Privacy Policy
Contents
- Who We Are
- Scope of This Policy
- Information We Collect
- How We Use Your Information
- Legal Bases for Processing
- Who We Share Data With
- International Data Transfers
- Data Retention
- Security
- Your Rights
- Children's Privacy
- Cookie Policy
- California Privacy Rights
- Do Not Track
- Changes to This Policy
- Contact Us
1. Who We Are
1.1 This Privacy Policy is issued by Dremofal Limited, a company incorporated under the laws of the Republic of Cyprus, with its registered office at Florinis 7, Greg Tower, 2nd Floor, 1065, Nicosia, Cyprus ("Dremofal," "we," "us," or "our").
1.2 Dremofal Limited is a technology app company engaged in the development and operation of lifestyle and personal styling applications. For the purposes of applicable data protection legislation, including the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the applicable Cypriot implementing legislation, Dremofal Limited acts as the data controller in respect of personal data processed through this Website.
2. Scope of This Policy
2.1 This Privacy Policy describes how we collect, use, disclose, and otherwise process personal data in connection with your use of the website located at dremofallimited.com (the "Website"). It does not apply to any applications, platforms, or services that Dremofal may operate separately, which are each governed by their own applicable privacy notices.
2.2 By accessing or using the Website, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with its terms, please discontinue your use of the Website.
3. Information We Collect
3.1 Information you provide. When you voluntarily contact us — for example by emailing us directly or submitting an enquiry — we collect the information you choose to provide, which may include your name, email address, and the content of your communication.
3.2 Information collected automatically. When you visit the Website, we and our third-party service providers may automatically collect certain technical information, including:
- your IP address and approximate geolocation;
- browser type, version, and operating system;
- referring URLs and exit pages;
- pages viewed, time spent on each page, and clickstream data;
- device identifiers and network information;
- information collected via cookies and similar tracking technologies (see Section 12).
3.3 Information from third parties. We may receive limited information about visitors from analytics providers and advertising platforms through which we promote our business, subject to the applicable terms of those platforms.
3.4 We do not knowingly collect sensitive categories of personal data (as defined under Article 9 GDPR) through this Website.
4. How We Use Your Information
4.1 We use the personal data we collect for the following purposes:
- to operate, maintain, and improve the Website;
- to respond to your enquiries and provide you with relevant information;
- to analyse Website usage and understand how visitors interact with our content;
- to measure the effectiveness of our marketing and promotional activities;
- to comply with our legal and regulatory obligations;
- to detect, prevent, and address fraudulent, harmful, or unlawful activity.
5. Legal Bases for Processing
5.1 Where the GDPR applies, we rely on the following legal bases to process your personal data:
- Legitimate interests (Article 6(1)(f) GDPR) — for Website analytics, security monitoring, improvement of our services, and analysis of advertising performance data. We have conducted and documented a balancing assessment confirming that our interests do not override your fundamental rights and freedoms.
- Consent (Article 6(1)(a) GDPR) — where we obtain your express agreement before placing non-essential cookies or tracking technologies on your device.
- Compliance with a legal obligation (Article 6(1)(c) GDPR) — where applicable law requires us to collect, retain, or disclose personal data.
- Performance of a contract or pre-contractual steps (Article 6(1)(b) GDPR) — where you have made an enquiry with a view to entering into a commercial relationship with us.
6. Who We Share Data With
6.1 We do not sell, rent, or trade your personal data. We may share personal data with the following categories of recipients:
- Infrastructure and hosting providers — cloud infrastructure and storage services (including Amazon Web Services) that host the Website and its data.
- Analytics and advertising platforms — we use analytics services to understand Website traffic and user behaviour, and we may promote our business through digital advertising platforms (including Meta Platforms, Inc.). Performance data from such platforms (such as campaign spend, impressions, and delivery metrics) may be processed in connection with our analytics workflows as described below.
- Professional advisers — lawyers, accountants, and other professional advisers who require access to your data to provide us with relevant services, subject to appropriate confidentiality obligations.
- Regulatory authorities and law enforcement — where disclosure is required by law, court order, or applicable regulatory authority.
6.2 Analytics data processing. We use Google BigQuery (operated by Google LLC) to store and analyse advertising performance data obtained from the Meta advertising platform (Meta Platforms, Inc.). This includes campaign metrics such as spend, impressions, and ad delivery data, processed for internal marketing analytics and campaign optimisation purposes. Where practicable, such data is processed in aggregated or pseudonymised form. We do not intentionally retain data in BigQuery that directly identifies individual visitors to this Website.
7. International Data Transfers
7.1 Dremofal Limited is established in Cyprus, which is a Member State of the European Union. Some of our service providers are established outside the European Economic Area ("EEA"), including in the United States. Where we transfer personal data to recipients outside the EEA, we ensure that appropriate safeguards are in place in accordance with Chapter V of the GDPR, including where applicable the use of Standard Contractual Clauses approved by the European Commission, or reliance on an adequacy decision.
7.2 For further information regarding the safeguards applicable to any international transfer of your personal data, please contact us using the details in Section 16.
8. Data Retention
8.1 We retain personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by applicable law.
8.2 Correspondence and enquiry records are generally retained for a period of up to three (3) years from the date of last contact, unless a longer retention period is required for legal or regulatory compliance purposes.
8.3 Cookie and analytics data is retained in accordance with the settings of the applicable third-party tools, as described in the documentation of those providers.
8.4 On expiry of the applicable retention period, personal data will be securely deleted or anonymised.
9. Security
9.1 We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration, or destruction. These measures include transport layer security (TLS) encryption for data transmitted via the Website, access controls, and regular security reviews.
9.2 Whilst we take reasonable steps to protect your personal data, no method of transmission over the internet or method of electronic storage is entirely secure. We cannot guarantee absolute security. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority and, where required, affected individuals, in accordance with applicable law.
10. Your Rights
10.1 Subject to applicable law, you may have the following rights in respect of your personal data:
- Right of access — to obtain confirmation of whether we hold personal data about you and, if so, to receive a copy;
- Right to rectification — to request correction of inaccurate or incomplete data;
- Right to erasure — in certain circumstances, to request deletion of your personal data;
- Right to restriction — to request that we limit the ways in which we process your data;
- Right to data portability — to receive your personal data in a structured, commonly used format where technically feasible;
- Right to object — to object to processing based on legitimate interests or for direct marketing purposes;
- Right to withdraw consent — where processing is based on your consent, to withdraw it at any time without affecting the lawfulness of processing prior to withdrawal.
10.2 To exercise any of these rights, please contact us as described in Section 16. We will respond to your request within one (1) month, subject to verification of your identity. If you are not satisfied with our response, you have the right to lodge a complaint with the Office of the Commissioner for Personal Data Protection in Cyprus (the competent supervisory authority), or with the supervisory authority in the EU Member State of your habitual residence.
11. Children's Privacy
11.1 The Website is not directed at individuals under the age of eighteen (18) years. We do not knowingly collect personal data from anyone under the age of 18. If we become aware that we have inadvertently collected personal data from a person under this age threshold, we will take prompt steps to delete that data. If you believe we may have received personal data from a minor, please contact us using the details in Section 16.
12. Cookie Policy
12.1 What are cookies. Cookies are small text files that are stored on your device when you visit a website. They allow the website to recognise your device on future visits and to remember certain information about your preferences or activity.
12.2 How we use cookies. This Website uses the following categories of cookies and similar technologies:
| Name | Type | Purpose | Duration |
|---|---|---|---|
site_ck |
Strictly necessary | Records your cookie consent preference so we do not display the consent banner on subsequent visits. | 365 days |
| Analytics cookies | Analytics / Performance (consent-gated) | Set only when you select "Accept All". These cookies would help us understand how visitors use the Website. No third-party analytics cookies are currently active on this Website. This row is maintained for transparency should such tools be introduced in future. | Varies (up to 12 months) |
12.3 Managing cookies. When you first visit the Website, we will present you with a cookie banner offering you the choice to "Accept All" cookies or to accept "Only Essentials" (strictly necessary cookies only). Your selection is stored in the site_ck cookie for twelve (12) months.
12.4 You may also manage or delete cookies at any time through your browser settings. Instructions are available for Google Chrome, Mozilla Firefox, Apple Safari, and Microsoft Edge. Note that disabling certain cookies may affect the functionality or appearance of this Website.
12.5 Where third-party analytical tracking technologies are deployed (see Section 12.2), you may opt out via the tools offered by the relevant providers. For general interest-based advertising opt-outs, you may use the Network Advertising Initiative opt-out portal (optout.networkadvertising.org) or the Digital Advertising Alliance's consumer choice tool (aboutads.info/choices).
13. California Privacy Rights
13.1 If you are a resident of the State of California, the California Consumer Privacy Act (CCPA) and, where applicable, the California Privacy Rights Act (CPRA) may provide you with specific rights regarding your personal information.
13.2 Right to know. You have the right to request that we disclose: the categories of personal information we have collected about you; the categories of sources from which that information was collected; the business or commercial purpose for collecting it; the categories of third parties with whom we have shared it; and the specific pieces of personal information we hold about you.
13.3 Right to delete. You have the right to request deletion of personal information we have collected about you, subject to applicable exceptions.
13.4 Right to opt out of sale or sharing. We do not sell or share personal information as those terms are defined under the CCPA and the California Privacy Rights Act (CPRA). We do not engage in cross-context behavioural advertising.
13.5 Right to non-discrimination. We will not discriminate against you for exercising your rights under the CCPA.
13.6 To exercise any California privacy rights, please contact us as set out in Section 16. We will respond to verifiable consumer requests within forty-five (45) days, subject to an extension of a further forty-five (45) days where reasonably necessary.
13.7 California Shine the Light. Under California Civil Code Section 1798.83, California residents are entitled to request information about our disclosure of personal information to third parties for their own direct marketing purposes. We do not share personal information with third parties for their own direct marketing purposes and accordingly have no such disclosures to report.
14. Do Not Track
14.1 Some browsers transmit "Do Not Track" (DNT) signals to websites. Because there is currently no agreed-upon standard governing how websites should respond to such signals, this Website does not alter its data collection or use practices in response to DNT signals. You may, however, manage your cookie preferences at any time as described in Section 12.
15. Changes to This Policy
15.1 We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. The "Last Updated" date at the top of this page will always indicate when the Policy was most recently revised. Where changes are material, we will take reasonable steps to bring those changes to your attention. Your continued use of the Website after any update constitutes your acceptance of the revised Policy.
16. Contact Us
16.1 For questions, requests, or complaints in relation to this Privacy Policy or our data processing practices, please refer to the contact information on our website. You may also write to us at our registered office address: Dremofal Limited, Florinis 7, Greg Tower, 2nd Floor, 1065, Nicosia, Cyprus.
16.2 If you are not satisfied with our response, you have the right to lodge a complaint with the Office of the Commissioner for Personal Data Protection in Cyprus (www.dataprotection.gov.cy).