Privacy policy

Last Updated: March 1, 2026

RiderAtelier operates this store and website, including all related information, content, features, tools, products, and services (the “Service”) to provide you with a curated shopping experience. RiderAtelier is powered by Shopify, which enables us to provide the Service to you.

This Privacy Policy describes how we collect, use, and disclose your personal information when you visit, use, purchase from, or otherwise interact with the Service. If there is any conflict between our Terms of Service and this Privacy Policy regarding personal information, this Privacy Policy shall prevail.

By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy.

1. Personal Information We Collect

When we refer to “Personal Information,” we mean information that identifies, relates to, describes, or could reasonably be associated with you. It does not include anonymized or de-identified data.

Depending on how you use our Service and as permitted by applicable law, we may collect the following categories of Personal Information:

Contact Information

Name, billing address, shipping address, email address, and phone number.

Financial Information

Payment card details, transaction data, payment method, and confirmation details.
We do not store full credit card numbers on our servers.

Account Information

Username, password, account preferences, and security settings.

Transaction Information

Products viewed, added to cart or wishlist, purchased, returned, exchanged, or canceled, and order history.

Communications

Information you provide when contacting customer support or submitting inquiries.

Device Information

IP address, browser type, device type, network connection details, and unique identifiers.

Usage Information

Information about how and when you access or use the Service.

2. Sources of Personal Information

We collect Personal Information from:

  • Directly from you, when you create an account, place an order, or contact us

  • Automatically through the Service, including cookies and similar technologies

  • Service providers, who collect or process information on our behalf

  • Business partners and third parties

3. How We Use Your Personal Information

We use Personal Information for the following purposes:

Providing and Improving the Service

To process orders, handle payments, ship products, manage returns, maintain accounts, personalize your shopping experience, and improve our website.

Marketing and Advertising

To send promotional emails, SMS messages, or advertisements. You may opt out at any time.
We may also display relevant advertisements based on your browsing or purchase activity.

Security and Fraud Prevention

To verify accounts, detect fraudulent activity, protect our systems, and ensure secure transactions.

Customer Support

To respond to inquiries and maintain our relationship with you.

Legal Compliance

To comply with applicable laws, respond to lawful requests, enforce our policies, and protect our legal rights.

4. How We Share Personal Information

We do not sell or rent your Personal Information.

We may disclose Personal Information to:

  • Shopify, which hosts and powers our store

  • Payment processors

  • Shipping carriers

  • IT and cloud service providers

  • Marketing and analytics partners

  • Legal authorities when required by law

All third parties are contractually obligated to use your data only for authorized purposes and to maintain confidentiality.

We may also disclose information:

  • Within our corporate group

  • In connection with a merger, acquisition, or business transfer

  • To comply with legal obligations

5. Relationship with Shopify

Our store is hosted by Shopify. Shopify collects and processes certain information to provide and improve the platform.

Information you submit through our Service may be transferred to Shopify and processed in accordance with Shopify’s Privacy Policy. For more information, please visit:

https://privacy.shopify.com

Shopify may act as an independent data controller for certain processing activities.

6. International Data Transfers

Your Personal Information may be transferred to and processed outside your country of residence.

Where required by law, we rely on recognized transfer mechanisms such as Standard Contractual Clauses or equivalent safeguards.

7. Data Security and Retention 

We process all payment transactions in strict compliance with applicable data security standards, including the Payment Card Industry Data Security Standard (PCI DSS) as applicable to our role as a merchant/service provider.

  • No Storage of Sensitive Authentication Data: We do not store, and explicitly prohibit the retention of, sensitive payment authentication data, including CVV/CVC codes, full magnetic stripe data, PIN blocks, or payment card track data, after transaction authorization.

  • Tokenization & Third-Party Processing: All payment card information is either transmitted directly to our PCI DSS Level 1 certified payment processor (e.g., Stripe, PayPal, or similar) via tokenization, or processed through a secure iframe/hosted payment page. Our systems never directly receive or store full Primary Account Numbers (PANs) where avoidable. Where PANs must be retained (e.g., for recurring billing or refunds), they are stored only with tokenized references or using strong, industry-accepted encryption with restricted access logging.

  • Transaction Integrity & Encryption: All payment data in transit is protected using TLS 1.2+ (not legacy SSL), with additional controls to prevent substitution, replay, or man-in-the-middle attacks on payment requests.

  • Compliance Verification: We annually review our payment handling practices against PCI DSS requirements, and where required by contract or volume, we obtain a Self-Assessment Questionnaire (SAQ) or Attestation of Compliance (AOC) from our payment partners.

  • Breach Notification for Payment Data: In the unlikely event of a security incident involving unencrypted payment card data, we will notify affected customers and relevant acquiring banks within the timeframe required by applicable law and payment network rules (typically 24–48 hours).

8. Your Rights

Depending on your location, you may have the right to:

  • Access the Personal Information we hold about you

  • Request correction of inaccurate information

  • Request deletion of your data

  • Request restriction of processing

  • Withdraw consent

  • Request data portability

  • Opt out of targeted advertising or data sharing

You may exercise your rights by contacting:

Service@RiderAtelier.com

We may need to verify your identity before processing your request.

If you reside in the European Economic Area (EEA) or United Kingdom, you also have the right to lodge a complaint with your local data protection authority.

9. Children’s Privacy

Our Service is not intended for individuals under 13 years of age. We do not knowingly collect Personal Information from children.

If you believe a child has provided Personal Information, please contact us.

10. Third-Party Links

Our Service may contain links to third-party websites. We are not responsible for their privacy practices. Please review their policies separately.

11. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect operational, legal, or regulatory changes. Updates will be posted on this page with a revised “Last Updated” date.

12. Contact Information

If you have questions regarding this Privacy Policy or your Personal Information, please contact:

RiderAtelier
Operated by Vertex X LIMITED
Room 1401, Cambridge House
26–28 Cameron Road
Tsim Sha Tsui, Kowloon
Hong Kong

Email: Service@RiderAtelier.com

Under applicable data protection laws, we act as the data controller of your Personal Information.