.

2.4 Customer service correspondence

In the case of customer service requests and responses, Personal Information will be collected through email and/or Zendesk, which provide us with customer service software. Zendesk has its own privacy policy which you are recommended to review here.

2.5 Payment information

When you make payment for a purchase on our Website, you do so either through Google Pay or ShopPay. We do not receive or collect any payment information from you. That payment information is provided by you directly to Google Pay or ShopPay (through Shopify) and is subject to their terms and privacy policy.

You are recommended to review Google Pay’s privacy notice here, and Shopify’s privacy policy here.

If you use Afterpay or Laybuy to make payment for a purchase on our Website we do not receive or collect any payment information from you. That payment information is provided by you directly to Afterpay or Laybuy, and is subject to that provider’s terms and privacy policy. You are recommended to review Afterpay’s privacy notice here and Laybuy’s privacy policy here.

Storage and security of Personal Information

3.1 We take the security of your Personal Information seriously, and ensure that all of our staff comply with their legal obligations to protect your Personal Information, except in a limited number of circumstances as required by Applicable Privacy Laws. Personal Information is accessed by authorised personnel only.

3.2 We have taken reasonable steps to ensure the safety of your Personal Information stored in both electronic and hard copy format, and to protect against loss, unauthorised access, use, modification, disclosure, or other misuse. We will not divulge your Personal Information except in accordance with normal legal requirements and practices, including the ways that we have covered in this Privacy Policy.

3.3 Your Personal Information is held and stored within Shopify and Klaviyo (our commerce and email marketing platforms). Both of these platforms require two factor identification for entry. To find out more about how Shopify uses and stores your Personal Information, please see: To find out more about how Klaviyo uses and stores your Personal Information, please see:

3.4 Personal Information in our customer service emails is stored on Google servers and Zendesk. We refer to Zendesk’s privacy policy at 2.4 above, and recommend that you view Google’s privacy policy here.

How Personal Information may be used

4.1 We will only use your Personal Information for purposes that are directly related to our business activities, and when it is necessary for or directly related to such purposes.

4.2 We may use the Personal Information that we collect generally to:

(a) create, process, and fulfil any orders placed through the Website;
(b) to communicate with you about orders, products, marketing, and special offers;
(c) to provide customer service;
(d) for statistical and analytical purposes (including sales analysis and audience segmentation);
(e) to protect and/or enforce our legal rights and interests, including defending any claim; and
(f) for any other purpose authorised by you or Applicable Privacy Laws.


5.1 If there are additional purposes (other than those identified above) for which we propose to use your Personal Information, the purposes will be specifically notified to you and your consent requested to the proposed use, either when we collect your Personal Information for that specific use or when that additional purpose arises (if it does so after the Personal Information has already been collected).

5.2 We will always give you the option to decline to provide your Personal Information or to decline to allow us to use that Personal Information for the purposes for which we have proposed to use it and will comply so long as doing so does not prevent us from meeting our legal obligations under Applicable Privacy Laws.

Disclosing Personal Information

6.1 We will not sell, lend, or trade Personal Information to any third party.

6.2 We may disclose Personal Information to third parties for the purposes outlined above at clause 4.2, and for directly related purposes (including those required by Applicable Privacy Laws).

6.3 Some of these third parties may include, but are not limited to:
(a) third party service providers, suppliers, or contractors who we do ordinary business with (including payment systems operators and customer service software);
(b) third party freight and logistics providers (including warehouse operators, courier companies, and shipment delivery and returns software providers);
(c) advertisers and analytics providers that require non-identifiable data to provide relevant advertising or analytical information; and
(d) selected providers and vendors authorised by us to carry out our business activities.

6.4 We will primarily collect Personal Information in New Zealand. However, because the Website can be accessed and an order placed from outside New Zealand, Personal Information will be collected from customers across the world. It may therefore be stored and/or accessed in those countries. That Personal Information is collected and transferred pursuant to and in accordance with Applicable Privacy Laws (except as described in paragraph 1.6 where you live in a location to which the Applicable Privacy Laws do not apply). If at any time we need to send Personal Information outside of a country in which we operate to an overseas agency that may use the information for its own purposes, we will:

(a) take steps to ensure that we believe on reasonable grounds that the overseas agency receiving the Personal Information is subject to privacy protections that, overall, provide comparable safeguards to those provided under the Applicable Privacy Law;
(b) enter into a binding contractual agreement with the overseas agency receiving the Personal Information confirming that it will protect the Personal Information in a way that, overall, provides comparable safeguards to those provided under the Applicable Privacy Law; or
(c) obtain the express authorisation of the individual concerned to disclose their Personal Information overseas after expressly informing them that the overseas agency may not be required to protect the information in a way that, overall, provides comparable safeguards to those provided under the Applicable Privacy Law.

Accuracy, accessing, and correcting Personal Information

7.1 We take all reasonable steps to ensure that your Personal Information that we hold is accurate, up to date, complete, relevant and not misleading.

7.2 At any time, account holders may directly update some Personal Information through logging into their account via the Website. When placing orders, if you do not type an answer to a required form correctly (i.e., your address), we may contact you directly through the contact details you have provided to confirm whether the information is correct.

7.3 Subject to certain grounds for refusal set out in the Applicable Privacy Laws, if you believe that your Personal Information is not accurate, up to date, complete or relevant, or you wish to request that your Personal Information that we hold is provided to you, or deleted, please contact our Privacy Officer on:

Retention of Personal Information

8.1 We will only retain Personal Information for as long as is required for the purpose/s for which it may lawfully be used. Once Personal Information is no longer required, we will securely destroy it or otherwise delete all identifying details information so that only anonymised data is retained. This anonymised data may be used by us for statistical purposes.

8.2 You have the right to request that we erase your Personal Information, or restrict the processing of your Personal Information, under certain conditions.

Mandatory reporting of notifiable privacy breaches

9.1 If your Personal Information is involved in a privacy breach which we reasonably believe is notifiable or must be reported in accordance with Applicable Privacy Laws (“Notifiable Privacy Breach”), we will inform the affected individual/s and report the Notifiable Privacy Breach to the relevant supervisory authority/ies as required by Applicable Privacy Laws (such as the New Zealand Office of the Privacy Commissioner, the Australian Office of the Australian Information Commissioner, the supervisory authority in the relevant European Union Member State, and the Attorney General in California, United States of America).

California Residents

10.1 Under the California Online Privacy Protection Act, we are required to disclose how we respond to “do not track” (DNT) signals from web browsers. DNT signals provide consumers with a choice about the collection of their personally identifiable information from their online activities across different websites.

10.2 Various browsers offer you a DNT option, which allows you to enable or disable DNT signals. This can generally be accessed in the Preferences or Settings page of your web browser.

10.3 Our computer system cannot act on DNT signals that we may receive. This means that the choices provided to you about our collection and use of personally identifiable information are as described in this Privacy Policy. You can also exercise your privacy preferences in relation to cookies as outlined at 2.3 above. If required by Applicable Privacy Laws we will ask for your consent when placing cookies on your device. In all other cases, by using our Website you agree to our use of cookies on your device.

Changes to this Privacy Policy

11.1 We may update this Privacy Policy from time to time to reflect changes in our business or the law.
We will notify you of any updates by publishing the updated Privacy Policy on our Website and providing you with at least 30 days’ notice before the changes take effect. We encourage you to review this Privacy Policy periodically on the Website to stay informed about how we are helping to protect Personal Information.

Making a complaint

12.1 You are welcome to contact us at if you have any complaints or concerns in relation to this Privacy Policy. Our Privacy Officer will investigate and respond to any complaints or concerns as soon as possible and in accordance with the time frames and procedures set out in the Privacy Act, and other Applicable Privacy Laws.

12.2 Please direct any questions, concerns or complaints in relation to this Privacy Policy or the protection of your Personal Information to our Privacy Officer at the above email address. It is preferable that these questions, concerns or complaints are made in writing.

12.3 If you are not satisfied with how we have handled your complaint, you can contact the relevant supervisory authority:

  • In New Zealand, the Office of the Privacy Commissioner.
  • In Australia, the Office of the Australian Information Commissioner.
  • In the European Union, the supervisory authority in the relevant Member State.
  • In California, United States of America, the Attorney General.