← Back to Shop

GDPR Compliance

Last updated: July 23, 2025

Our Commitment to GDPR

DYSTOWNED is committed to protecting the privacy and personal data of all individuals, particularly those in the European Union. We comply with the General Data Protection Regulation (GDPR) and respect your data protection rights.

This page outlines your rights under GDPR and how we handle your personal data in accordance with these regulations.

Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Contract: To fulfill orders and provide services you've requested
  • Consent: For marketing communications and non-essential cookies
  • Legitimate Interest: For fraud prevention, security, and business operations
  • Legal Obligation: To comply with tax, accounting, and other legal requirements

Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

Right of Access: Request a copy of the personal data we hold about you.

Right to Rectification: Request correction of inaccurate or incomplete data.

Right to Erasure: Request deletion of your personal data in certain circumstances.

Right to Restrict Processing: Request limitation of how we use your data.

Right to Data Portability: Request your data in a structured, machine-readable format.

Right to Object: Object to processing based on legitimate interests or for marketing.

Rights Related to Automated Decision-Making: Protection against solely automated decisions.

How to Exercise Your Rights

To exercise any of your GDPR rights, contact us at:

  • Email: privacy@dystowned.com
  • Subject line: "GDPR Request - [Type of Request]"
  • Include: Your full name, email address, and specific request details

We will respond to your request within 30 days. In complex cases, we may extend this period by up to 60 additional days with notification.

Data Transfers Outside the EU

When we transfer your personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions for countries with equivalent protection
  • Certification schemes and codes of conduct

Data Retention

We retain your personal data only as long as necessary for the purposes outlined:

  • Account Data: Until account deletion or 3 years of inactivity
  • Order Data: 7 years for tax and accounting purposes
  • Marketing Data: Until consent withdrawal or 2 years of inactivity
  • Website Analytics: 26 months maximum

Complaints and Supervisory Authority

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with your local supervisory authority.

For EU residents, you can find your local data protection authority at: https://edpb.europa.eu/about-edpb/board/members_en

Contact Information

DYSTOWNED™ LLC

Email: contact@dystowned.com