Privacy Policy

At Dorexis, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website www.dorexis.shop, make a purchase, or interact with us. We are committed to protecting your data and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Data Controller Information

Dorexis is the data controller for your personal information. This means we are responsible for deciding how we collect and use your data.

Data Controller: Dorexis
📍 Address: 1 WALKFIELD DRIVE, EPSOM, ENGLAND, KT18 5UF, United Kingdom
📧 Email: ucem2571@outlook.com (Privacy Requests)
📞 Phone: 0345 677 9829

2. Information We Collect

We collect several categories of personal information to provide our services and improve your shopping experience.

2.1 Information You Provide Directly

• Identity Data: Full name, date of birth (optional), gender preferences
• Contact Data: Email address (ucem2571@outlook.com for corporate communications), phone number (0345 677 9829), billing address, shipping address
• Financial Data: Payment card details (processed by our secure payment processors; we do not store full card numbers)
• Transaction Data: Order history, purchase amounts, return history
• Profile Data: Username, password, shopping preferences, wishlist items, size preferences
• Communications: Customer service inquiries, emails, chat messages, product reviews

2.2 Information Automatically Collected

When you visit our Site, we automatically collect:

• Technical Data: IP address, browser type and version, operating system, device identifiers
• Usage Data: Pages viewed, time spent on pages, clickstream data, referring website, search queries
• Location Data: General geographic location derived from your IP address (e.g., country, region)
• Cookies and Tracking Technologies: See Section 8 for details

2.3 Information from Third Parties

We may receive information from:

• Payment processors (transaction confirmation, fraud screening)
• Shipping carriers (delivery updates, address verification)
• Analytics providers (e.g., Google Analytics)
• Marketing platforms (if you consent to targeted advertising)
• Social media platforms (if you interact with our social media accounts)

3. How We Use Your Information

We use your personal information for the following purposes, supported by the legal bases identified below:

3.1 To Fulfill Your Orders (Contract Performance)

• Process and complete your purchases
• Confirm orders and send order updates
• Arrange shipping and delivery
• Process returns, exchanges, and refunds
• Handle customer service requests

3.2 To Improve Our Services (Legitimate Interests)

• Analyze website usage and shopping patterns
• Enhance user experience and site functionality
• Develop new products and features
• Conduct market research and surveys
• Prevent fraud and enhance security

3.3 Marketing and Personalization (Consent or Legitimate Interests)

• Send promotional emails about new collections, sales, and events (with your consent)
• Personalize product recommendations and offers
• Deliver targeted advertisements on social media platforms
• You may opt out of marketing communications at any time

3.4 Legal Compliance (Legal Obligation)

• Comply with tax, accounting, and record-keeping laws
• Respond to lawful requests from law enforcement or regulators
• Establish, exercise, or defend legal claims

4. Legal Bases for Processing (UK GDPR)

Under UK data protection law, we must have a valid legal basis to process your personal information. The table below summarizes our processing activities and legal bases:

• Contract Performance: Processing orders, payments, shipping, returns — necessary to fulfill our contract with you
• Legitimate Interests: Improving our website, fraud prevention, analytics — where our interests do not override your rights
• Consent: Marketing emails, cookies (non-essential) — you can withdraw consent at any time
• Legal Obligation: Tax records, compliance with court orders — required by law

5. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes. We may share your data with the following categories of recipients:

5.1 Service Providers (Data Processors)

• Payment Processors: Stripe, PayPal, Klarna — to securely process transactions
• Shipping Carriers: Royal Mail, Evri, DHL, FedEx, UPS — to deliver your orders
• Email Service Providers: Klaviyo, Mailchimp — to send order confirmations and marketing (with consent)
• Analytics Providers: Google Analytics, Meta Pixel — to understand website usage
• IT and Cloud Services: Shopify (our e-commerce platform), AWS — to host and secure data

All service providers are contractually obligated to protect your data and use it only for the purposes we specify.

5.2 Legal and Regulatory Authorities

We may disclose your information if required by law, court order, or government regulation, or if necessary to protect our rights, property, or safety, or that of others.

5.3 Business Transfers

In the event of a merger, acquisition, restructuring, or sale of assets, your personal information may be transferred as part of that transaction. You will be notified via email or prominent notice on our Site of any change in ownership or uses of your data.

6. International Data Transfers

Dorexis is based in the United Kingdom. However, some of our service providers (e.g., Shopify, payment processors, email platforms) may operate outside the UK and EEA, including in the United States and other countries. When we transfer your personal data internationally, we ensure appropriate safeguards are in place, such as:

• UK Addendum to the Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office (ICO)
• EU Standard Contractual Clauses (where applicable)
• Transfer Impact Assessments to ensure adequate protection

7. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including for legal, accounting, or reporting requirements. Specific retention periods:

• Order Information: 7 years (to comply with UK tax and consumer protection laws)
• Account Information: Until you delete your account, plus 30 days
• Marketing Preferences: Until you withdraw consent, plus 2 years of inactivity
• Website Analytics: 26 months (Google Analytics)
• Customer Service Communications: 3 years from last contact

8. Cookies and Tracking Technologies

Our Site uses cookies and similar technologies to enhance your browsing experience, analyze website traffic, and personalize content. Cookies are small text files stored on your device.

Types of Cookies We Use:

• Essential Cookies: Required for site functionality, shopping cart, checkout — cannot be disabled
• Analytics Cookies: Help us understand how visitors use our Site (e.g., Google Analytics)
• Marketing Cookies: Used to deliver relevant ads and track campaign performance
• Preference Cookies: Remember your settings and preferences

You can manage your cookie preferences through your browser settings. Disabling non-essential cookies may affect site functionality. For more information, please see our Cookie Policy or contact us.

9. Your Rights (UK & EEA Residents)

Under UK GDPR, you have the following rights regarding your personal data:

• Right to Access (Subject Access Request): Request a copy of the personal data we hold about you, free of charge
• Right to Rectification: Request correction of inaccurate or incomplete information
• Right to Erasure ("Right to be Forgotten"): Request deletion of your data where there is no compelling reason for continued processing
• Right to Restriction of Processing: Request that we limit how we use your data
• Right to Data Portability: Request transfer of your data to another controller in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests, including direct marketing
• Right to Withdraw Consent: Withdraw consent for marketing or non-essential processing at any time
• Right to Lodge a Complaint: File a complaint with the UK Information Commissioner's Office (ICO) if you believe your rights have been violated

To exercise any of these rights, please contact us at ucem2571@outlook.com with the subject line "PRIVACY REQUEST". We will respond within 30 days as required by law.

10. Your Rights (California Residents - CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including:

• The right to know what personal information we collect, use, and disclose
• The right to request deletion of your personal information
• The right to opt-out of the "sale" of personal information (we do not sell your data)
• The right to correct inaccurate information
• The right to non-discrimination for exercising your rights

To exercise your California rights, please contact us at ucem2571@outlook.com.

11. Children's Privacy

Dorexis does not knowingly collect personal information from children under the age of 16. Our products and services are directed to adults. If you believe a child has provided us with personal information, please contact us immediately, and we will take steps to delete such information.

12. Data Security

We implement appropriate technical and organizational measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction. These include:

• SSL/TLS encryption for all data transmitted between your browser and our Site
• PCI-DSS compliant payment processing (we do not store full card details)
• Restricted access to personal information (only employees who need it for their role)
• Regular security assessments and vulnerability scanning
• Two-factor authentication for administrative access

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

13. Third-Party Links

Our Site may contain links to third-party websites, including social media platforms, payment gateways, and fashion blogs. We are not responsible for the privacy practices or content of these external sites. We encourage you to read their privacy policies before providing any personal information.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The "Last Updated" date at the top of this policy indicates when the latest changes were made. Material changes will be notified via email (to the address associated with your account) or through a prominent notice on our Site. Your continued use of our Site after changes constitutes acceptance of the revised policy.

15. Complaints and the ICO

If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues.

Information Commissioner's Office (ICO)
📍 Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
📞 Phone: 0303 123 1113
🌐 Website: www.ico.org.uk

16. Contact Our Data Protection Point

For all privacy-related inquiries, data subject requests, or questions about this policy, please contact our designated privacy contact:

📧 Email: ucem2571@outlook.com (Subject: "PRIVACY REQUEST")
📞 Phone: 0345 677 9829
📍 Postal Address: 1 WALKFIELD DRIVE, EPSOM, ENGLAND, KT18 5UF, United Kingdom