PRIVACY POLICY

Effective Date: 09 August 2025
Last Updated: 09 August 2025

1. INTRODUCTION

This Privacy Policy explains how Domisana ("Company," "we," "us," or "our") collects, uses, discloses, and protects your personal information when you visit our website at https://domisana.com (the "Site"), use our services, make purchases, or otherwise interact with us (collectively, the "Services").

Data Controller Information:
Domisana
71-75 Shelton Street
London, United Kingdom
Email: support@domisana.com
Company Registration: 15022952

By using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our Services.

2. LEGAL BASIS FOR PROCESSING (UK GDPR)

We process your personal data under the following legal bases:

• Contract Performance: To fulfill orders and provide services you've requested
• Legitimate Interests: For business operations, fraud prevention, and marketing (where we've balanced our interests against your rights)
• Legal Obligations: To comply with laws and regulations
• Consent: Where you've explicitly agreed (e.g., marketing emails, cookies)
• Vital Interests: In rare cases involving health or safety

3. INFORMATION WE COLLECT

3.1 Information You Provide Directly

Account & Order Information:

• Full name, email address, phone number
• Billing and shipping addresses
• Payment information (processed securely via third parties)
• Account credentials (username, encrypted password)
• Order history and preferences
• Communications with customer service

Optional Information:

• Product reviews and ratings
• Wishlist items
• Survey responses
• Competition/promotion entries

3.2 Information Collected Automatically

Device & Usage Data:

• IP address and approximate location
• Browser type and version
• Operating system
• Device identifiers
• Pages viewed and links clicked
• Date/time of visits
• Referring website addresses
• Shopping cart contents

Cookie Data:

• Session cookies (essential for site function)
• Preference cookies (remember your settings)
• Analytics cookies (understand site usage)
• Marketing cookies (personalized advertising)

See Section 7 for detailed cookie information.

3.3 Information from Third Parties

• Payment Processors: Transaction verification data
• Shipping Partners: Delivery confirmation
• Analytics Providers: Aggregated usage statistics
• Social Media: If you connect accounts or use social login
• Marketing Partners: To verify email addresses

4. HOW WE USE YOUR INFORMATION

4.1 Order Processing & Service Delivery

• Process and fulfill orders
• Send order confirmations and updates
• Handle returns, refunds, and exchanges
• Provide customer support
• Manage your account

4.2 Legal & Security Purposes

• Comply with legal obligations
• Prevent fraud and unauthorized transactions
• Protect rights, property, and safety
• Enforce Terms of Service
• Resolve disputes

4.3 Business Operations

• Improve products and services
• Analyze site performance
• Conduct market research
• Internal record keeping
• Business planning and forecasting

4.4 Marketing & Communications

• Send promotional emails (with consent)
• Display personalized advertisements
• Send service-related notifications
• Respond to inquiries
• Send cart abandonment reminders (legitimate interest)

5. INFORMATION SHARING & DISCLOSURE

We DO NOT sell your personal information. We share information only as follows:

5.1 Service Providers

We share data with trusted third parties who assist our operations:

• Shopify: E-commerce platform and hosting
• Shopify Payments: Exclusive payment processor (includes Stripe infrastructure)
• Wise: Business banking and payout processing
• International Fulfillment Partners: Global warehouse network and order processing
• Global Shipping Carriers: Various carriers selected for optimal delivery to your location
• Email Marketing: Third-party email services as implemented
• Analytics: Google Analytics, Facebook Pixel
• Cloud Storage: Secure data backup through Shopify

All service providers are contractually required to protect your data and use it only for specified purposes.

5.2 Legal Requirements

We may disclose information when required by:

• Court orders or subpoenas
• Government authorities
• Law enforcement investigations
• Legal proceedings
• Protecting our legal rights

5.3 Business Transfers

If we merge, sell, or transfer business assets, your information may be transferred to successors, subject to this Privacy Policy.

5.4 Aggregated/Anonymous Data

We may share non-identifiable, aggregated data for research, marketing, or other purposes.

5.5 With Your Consent

We'll share information for other purposes only with your explicit consent.

6. INTERNATIONAL DATA TRANSFERS

Your data may be transferred to and processed in countries outside the UK/EEA, including:

• United States: For Shopify hosting and payment processing
• Various Countries: Including EU, USA, China, and other regions where our fulfillment centers and shipping partners operate
• Destination Countries: For delivery to your specified address

We ensure appropriate safeguards through:

• Standard Contractual Clauses (SCCs) where applicable
• Adequacy decisions where applicable
• Reliance on service providers' data protection commitments

You have the right to request details about these safeguards.

7. COOKIES AND TRACKING TECHNOLOGIES

7.1 Types of Cookies We Use

Essential Cookies (Always Active):

• Shopping cart functionality
• User authentication
• Security features
• Load balancing

Functional Cookies:

• Language/currency preferences
• Previously viewed products
• Personalized features

Analytics Cookies:

• Google Analytics (_ga, _gid)
• Facebook Pixel
• Hotjar (session recordings)

Marketing Cookies:

• Retargeting pixels
• Ad personalization
• Conversion tracking
• Social media integration

7.2 Managing Cookies

You can control cookies through:

• Browser settings (block/delete cookies)
• Our cookie banner preferences
• Google Ads Settings: https://adssettings.google.com
• Facebook Ad Preferences: https://www.facebook.com/ads/preferences
• Your Online Choices: https://www.youronlinechoices.com/uk

Disabling cookies may affect site functionality.

8. DATA SECURITY

We implement appropriate technical and organizational measures:

8.1 Technical Safeguards

• SSL/TLS encryption for data transmission
• Encrypted password storage (bcrypt hashing)
• Secure payment processing (PCI DSS compliant)
• Regular security updates and patches
• Firewall and intrusion detection
• Access logging and monitoring

8.2 Organizational Measures

• Limited access on need-to-know basis
• Employee confidentiality agreements
• Regular security training
• Incident response procedures
• Vendor security assessments
• Data protection impact assessments

8.3 Your Responsibilities

• Keep account credentials confidential
• Use strong, unique passwords
• Log out of shared devices
• Report suspicious activity immediately

While we strive for security, no system is 100% secure. We cannot guarantee absolute security.

9. DATA RETENTION

We retain personal data only as long as necessary:

After retention periods, data is securely deleted or anonymized.

10. YOUR RIGHTS (UK GDPR)

10.1 Your Legal Rights

You have the right to:

• Access: Request copies of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion ("right to be forgotten")
• Restriction: Limit processing in certain circumstances
• Portability: Receive data in machine-readable format
• Object: Oppose processing for direct marketing or legitimate interests
• Automated Decisions: Not be subject to solely automated decision-making
• Withdraw Consent: Where processing is based on consent

10.2 Exercising Your Rights

To exercise rights, contact support@domisana.com with:

• Proof of identity
• Specific right(s) you're exercising
• Relevant details

We'll respond within 30 days (extendable by 60 days for complex requests).

10.3 Marketing Preferences

Opt-out options:

• Click "unsubscribe" in any marketing email
• Email support@domisana.com
• Update account preferences
• Reply STOP to marketing texts

Note: You'll still receive transactional emails (orders, shipping, etc.).

11. CHILDREN'S PRIVACY

Our Services are not directed to individuals under 18. We do not knowingly collect data from children. If we discover we've collected children's data, we'll promptly delete it.

Parents/guardians who believe we have their child's information should contact us immediately.

12. THIRD-PARTY LINKS

Our Site may contain links to third-party websites. We're not responsible for their privacy practices. Review their privacy policies before providing information.

Third parties we link to may include:

• Social media platforms
• Payment providers
• Review platforms
• Shipping trackers

13. DO NOT TRACK SIGNALS

Our Site doesn't currently respond to browser "Do Not Track" signals. You can manage tracking through cookie preferences and browser settings.

14. CALIFORNIA PRIVACY RIGHTS

California residents have additional rights under CCPA:

• Right to know categories/specifics of data collected
• Right to delete personal information
• Right to opt-out of "sales" (we don't sell data)
• Right to non-discrimination

Shine the Light: California residents may request information about disclosures to third parties for direct marketing.

To exercise California rights, email support@domisana.com.

15. UPDATES TO THIS POLICY

We may update this Privacy Policy periodically. Changes will be posted with a new "Last Updated" date. Material changes will be notified via:

• Email notification
• Site banner/pop-up
• Account notification

Continued use after changes constitutes acceptance.

16. COMPLAINTS

If you're unsatisfied with our data handling:

1. Contact Us First: support@domisana.com
2. Supervisory Authority: You can lodge complaints with the Information Commissioner's Office (ICO):
   • Website: https://ico.org.uk
   • Phone: 0303 123 1113
   • Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

17. CONTACT INFORMATION

For privacy-related questions, requests, or complaints:

Data Controller:
Domisana
71-75 Shelton Street
London, United Kingdom
Email: support@domisana.com
Company Registration: 15022952

Data Protection Officer (if applicable):
Not currently appointed (not legally required for our processing activities)

18. SPECIFIC DISCLOSURES

18.1 Global Fulfillment Disclosure

We work with international fulfillment centers to ensure efficient worldwide delivery. Your orders are shipped directly from our global warehouse network to provide you with the best possible service and delivery times. Your shipping information (name, address, phone, order details) is shared with our fulfillment partners and their selected carriers solely for order fulfillment. Shipping carriers are selected based on your location for optimal delivery.

18.2 Shopify Platform

We use Shopify for e-commerce. Review Shopify's Privacy Policy: https://www.shopify.com/legal/privacy

18.3 Payment Processing

We exclusively use Shopify Payments for all transactions. We don't store payment card details - all payment information is processed securely through Shopify's PCI-compliant infrastructure. Business payouts are managed through Wise for international banking efficiency.

18.4 Analytics Providers

• Google Analytics: https://policies.google.com/privacy
• Facebook: https://www.facebook.com/privacy/explanation

19. CONSENT DECLARATION

By using our Services, you acknowledge:

• You've read this Privacy Policy
• You understand how we process data
• You can exercise your rights anytime
• You can withdraw consent where applicable

Document Version: 2.0
Effective Date: 09 August 2025
Review Schedule: Annual or as required by law