Privacy policy
Privacy Policy
Last Updated: May 6, 2026
Effective Date: May 6, 2026
BYDAZED ("we," "us," "our") www.bydazed.com (the "Site"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you visit our Site, make a purchase, or interact with us. It applies to all visitors, customers, and users of our services.
We are committed to protecting your privacy and complying with the EU General Data Protection Regulation (GDPR), the Norwegian Personal Data Act, the California Consumer Privacy Act (CCPA), and other applicable data protection laws.
1. Information We Collect
1.1 Information You Provide Directly
When you place an order, create an account, subscribe to our newsletter, or contact us, we may collect:
- Identity data: Full name
- Contact data: Email address, phone number, shipping and billing address
- Transaction data: Order details, purchase history, payment method type (we do NOT store card numbers)
- Communication data: Messages sent via email, contact forms, or social media
- Account data: Username, password (encrypted), order history
- Preference data: Size preferences, newsletter preferences, marketing opt-in status
1.2 Information Collected Automatically
When you browse our Site, we automatically collect certain technical data through cookies and similar technologies:
- Device data: IP address, browser type and version, operating system, device type
- Usage data: Pages visited, time spent on pages, referring URLs, click patterns
- Location data: Approximate geographic location based on IP address
- Shopping data: Products viewed, items added to cart, abandoned cart data
1.3 Information from Third Parties
We may receive information from:
- Payment processors: Transaction confirmation and fraud screening results from Shopify Payments, PayPal, Klarna, and other providers
- Shipping partners: Delivery status and tracking updates from Posten, DHL, and other carriers
- Analytics providers: Aggregated website usage data from Google Analytics
2. How We Use Your Information
We process your personal data only when we have a lawful basis to do so. Our uses include:
| Purpose | Legal Basis (GDPR) |
|---|---|
| Processing and fulfilling orders | Contract performance |
| Sending order confirmations, shipping updates, and receipts | Contract performance |
| Processing payments and preventing fraud | Contract performance / Legitimate interest |
| Responding to customer service inquiries | Contract performance / Legitimate interest |
| Sending marketing emails and drop announcements (with consent) | Consent |
| Improving our website, products, and services | Legitimate interest |
| Analyzing site traffic and shopping patterns | Legitimate interest / Consent |
| Complying with legal obligations (tax, accounting) | Legal obligation |
| Preventing abuse and protecting our rights | Legitimate interest |
We will never sell your personal data to third parties for their own marketing purposes.
3. Cookies & Tracking Technologies
3.1 What Are Cookies?
Cookies are small text files stored on your device when you visit our Site. They help us provide a functional shopping experience and understand how our Site is used.
3.2 Types of Cookies We Use
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential | Cart functionality, checkout, security, session management | Session / 14 days |
| Functional | Remembering preferences, language, recently viewed items | Up to 1 year |
| Analytics | Google Analytics 4 (GA4) — understanding site traffic, page performance, user journeys | Up to 2 years |
| Marketing | Retargeting ads (if applicable), social media pixels | Up to 1 year |
3.3 Managing Cookies
You can control or delete cookies through your browser settings. Disabling essential cookies may affect the functionality of our Site (e.g., you may not be able to add items to your cart or complete checkout). You can also opt out of Google Analytics at tools.google.com/dlpage/gaoptout.
4. Payment Processing
All payment transactions are processed through Shopify Payments and our third-party payment providers (PayPal, Klarna, Apple Pay, Google Pay, MobilePay). These processors are PCI-DSS Level 1 compliant, the highest level of payment security certification.
We do not store, process, or have access to your full credit card numbers. Payment data is encrypted and transmitted directly to the payment processor. For more information on Shopify's security practices, visit Shopify's Privacy Policy.
5. Third-Party Services
We share personal data with the following categories of service providers, solely for the purposes described in this policy:
| Service Provider | Purpose | Data Shared |
|---|---|---|
| Shopify Inc. | E-commerce platform, hosting, checkout | Order data, customer data, browsing data |
| Payment processors (Stripe/Shopify Payments, PayPal, Klarna) | Payment processing | Name, billing address, payment details |
| Shipping carriers (Posten, DHL) | Order delivery | Name, shipping address, phone number |
| Google Analytics (GA4) | Website analytics | Anonymized browsing data, IP address (truncated) |
| Email service provider | Transactional and marketing emails | Email address, name, order data |
All third-party providers are contractually required to protect your data and may only use it for the purposes we specify. We do not sell or rent personal data.
6. International Data Transfers
As we use Shopify (headquartered in Canada) and other international service providers, your data may be transferred to and processed in countries outside the European Economic Area (EEA), including Canada and the United States.
When data is transferred outside the EEA, we ensure appropriate safeguards are in place, including:
- EU Standard Contractual Clauses (SCCs)
- Adequacy decisions by the European Commission (e.g., Canada)
- Data Processing Agreements with all processors
7. Data Retention
We retain your personal data only for as long as necessary for the purposes described in this policy:
| Data Type | Retention Period |
|---|---|
| Order and transaction data | 5 years (legal/tax obligation under Norwegian Bookkeeping Act) |
| Customer account data | Until account deletion is requested |
| Email marketing data | Until you unsubscribe |
| Customer service communications | 2 years after resolution |
| Analytics/cookie data | Up to 26 months (GA4 default) |
| Abandoned cart data | 3 months |
When data is no longer needed, it is securely deleted or anonymized.
8. Your Rights
8.1 Rights Under GDPR (EU/EEA Residents)
If you are located in the EU/EEA (including Norway), you have the following rights under the GDPR:
- Right of access: Request a copy of the personal data we hold about you
- Right to rectification: Request correction of inaccurate or incomplete data
- Right to erasure ("right to be forgotten"): Request deletion of your personal data (subject to legal retention obligations)
- Right to restrict processing: Request that we limit how we use your data
- Right to data portability: Receive your data in a structured, machine-readable format
- Right to object: Object to processing based on legitimate interests, including direct marketing
- Right to withdraw consent: Withdraw consent at any time where processing is based on consent (e.g., marketing emails)
To exercise any of these rights, email us at support@bydazed.com. We will respond within 30 days.
You also have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet) at www.datatilsynet.no.
8.2 Rights Under CCPA (California Residents)
If you are a California resident, you have the following rights under the CCPA:
- Right to know: Request details about the categories and specific pieces of personal information we have collected, the sources, the business purposes, and the third parties with whom we share it
- Right to delete: Request deletion of personal information we have collected from you
- Right to opt-out of sale: We do not sell personal information. No opt-out is necessary.
- Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights
To exercise any of these rights, email us at support@bydazed.com with the subject line "CCPA Request." We will respond within 45 days.
9. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- SSL/TLS encryption for all data transmitted between your browser and our Site
- PCI-DSS compliant payment processing (via Shopify Payments)
- Access controls limiting employee access to personal data on a need-to-know basis
- Regular security assessments of our systems and third-party providers
While no system is 100% secure, we take reasonable steps to protect your information from unauthorized access, alteration, disclosure, or destruction.
10. Children's Privacy
Our Site and services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 16, we will take steps to delete it promptly. If you believe a child has provided us with personal data, please contact us at support@bydazed.com.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Update the "Last Updated" date at the top of this page
- Post a notice on our Site if the changes are significant
- Notify you by email if required by law
We encourage you to review this policy periodically.
12. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:
BYDAZED
Email: support@bydazed.com
Website: www.bydazed.com
For GDPR-related inquiries, you may also contact the Norwegian Data Protection Authority:
Datatilsynet
Website: www.datatilsynet.no