Privacy policy

4. Privacy Policy

4.1 Data Controller

Dormé (bydorme.com) is the data controller responsible for the processing of personal data as described in this privacy policy. Dormé is a company registered in the Netherlands. If you have any questions, please contact us at info@bydorme.com.

4.2 What Data Do We Collect?

We collect the following personal data:

  • Full name, address, city, and country
  • Email address and phone number
  • Payment details (processed via secure payment providers)
  • Order and communication history
  • Technical data (IP address, browser type, device type) via cookies

4.3 Why Do We Process Your Data?

We process your personal data for the following purposes:

  • Processing and fulfilling your order — EU GDPR Art. 6(1)(b) / contract performance
  • Communication regarding your order — EU GDPR Art. 6(1)(b)
  • Compliance with legal retention obligations, including tax legislation — 7 years — EU GDPR Art. 6(1)(c)
  • Improving our website and services via analytical cookies — EU GDPR Art. 6(1)(f) / legitimate interests
  • Sending our newsletter — only with your explicit consent — EU GDPR Art. 6(1)(a)

4.4 Sharing With Third Parties

We only share your data with third parties directly involved in fulfilling your order:

  • Logistics partners and couriers for delivering your parcel
  • Payment providers (such as Shopify Payments, PayPal, Klarna) for processing your payment
  • Google Analytics for anonymised website analysis

We have data processing agreements in place with all third parties that process personal data on our behalf. Your data is never sold to or shared with third parties for marketing purposes.

As a Netherlands-based company, your data is processed within the European Economic Area (EEA). If you are based in the UK, please note that the UK has granted the EU an adequacy decision, meaning your data can flow between the UK and the EU without any additional safeguards being required. For any onward transfers to third countries outside the EEA (e.g. to US-based services such as Google Analytics), we rely on Standard Contractual Clauses (SCCs) approved by the European Commission as the appropriate safeguard.

4.5 Retention Periods

  • Order data: 7 years (statutory tax retention requirement)
  • Customer account data: up to 2 years after last activity
  • Analytical data: maximum 26 months (anonymised)
  • Newsletter data: until you unsubscribe

4.6 Your Rights

Under the EU GDPR and Dutch data protection law, you have the following rights:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure ('right to be forgotten') (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)
  • Right to withdraw consent (Art. 7(3) GDPR)

To exercise any of your rights, please email info@bydorme.com. We will respond within 30 days. As an EU-based company, our lead supervisory authority is the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl. If you are based in the UK, you may also lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

4.7 Cookies

Our website uses functional, analytical, and optionally marketing cookies. Functional cookies are strictly necessary for the webshop to operate and are placed without requiring your consent. For analytical and marketing cookies, we ask for your consent via our cookie banner. You can update your cookie preferences at any time through your browser settings.

4.8 Security

We implement appropriate technical and organisational measures to protect your personal data, including SSL/TLS encryption for all data transactions on our website and during the checkout process.