Effective Date: April 11, 2025
At The Desert Box, accessible from thedesertbox.com, we are committed to protecting the privacy and personal data of our visitors, subscribers, and customers. This GDPR Privacy Policy outlines how we collect, use, store, and protect your data in compliance with the General Data Protection Regulation (EU) 2016/679.
1. Who We Are
The Desert Box is an independent brand and digital platform offering curated lifestyle content, subscriptions, and products. For GDPR purposes, we are the “data controller” of your personal information.
If you have any questions about this policy or your data, contact us at:
[email protected]
2. What Personal Data We Collect
We may collect and process the following categories of personal data:
- Identity Data: Name, username, and title
- Contact Data: Email address, shipping/billing address
- Transaction Data: Order history, payment details (processed securely via third-party providers)
- Technical Data: IP address, browser type, location, device information
- Usage Data: Browsing patterns, time spent on site, page visits
- Marketing & Communication Data: Your preferences in receiving newsletters or promotional materials
3. How We Collect Your Data
We collect data when you:
- Subscribe to our newsletter or updates
- Place an order or interact with our shop
- Fill out a contact form or survey
- Interact with us on social media
- Browse our website (via cookies and analytics)
4. Why We Collect Your Data (Legal Basis)
We use your data under one or more of the following legal bases:
- Consent: When you opt-in to newsletters or marketing
- Contract: To fulfill product orders and deliver services
- Legal obligation: For accounting, taxation, and regulatory compliance
- Legitimate interests: For analytics, service improvements, fraud prevention
5. How We Use Your Personal Data
Your data may be used to:
- Process and ship your orders
- Communicate with you about your purchases
- Send you updates, promotions, or relevant offers
- Personalize your site experience
- Improve our website and customer service
- Comply with legal obligations
6. Sharing Your Data
We never sell your data. We may share your data with trusted third parties such as:
- Payment processors (e.g., Stripe, PayPal)
- Shipping and logistics partners
- Email marketing providers (e.g., Mailchimp)
- Analytics tools (e.g., Google Analytics)
- Legal and accounting service providers
All third parties are required to respect your privacy and comply with GDPR.
7. Data Retention
We retain personal data only for as long as necessary for the purposes set out in this policy or to comply with legal obligations.
- Newsletter data: until you unsubscribe
- Order data: 7 years (for legal and tax compliance)
- Analytics data: typically retained for 26 months or as required by provider settings
8. Your GDPR Rights
Under GDPR, you have the right to:
- Access your personal data
- Rectify inaccurate or incomplete data
- Request erasure (“right to be forgotten”)
- Restrict processing
- Object to processing
- Data portability
- Withdraw consent at any time
To exercise your rights, email us at [email protected]
9. Data Security
We use SSL encryption, secure third-party processors, and limited access protocols to ensure your personal data is protected from unauthorized access, alteration, or disclosure.
10. Cookies
We use cookies to improve your browsing experience and analyze site traffic. You can modify your cookie preferences at any time in your browser settings or via our cookie banner.
11. International Transfers
Some of our service providers may process data outside the EEA. In such cases, we ensure appropriate safeguards are in place (e.g., Standard Contractual Clauses or Privacy Shield frameworks where applicable).
12. Changes to This Policy
We may update this GDPR Privacy Policy periodically. The latest version will always be posted here with the effective date clearly stated.
13. Contact Us
If you have any concerns or questions regarding your data or this policy, please contact:
[email protected]