1) Who we are (Controller)

DCPLYN Ltd (“DCPLYN”, “we”, “us”) is an apparel brand and online store operating at dcplyn.com. For data protection purposes, DCPLYN is the data controller of your personal information when you use our website, make a purchase, contact us, or otherwise interact with us.

Contact page: https://dcplyn.com/pages/contact
Postal: DCPLYN Ltd, 25 Wilne Street, Leicester, LE2 0EA, England, United Kingdom

We have not appointed a Data Protection Officer. If this changes, we will update this policy.

2) Scope

This policy explains how we collect, use, disclose and protect your personal information when you visit, use or make a purchase on our site, or otherwise communicate with us. Our store is hosted by Shopify; some processing is carried out by Shopify as described in Section 10 (Relationship with Shopify).

3) What we collect

The information we collect depends on how you interact with us and applicable law. We may process:

• Contact details: name, email, phone, billing & delivery address.
• Account details: username, password, preferences.
• Order & transaction details: items viewed/added/purchased, returns/exchanges, order history, payment confirmation, payment method (we do not store full card numbers).
• Payment information: processed by our payment providers (e.g., Shopify Payments (powered by Stripe) and PayPal). We receive limited info such as payment status and last 4 digits.
• Device & usage information: IP address, browser, device identifiers, general location, pages viewed, links clicked, session timestamps, referring URLs.
• Communications: messages you send us (support, order notes, reviews, social messages).
• Inferences: preferences we may derive from the above to tailor your experience.

Sources:

• Directly from you (e.g., checkout forms, messages);
• Automatically via cookies and similar technologies (see Section 8);
• From service providers (payments, analytics, fulfilment, email/SMS);
• From partners/third parties where permitted by law.

4) Why we use your information (lawful bases)

• We use personal information for the purposes and legal bases below:
• Provide & operate the Services (*contract): process orders and payments, fulfil & deliver items, manage returns, provide support, maintain your account.
• Personalise & improve (legitimate interests/consent): remember preferences, recommend products, improve site performance and usability.
• Marketing & advertising (consent/legitimate interests): send emails/SMS/postal offers; show ads on our site or others based on your activity. You can opt out at any time. See Section 9 (Direct marketing) and Section 8 (Cookies).
• Security & fraud prevention (legitimate interests/legal obligation): protect accounts and our Services; detect, investigate and prevent fraud or abuse.
• Legal compliance (legal obligation): meet tax, accounting, regulatory and law‑enforcement requirements; enforce our terms.

Where we rely on consent, you can withdraw it at any time. Withdrawal does not affect prior lawful processing.

5) Sharing your information

We share personal information only as needed to operate our business and Services:

• Shopify (host & ecommerce platform) and other service providers acting on our behalf (payments, analytics, email/SMS, cloud hosting, printing, warehousing/fulfilment, delivery carriers, support tools). These providers are contractually bound to process data only on our instructions and to protect it.
  • Examples we use: Shopify Payments/Stripe, PayPal (payments); Shopify Email (marketing emails); Royal Mail (delivery); cloud hosting and support providers used by Shopify.
• Business/advertising partners to carry out marketing/ads where permitted (see Section 9).
• Affiliates and within our corporate group (if applicable).
• Legal, safety & compliance: to comply with law; respond to lawful requests; protect rights; or in connection with a business transaction (e.g., merger or acquisition).
• With your direction or consent, including integrations you enable.

We do not sell personal information in the conventional sense. Depending on your jurisdiction, certain advertising or analytics disclosures may be deemed a “sale” or “sharing”. See Section 12 (Your rights) for choices.

6) International transfers

Your information may be transferred, stored and processed outside the UK (and your country of residence). Where we transfer personal data from the UK/EEA to a country without an adequacy decision, we rely on safeguards such as the EU Standard Contractual Clauses and/or the UK Addendum. You can contact us for a copy of the relevant safeguards, subject to redactions.

7) Retention

We keep personal information for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. Typical examples:

• Orders & invoices: up to 6 years for UK tax/accounting.
• Customer service messages: up to 24 months after resolution.
• Marketing records: until you opt out or after 24 months of inactivity.
• Web analytics logs: typically 14–26 months, depending on tool settings. Actual retention may vary by record type and legal requirements.

8) Cookies & similar technologies

We use cookies, pixels and similar technologies to run our site, remember your preferences, analyse performance, and personalise content/ads. You can manage cookies in your browser; disabling some may affect functionality. Where required by law (e.g., UK PECR), we will ask for your consent before setting non‑essential cookies. You can update choices via our cookie banner or browser settings. For general cookie info, see allaboutcookies.org.

Analytics & ads tools: We do not currently use Google Analytics, Meta Pixel or TikTok Pixel. If we enable them in future, we will update this policy and our cookie banner to reflect those tools and provide appropriate controls.

9) Direct marketing (UK PECR)

• We send email/SMS marketing with your consent or under the soft opt‑in for existing customers (PECR). You can unsubscribe at any time via the link in each message or by contacting us.
• You can object to direct marketing at any time; we will honour this choice.
• SMS marketing (if used): message/data rates may apply; frequency varies; reply STOP to opt out.

10) Relationship with Shopify

Our store runs on Shopify. Shopify collects and processes information about your interactions with our store (and, in some cases, across merchants) to provide and improve the Services—for example, fraud prevention, analytics and personalised advertising. In certain cases Shopify acts as an independent controller and is responsible for handling related privacy‑rights requests. Learn more and exercise rights with Shopify via its Consumer Privacy Policy and Privacy Portal: privacy.shopify.com.

Payments via Shopify Payments/Stripe & PayPal: When you pay using these providers, they process your payment data as independent controllers for the transaction. Please review their privacy notices for details.

11) Automated decision‑making

We do not make decisions based solely on automated processing that produce legal or similarly significant effects. Shopify and payment providers may use automated tools for fraud prevention and risk scoring. If you believe you have been subject to an automated decision, you can contact us to request a human review.

12) Your rights (UK/EEA)

Depending on where you live, you may have the rights to access/know, rectify, erase, restrict or object to processing, data portability, and to withdraw consent (where relied upon). You also have the right to object to direct marketing at any time.

How to exercise: contact us using the details in Section 1. We may request information to verify your identity. Some rights may be limited by law (e.g., where fulfilling a request would infringe the rights of others or prevent us meeting legal obligations).

Complaints: You can complain to the Information Commissioner’s Office (ICO) or your local supervisory authority. Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, UK (ico.org.uk)

13) Children

Our Services are not intended for children and we do not knowingly collect personal data from individuals under 13. If you believe a child has provided us data, contact us to request deletion. If we become aware, we will take reasonable steps to delete such data.

14) Third‑party links

Our site may link to external sites. Their privacy practices are governed by their own policies; please review them before sharing information.

15) Provision of data & consequences of not providing it

Providing certain information (e.g., name, address, payment details) is necessary to enter into and perform the purchase contract. If you do not provide this information, we may be unable to fulfil your order. Providing information for marketing is optional.

16) Changes to this policy

We may update this policy to reflect changes to our practices or for legal/operational reasons. We will post updates here and revise the “Last updated” date above.

17) Contact

Questions or requests?

• Contact page: https://dcplyn.com/pages/contact
• Postal: DCPLYN Ltd, 25 Wilne Street, Leicester, LE2 0EA, England, United Kingdom

 

Last updated: 25 September 2025