This Privacy Policy explains how Designer Dupe Bags ("we", "us", or "our") collects, uses, discloses, and protects personal information when you visit our website, create an account, place an order, or otherwise interact with our services. It is designed to meet the requirements of the EU General Data Protection Regulation (GDPR), the UK GDPR, and applicable US privacy laws including the California Consumer Privacy Act (CCPA/CPRA) where relevant.
1. Data Controller
Designer Dupe Bags is the data controller responsible for your personal data. For privacy-related requests, contact us at hello@example.com.
2. Information We Collect
We may collect the following categories of personal information:
- Identity & contact data — Name, billing and shipping address, email address, phone number.
- Order & transaction data — Products purchased, order history, delivery details, payment status (we do not store full payment card numbers on our servers when payments are processed by third-party providers).
- Account data — Login credentials, preferences, and profile information if you register an account.
- Technical & usage data — IP address, browser type, device information, pages viewed, and cookies or similar technologies.
- Communications — Messages you send to customer support, including WhatsApp or email correspondence.
- Marketing preferences — Whether you have opted in to receive newsletters or promotional communications.
3. How We Use Your Information
We use personal data to:
- Process and fulfil orders, including shipping and customer service.
- Manage your account and authenticate access.
- Communicate about your order, returns, or enquiries.
- Improve our website, products, and customer experience.
- Send marketing communications where you have given consent or where permitted by law (you may opt out at any time).
- Comply with legal, tax, and accounting obligations.
- Detect and prevent fraud or misuse of our services.
4. Legal Bases for Processing (EU/UK)
Where GDPR applies, we rely on the following legal bases:
- Contract — To perform our agreement with you when you place an order.
- Legitimate interests — To operate and improve our business, prevent fraud, and provide customer support, balanced against your rights.
- Consent — For non-essential cookies and direct marketing where required.
- Legal obligation — To meet regulatory, tax, or law-enforcement requirements.
5. Cookies & Tracking
We use essential cookies to enable core site functionality (e.g. shopping cart, session management). With your consent where required, we may also use analytics and marketing cookies. You can manage cookie preferences through your browser settings. For more detail, see our Cookie Policy when published on this site.
6. Sharing Your Information
We may share personal data with:
- Payment processors, shipping carriers, and fulfilment partners who act on our instructions.
- IT, hosting, and email service providers.
- Professional advisers (legal, accounting) where necessary.
- Authorities when required by law or to protect our rights.
We do not sell your personal information. We do not share it for cross-context behavioural advertising as "selling" or "sharing" under the CCPA/CPRA without providing applicable opt-out rights.
7. International Transfers
If you are located in the European Economic Area (EEA) or UK, your data may be transferred to countries outside your region, including the United States. Where required, we implement appropriate safeguards such as Standard Contractual Clauses approved by the European Commission or UK authorities.
8. Data Retention
We retain personal data only as long as necessary for the purposes described in this policy, including to satisfy legal, accounting, or reporting requirements. Order records are typically retained for the period required by applicable tax and consumer law (often 6–10 years for transaction records).
9. Your Rights
EU/UK residents (GDPR)
You have the right to:
- Access your personal data and receive a copy.
- Rectify inaccurate or incomplete data.
- Erase your data in certain circumstances ("right to be forgotten").
- Restrict or object to processing in certain circumstances.
- Data portability where processing is based on consent or contract and carried out by automated means.
- Withdraw consent at any time where processing is based on consent.
- Lodge a complaint with your local data protection authority.
US residents (including California)
Depending on your state of residence, you may have the right to:
- Know what personal information we collect, use, and disclose.
- Request deletion of personal information, subject to exceptions.
- Correct inaccurate personal information.
- Opt out of the sale or sharing of personal information (we do not sell personal information as defined by the CCPA/CPRA).
- Not receive discriminatory treatment for exercising your privacy rights.
To exercise any of these rights, email hello@example.com. We will verify your request and respond within the timeframe required by applicable law (typically 30 days for GDPR, 45 days for CCPA).
10. Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. No method of transmission over the internet is 100% secure; we encourage you to use a strong password and keep your account credentials confidential.
11. Children
Our services are not directed to individuals under 16 (or the age of digital consent in your jurisdiction). We do not knowingly collect personal data from children.
12. Changes to This Policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page indicates when it was last revised. Material changes will be communicated where required by law.
13. Contact
For privacy enquiries or to exercise your rights: hello@example.com.