Privacy policy

DOERKIND TRADING CO LLC, functioning as the Data Controller (hereinafter referred to as "DOERKIND" or "Data Controller"), in accordance with the International Regulation known as the General Data Protection Regulation (referred to as the "Regulation"), places a paramount emphasis on privacy and the safeguarding of personal data within its core business objectives. Accordingly, we urge you to thoroughly review this Privacy Policy prior to divulging any personal information to the Data Controller, as it contains crucial details concerning the protection of your personal data.

This Privacy Policy encompasses:

• The websites https://shop.doerkind.com and https://doerkind.com (hereinafter denoted as the "Website").
• Its integration as an essential component of the Website and the services we provide.
• Applicability to individuals interacting with the Website services, encompassing simple consultations and the utilization of specific services offered through the Website (such as product purchases, completion of online information request forms, or newsletter subscriptions). It also extends to the use of additional services accessible through the Website, including telephone assistance and support via WhatsApp and Live Chat.

***

The handling of personal data shall adhere to the fundamental principles of legality, fairness, and transparency, as well as the principles of purpose and retention limitation, accuracy, integrity, and confidentiality, in accordance with the Regulation. Consequently, your personal data will be processed in adherence to personal data protection laws and the associated confidentiality commitments.
The term "personal data processing" encompasses any operation or series of operations performed on personal data or sets of personal data, whether through automated means or otherwise. This includes actions such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or any other means of making available, alignment or combination, restriction, erasure, or destruction.

The Data Controller is DOERKIND & The DOERKIND Data Protection Officer can be contacted at the headquarters of the Data Controller by choosing Data Protection in the form Contact Us .

Please be advised that the personal data we handle may encompass identifiers such as a name, an identification number, location data, an online ID, or various elements pertaining to physical, physiological, financial, cultural, or social identity. These elements are capable of identifying a data subject or rendering them identifiable, depending on the nature of the requested services (hereinafter referred to simply as "personal data"). The Website processes the following personal data:

a. Browsing data

In the regular operations of this Website, certain personal data is automatically acquired by the computer systems and software procedures used for its functioning, as part of the inherent transmission in internet communication protocols. Although this information is not gathered with the intention of linking it to identified users, its nature allows potential identification through processing and association with data held by third parties. This category of data includes IP addresses or domain names of connecting computers, URI addresses (Uniform Resource Identifiers) of requested resources, the time of the request, the method used to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server's reply (success, error, etc.), and other parameters related to the user's operating system and computer environment.

The purpose of utilizing this data is solely to obtain anonymous statistical information about Website usage, ensuring its proper functionality, identifying anomalies and/or abuses. Importantly, this data is promptly deleted after processing. In the event of computer crimes against the Website, the data may be used to determine responsibility.

b. Data voluntarily provided by the user

In the regular operations of this Website, certain personal data is automatically acquired by the computer systems and software procedures used for its functioning, as part of the inherent transmission in internet communication protocols. Although this information is not gathered with the intention of linking it to identified users, its nature allows potential identification through processing and association with data held by third parties. This category of data includes IP addresses or domain names of connecting computers, URI addresses (Uniform Resource Identifiers) of requested resources, the time of the request, the method used to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server's reply (success, error, etc.), and other parameters related to the user's operating system and computer environment.

The purpose of utilizing this data is solely to obtain anonymous statistical information about Website usage, ensuring its proper functionality, identifying anomalies and/or abuses. Importantly, this data is promptly deleted after processing. In the event of computer crimes against the Website, the data may be used to determine responsibility.

c. Data processed to fulfill services rendered online

Apart from references to specific information available in various sections of the Website, this Privacy Policy also encompasses the processing of data willingly provided by you for the purpose of conducting online services, with specific focus on the following:

• Registration and access to your personal area, housing your personal and contact details. This allows the processing of your shipping addresses, credit card information, and product preferences based on the data you've saved. Credit card details stored in your personal area will be managed through an external service provider, adhering to PCI Regulations.
• Execution of purchase contracts, including the order status verification service. This involves processing your personal data, contact details, information related to the delivery address of purchased products, and details about your shopping experience. Payment confirmation through Apple Pay or PayPal is part of this process. If you choose these payment methods, Apple and PayPal, acting as independent data controllers, provide payment parameters to DOERKIND along with information necessary for order shipment.
• Handling returns, involving the processing of your personal data, contact details, information about the collection address for returned products, and details related to your purchase and return experience.
• Customer-specific assistance, addressing requests for guidance on sizes, product categories in the women's and men's collections, body fit, new arrivals, or other information.
• The 'Wishlist' service, allowing you to add desired items to your list for future purchase.

Additionally, the Data Controller will process information related to your purchases (product type, purchase date, amount spent), general purchase choices, preferences, and browsing behavior on the Website for profiling purposes, as specified below. Information derived from your preferences for customizing newsletter content will also be processed.

d. Third-party data voluntarily provided by the user

When utilizing Website services, third parties may handle personal data that you disclose to Doerkind. This includes information submitted for product purchases intended for third-party recipients, data related to payments that reference the bank details of third parties, and billing information, as well as details provided when seeking information in the "Contact Us" section of the Website. In such instances, you assume the role of an independent data controller, undertaking all relevant legal obligations and responsibilities. Consequently, you hold us harmless against any disputes, claims, or compensation requests for damages arising from processing that the Data Controller may encounter from third parties whose personal data has been processed due to your use of the Website's services, contravening applicable personal data protection regulations. Regardless, if you furnish or process personal data of third parties on the Website, you affirm and assure that such processing is, where necessary, based on your prior acquisition of the third parties' consent for information processing, and you acknowledge all associated liability.

e. Cookies and other tracking technologies

Information about cookies used on the Website is available at Cookie Policy.

The legal foundation for processing personal data for the purposes outlined in sections 3.1 and 3.2 is Article 6, paragraph 1, point b of the Regulation, stating that processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject before entering into a contract. This necessity arises from the requirement for service provision. Notably, regarding the telephone assistance service in section 3.1, it is possible to disable call recordings for quality checks upon your request. While providing personal data for these purposes is optional, failure to do so would render the activation of the requested services impossible.

The purpose specified in section 3.3 constitutes legitimate processing of personal data under Article 6, paragraph 1, point c of the Regulation, as processing is necessary for compliance with a legal obligation to which the controller is subject. Once personal data is submitted, processing must align with the legal obligations of the Data Controller.

Processing conducted for the purposes detailed in sections 3.5 and 3.6 relies on your consent as per Article 6, paragraph 1, point a (the data subject has given consent to the processing of his or her personal data for one or more specific purposes) and Article 22, paragraph 2, point c of the Regulation. This consent is revocable at any time without affecting the lawfulness of processing carried out before revocation, according to Article 7 of the Regulation. Providing personal data for these purposes is entirely optional and does not impact service usage. If you wish to object to data processing for marketing, profiling, or communication purposes, you can contact the Data Controller anytime via the provided contact details or Privacy Settings in your Personal Area.

Concerning the purpose in point 3.4, it's noted that if the Data Controller uses details provided by the data subject via post or email for direct sales of products or services, consent may not be required, provided the products or services are similar to those purchased, and the data subject is adequately informed and does not refuse such use initially or subsequently.

The processing in section 3.7 is conducted to pursue the legitimate interest of the Data Controller in accordance with Article 6, paragraph 1, point f of the Regulation.

It's clarified that processing in section 3.8 is performed to address any defensive needs of the Data Controller in line with Article 6.1.f of the Regulation.

Importantly, the processing outlined in section 3.9, as it doesn't involve personal data, falls outside the purview of personal data protection regulations and can be freely undertaken by the Data Controller.

For the purposes outlined in section 3 of this Privacy Policy disclosure, your personal data may be shared with the following entities:

4.1 Individuals authorized by the Data Controller to process personal data, such as staff operating in sales, administration and accounting, after-sales assistance, CRM, and IT systems management.

4.2 Third parties who, in providing services (e.g., technological services, assistance and consultancy services in accounting, administrative, legal, tax, and financial matters, technical maintenance, transport services, banking, and insurance services), typically function as data processors. The Data Controller maintains an updated list of appointed data processors, accessible to the data subject at the specified office or upon request to the provided addresses.

4.3 DOERKIND Group companies, acting as independent data controllers for administrative-accounting purposes based on legitimate interest.

4.4 Third parties responsible for activities referenced in this Privacy Policy Disclosure with whom DOERKIND has entered into commercial agreements.

4.5 Individuals, entities, or authorities requiring the disclosure of your personal information as mandated by law or by order of the authorities.

These entities collectively constitute the “Recipients."

Certain personal data is shared with Recipients, and the Data Controller ensures that these Recipients handle your personal data in compliance with the Regulation. Regarding the transfer of personal data to third countries, the Data Controller affirms that the processing will adhere to methods permitted by current legislation. This may include obtaining the consent of the concerned party, selecting subjects participating in international programs for the free dissemination of data, or engaging with countries deemed secure based on an adequacy decision. For additional details, you can request more information by submitting a written request to the Data Controller at the addresses provided in the Contact Us section of this Privacy Policy Disclosure.

Your personal data will be entered and stored in the information systems of the Data Controller, adhering to the principles of minimization and retention limitation as outlined in the Regulation.

• Personal data processed for the purposes in sections 3.1 and 3.2 will be retained for the duration necessary to achieve those objectives. This includes the time required for contract execution, providing legal or conventional guarantees, and complying with mandated retention periods under the law.
• Data processed for the purposes in section 3.3 will be retained according to the specific obligation or applicable law.
• For the purposes in section 3.4, your personal data will be processed until you object to its processing.
• Conversely, for the purposes in sections 3.5 and 3.6, your personal data will be retained until the revocation of your consent, limited to seven years from registration. After the revocation or expiration of the seven-year period, the data will be permanently deleted or anonymized.
• Similarly, for the purposes in Article 3.7, your data will be retained for a maximum of seven years from registration.
• The Data Controller reserves the right to retain your data for the duration necessary to fulfill regulatory obligations or meet defensive needs. Additionally, the Data Controller may retain your personal data in line with international law to protect their interests.
• In the event of account deactivation, your personal data will continue to be processed for 12 months, following the established criteria and principles. Even after this period and in the case of total account removal, your data may still be retained. The expiration of the term or complete account removal does not automatically result in the deletion of your personal data or the revocation of privacy consents provided by you.

For more information on data cancellation requests and consent withdrawal, please refer to point 8 "Rights of data subjects" in this Data Privacy Disclosure. Additional details on the data retention period and criteria can be requested by submitting a written request to the Data Controller at the addresses specified in the "Contact Us" section of this Privacy Policy.

As a Data Subject, you have the right to exercise your rights and revoke consent at any time, without affecting the lawfulness of processing conducted before the revocation. Specifically, you can request access to your Personal Data, its correction, deletion, processing restriction, and obtain data portability as per the provisions of the law.

If you wish to oppose the processing of your Personal Data, you can submit a request, providing reasons for the opposition. The Data Controller reserves the right to evaluate your request, and it may not be accepted if there are legitimate and compelling reasons for continuing the processing that outweigh your interests, rights, and freedoms.

Requests should be communicated in writing to the Data Controller, using the contact details specified in the "Contact Us" section of this Privacy Policy Disclosure.

If you suspect that the processing of your personal data by the Data Controller violates the provisions of the Regulations, you have the right to file a complaint with the Data Privacy Guarantor Authority, in accordance with the Regulation, or pursue remedies through the appropriate legal channels.

The Data Controller retains the right to modify or update the content of this Privacy Policy, either in part or in its entirety, including changes prompted by alterations in applicable legislation. Consequently, we encourage you to check this section regularly to stay informed about the latest and updated version of the Privacy Policy. This ensures that you are consistently aware of the data collected and how Doerkind utilizes it.

To assert the rights mentioned above or for any other inquiries, kindly send a written request to the Data Controller through the "Contact Us" section.