Skip to content

Privacy Policy

Free Shipping On Order £100+
30 Day Easy Return Policy

Privacy Policy


Effective Date: 6 November 2025  

Last Updated: 20 April 2026

1. Introduction

OluKai LTD (trading as “Roark”) and our affiliates (collectively “Roark”, “we”, “us”) are committed to protecting your privacy in accordance with the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018 (“DPA 2018”). We are registered as a data controller with the Information Commissioner’s Office (ICO).

This Privacy Policy describes how we collect, use, store, and disclose your Personal Information (defined below), and sets out our commitments to you in relation to your privacy rights under UK law.

Please read this Privacy Policy carefully before using our Services (defined below). If you do not agree with any part of this Privacy Policy, please stop using our Services. We will post any changes to this Privacy Policy on this page and update the “Last Updated” date above. Where changes are material, we will provide additional notice in accordance with UK GDPR requirements.

2. Scope and Applicability

This Privacy Policy applies to Personal Information we collect from individuals (“you”) through our websites (“Site(s)”), social media pages we control, our retail stores, and our products and services (collectively, the “Services”). It also applies to Personal Information collected from third parties and publicly available sources.

“Personal Information” and “personal data” are used interchangeably in this Policy and have the meaning given by the UK GDPR: any information relating to an identified or identifiable natural person.

This Privacy Policy does not apply to:

•    Employees, contractors, job applicants, owners, directors, or officers of Roark. Please refer to our Applicant Privacy Policy if you are applying for a role with us.

•    Employees or representatives of our existing or prospective business clients, suppliers, service providers, agents, consultants, advisors, business partners, or investors acting in a commercial context.


3. Data Controller Details

For the purposes of the UK GDPR and DPA 2018, the data controller is:

Company Name OluKai LTD (trading as Roark)
ICO Registration Registered with the Information Commissioner’s Office (ICO)
Contact Email Info@roarkbrand.co.uk
 Website www.roarkbrand.co.uk


We do not currently have a UK Data Protection Officer (DPO) obligation, but if you have data protection concerns, please contact us using the details in Section 17 below.


4. Categories of Personal Information We May Collect


The Personal Information we collect depends on how you interact with us. We may collect the following categories, which may have been collected in the preceding twelve months:

       Contact Information / Identifiers: name, email address, postal address, phone number, username, and other account identifiers.

       Government Identifiers: driver’s licence number (which may constitute special category data in certain contexts).

       Transaction Information: invoices, order status and history, business and commercial communications.

       Demographic Information: age and gender, which may include characteristics protected under the Equality Act 2010.

       Device Information and Unique Identifiers: device identifiers and IP addresses.

       Internet or Network Activity: browsing or search history, and interactions with our websites, apps, emails, or advertisements.

       Geolocation Data: information to determine your location, including precise location where you have granted permission.

       Payment Information: credit or debit card numbers or other financial information, processed in accordance with PCI-DSS standards.

       CCTV and Video Recordings: closed-circuit television or similar technologies used in our retail stores for security and loss prevention. CCTV is deployed only in areas where it is lawful and where individuals do not have a reasonable expectation of privacy. Signage is displayed in accordance with ICO CCTV guidance.

       Inferences: profiles drawn from the above categories to predict preferences or behaviour.

       Special Category Data (Sensitive Personal Information): racial or ethnic origin, health information, and login credentials may, in some instances, constitute special category data under Article 9 of the UK GDPR. We only process such data where a specific condition under Article 9(2) is met.

 

UK GDPR Note: No category of personal data listed above is “sold”. In limited circumstances, data may be “shared” with advertising partners for cross-contextual behavioral advertising, subject to your consent (see Section 14).


5. Sources of Personal Information

We collect Personal Information in the following ways: 

       Directly from you: when you create an account, use our Services, sign up for marketing communications, or contact us.

       Automatically: through cookies and similar tracking technologies when you use our website (see Section 13).

       From third parties: including vendors, affiliates, data brokers, and analytics providers, where permitted under applicable law.

       Single Sign-On (SSO): if you choose to log in via a third-party platform (such as Google or Facebook), we may receive information such as your username or email address, subject to your privacy settings on that platform.


6. Purposes and Legal Bases for Processing (UK GDPR Article 6)

Under the UK GDPR, we are required to identify a lawful basis for each purpose for which we process your personal data. The table below sets out our processing purposes and the corresponding legal basis:

 

 Processing Purpose Lawful Basis (UK GDPR Article 6)
Providing and managing our Services and your account Article 6(1)(b) — Performance of a contract
Responding to enquiries and customer support Article 6(1)(b) — Performance of a contract
Sending transactional communications Article 6(1)(b) — Performance of a contract
Sending marketing and promotional emails (opt-in) Article 6(1)(a) — Consent
Analytics and website improvement Article 6(1)(f) — Legitimate Interests
Fraud prevention and security Article 6(1)(f) — Legitimate Interests
Complying with legal obligations Article 6(1)(c) — Legal Obligation
Complying with legal obligations Article 6(1)(c) — Legal Obligation
Defending or bringing legal claims Article 6(1)(f) — Legitimate Interests
Conducting business operations (audit, finance, HR) Article 6(1)(f) — Legitimate Interests


Where we rely on legitimate interests (Article 6(1)(f)), we have assessed that our interests do not override your fundamental rights and freedoms. You may request details of our Legitimate Interests Assessment by contacting us as set out in Section 17.



7. Special Category Data (Article 9 UK GDPR)

Where we process special category data (such as racial or ethnic origin or health information), we do so only where:

       You have given explicit consent (Article 9(2)(a)); or

       Processing is necessary for the establishment, exercise, or defence of legal claims (Article 9(2)(f)); or

       Another condition under Article 9(2) of the UK GDPR applies.

We do not use special category data for profiling or marketing purposes without your explicit consent.



8. Disclosure of Your Personal Information

We do not sell your personal data. We may share personal data with the following categories of recipients, subject to appropriate safeguards:

       Service Providers: Authorised third parties providing services on our behalf (e.g., cloud hosting, payment processing, analytics, and marketing). All service providers are subject to data processing agreements compliant with UK GDPR Article 28.

       Group Companies: Subsidiaries and affiliated entities within our corporate group, where necessary for business operations.

       Corporate Transactions: In connection with a merger, acquisition, sale, or restructuring, subject to confidentiality obligations and notification to you where required.

       Advertising and Analytics Partners: Where you have provided consent, we may share data with advertising and analytics partners for targeted marketing and to measure the effectiveness of our campaigns.

       Regulatory and Legal Authorities: Where required by law, a court order, or regulatory authority, including the ICO, HMRC, or law enforcement.

       Professional Advisers: Including solicitors, accountants, auditors, and insurers, subject to professional obligations of confidentiality.

       With Your Consent: To any other third parties where you have provided informed consent.



9. International Data Transfers

Roark is headquartered in the United States and operates globally. Where we transfer personal data outside the UK, we ensure that adequate protection is in place in accordance with UK GDPR Chapter V and ICO guidance on international transfers.
Appropriate safeguards we use include:

       UK International Data Transfer Agreements (UK IDTAs), as approved by the Secretary of State;

       UK Addendum to the EU Standard Contractual Clauses (where applicable);

       Transfers to countries covered by UK adequacy regulations.


You may request a copy of the relevant transfer mechanism by contacting us as set out in Section 17.


10. Security and Data Retention

Security

We implement appropriate technical and organisational measures to protect personal data against accidental loss, unauthorised access, alteration, or disclosure, in accordance with Article 32 of the UK GDPR. These include encryption, access controls, and staff training. Notwithstanding these measures, no transmission over the internet is completely secure.
In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the ICO within 72 hours of becoming aware, in accordance with Article 33 of the UK GDPR, and will notify affected individuals where required under Article 34.

Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by law. Retention periods are determined by:

       Contractual obligations and the duration of our relationship with you;

       Statutory retention requirements (e.g., financial records for 6 years under HMRC rules);

       Limitation periods for legal claims;

       Regulatory requirements applicable to our business.



When personal data is no longer required, it is securely deleted or anonymised.

Where full deletion is technically not possible, we restrict further processing.


11. Children’s Privacy

Our Services are not directed at children under the age of 13. We do not knowingly collect personal data from children under 13 without verifiable parental consent, in accordance with the UK GDPR and the Age Appropriate Design Code (Children’s Code) issued by the ICO.

If you believe we have inadvertently collected personal data about a child, please contact us immediately using the details in Section 17 and we will take prompt steps to delete such data.


12. Cookies and Tracking Technologies

We use cookies and similar technologies (collectively “cookies”) on our website. Under the Privacy and Electronic Communications Regulations 2003 (PECR) and the UK GDPR, we are required to obtain your consent before placing non-essential cookies on your device.

 Cookie Type Description Legal Basis (UK GDPR)
Essential Cookies Required for the website to function, including sign-in, session management, security, and troubleshooting. Cannot be disabled. Legitimate Interests (Article 6(1)(f)) — no consent required as strictly necessary
Analytics Cookies Provide information on how visitors navigate our website, including Google Analytics. Help us understand usage patterns and improve the Site. Consent (Article 6(1)(a)) — opt-in required
Advertising Cookies Used by us or third parties to enable targeted advertising based on your browsing behaviour across websites.

Consent (Article 6(1)(a)) — opt-in required

 


You can manage your cookie preferences through our cookie consent banner or your browser settings. To opt out of Google Analytics, please visit:

https://tools.google.com/dlpage/gaoptout

For more information about cookies generally, please visit:
www.allaboutcookies.org

Please note that withdrawing consent to cookies will not affect the lawfulness of processing based on consent before its withdrawal.


13. Links to Third-Party Websites

Our Site may contain links to third-party websites. We are not responsible for the content or privacy practices of those websites. We recommend you review the privacy notices of any third-party sites you visit. This Privacy Policy applies only to our Services.


14. Your Rights Under UK GDPR

Under the UK GDPR and DPA 2018, you have the following rights in relation to your personal data. These rights may be subject to certain conditions and exemptions:

   

       Right of Access (Article 15): You may request confirmation of whether we process your personal data and, if so, a copy of that data (a “SAR” — Subject Access Request). We will respond within one calendar month.

       Right to Rectification (Article 16): You may request that inaccurate personal data be corrected and incomplete data completed.

       Right to Erasure / ‘Right to be Forgotten’ (Article 17): You may request deletion of your personal data where there is no legitimate reason for us to continue processing it.

       Right to Restrict Processing (Article 18): You may request that we restrict processing of your personal data in certain circumstances.

       Right to Data Portability (Article 20): Where processing is based on consent or contract and carried out by automated means, you may request your data in a structured, machine-readable format.

       Right to Object (Article 21): You have the right to object to processing based on legitimate interests or for direct marketing purposes. Where you object to direct marketing, we will cease processing immediately.

       Right to Withdraw Consent (Article 7(3)): Where we rely on consent as a legal basis, you may withdraw it at any time. Withdrawal does not affect the lawfulness of prior processing.

       Rights Related to Automated Decision-Making and Profiling (Article 22): You have the right not to be subject to solely automated decisions, including profiling, that produce significant legal or similarly significant effects on you.

       Right to Non-Discrimination: We will not discriminate against you for exercising any of your rights.

To exercise any of your rights, please contact us as set out in Section 17. We will respond within one calendar month of receipt of a verifiable request. In complex cases, we may extend this by a further two months, and we will notify you accordingly. 


You may also submit a complaint or enquiry to the ICO:

Regulator  Information Commissioner’s Office (ICO)
Website www.ico.org.uk
Helpline 0303 123 1113
Post CO, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF


15. Opt-Out and Do Not Track

We honour the Global Privacy Control (GPC) signal as an opt-out preference for targeted advertising via cookies.
Visit https://globalprivacycontrol.org to configure your device.

We do not currently respond to browser-level “Do Not Track” signals as no uniform standard has been adopted. However, you may manage cookie preferences through our cookie consent tool.

Your opt-out will apply only to the browser or device you are using. Please repeat this on each device you use to access our Site.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or ICO guidance. We will post the updated Policy on our Site and update the “Last Updated” date. Where changes are material and affect your rights, we will provide additional notice (for example, by email) in accordance with the UK GDPR.

If you do not agree with any changes, please stop using our Services and notify us that you do not wish your personal data to be processed in accordance with the updated Policy.

17. Additional Rights: California Residents (Shine the Light)

If you are a California resident, the California Shine the Light law permits you to request information about our disclosure of certain personal information to third parties for their direct marketing purposes in the preceding calendar year. To make such a request, please contact us using the details below and state that you are a California resident making a “Shine the Light” inquiry. This request may be made no more than once per calendar year.


18. Contact Us

If you have any questions, concerns, or wish to exercise your rights under the UK GDPR, please contact us:

Company  OluKai LTD (trading as Roark)
Email info@roarkbrand.co.uk
Website www.roarkbrand.co.uk
Data Subject Rights Submit via the web form linked on our Site
ICO Complaints www.ico.org.uk | 0303 123 1113



 

Browse by Category

Trousers

Flannels

Shirts

Tees

Active Bottoms
Man wearing Roark Mathis Active Short Sleeve Tee while hiking in a forest, showcasing the shirt's comfortable fit and durability in an outdoor adventure setting.

Active Tops
Active Bermuda-style shorts featured in a dynamic setting, emphasizing the versatility and comfort ideal for adventure and travel.

Women’s

Get 10% Off

Stay connected to new releases, field notes, and stories from the road. No noise, just what’s worth the journey. Get 10% off your first purchase and keep exploring with us. Code is emailed to you after signing up.

Join The Journey

We’ve sent you an email to verify
your address.

Stay In The Know With Email: Sign up to receive 10% off your first order, updates from the road and more. Code expires in 30 Days

Follow

Email: info@roarkbrand.co.uk

Olukai LTD DBA Roark
18-32 London Road
2nd Floor Magna House
Staines-upon-Thames
Staines, TW18 4BP, United Kingdom
+44 116 350 1651

© 2026 Roark. All Rights Reserved.
Privacy Policy | Your Privacy Choices | Accessibility | Terms

Free Shipping On Order £100+
Free 30 Day Returns

Trending

Or 4 interest-free payments of with shoppay