Privacy Policy

Hadassa Femme (“Hadassa Femme”, “we”, “us”, “our”) operates an online fashion store and is committed to protecting the privacy and personal data of its customers in full compliance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and all applicable European data protection laws.

This Privacy Policy explains how personal data is collected, processed, stored, shared, and protected when users access our website, create an account, place orders, or interact with our services.

1. Data Controller

The data controller responsible for processing your personal data is:

Hadassa Femme
[Legal entity name]
[Business address – EU]
Email: [contact email]

2. Categories of Personal Data Collected

We may collect and process the following categories of data:

a) Data Provided Directly by You

  • Full name;
  • Billing and shipping address;
  • Email address and telephone number;
  • Account login credentials;
  • Order details and purchase history;
  • Customer service communications.

b) Payment Data

Payment information is processed exclusively by certified third-party payment providers. Hadassa Femme does not store full credit card or banking details.

c) Automatically Collected Data

  • IP address;
  • Browser and device information;
  • Date, time and duration of visits;
  • Referring URLs;
  • Cookies and tracking technologies.

3. Purpose and Legal Basis of Processing

Your data is processed for the following purposes and legal bases:

Purpose Legal Basis
Order processing and delivery Contract performance
Customer account management Contract performance
Customer support Legitimate interest
Marketing communications (newsletter) Consent
Fraud prevention and security Legitimate interest
Accounting and tax compliance Legal obligation

4. Data Sharing and Transfers

Your personal data may be shared with:

  • Payment service providers;

  • Logistics and shipping companies;

  • IT infrastructure and hosting providers;

  • Customer support platforms;

  • Legal and tax authorities when legally required.

When data is transferred outside the European Economic Area (EEA), appropriate safeguards such as Standard Contractual Clauses (SCCs) are applied.

5. Data Retention

Personal data is retained only for as long as necessary to fulfill contractual, legal, or regulatory obligations. After expiration of retention periods, data is securely deleted or anonymized.

6. Cookies and Tracking Technologies

We use essential, functional, analytical and marketing cookies. Non-essential cookies are used only after user consent and can be managed at any time via browser settings or our cookie banner.

7. Your Rights Under GDPR

You have the right to:

  • Access your personal data;
  • Rectify inaccurate or incomplete data;
  • Request erasure (“right to be forgotten”);
  • Restrict or object to processing;
  • Data portability;
  • Withdraw consent at any time;
  • Lodge a complaint with a supervisory authority.

Requests can be submitted to: [contact email]

8. Data Security

We implement technical and organizational measures to protect personal data against unauthorized access, loss, alteration, or disclosure.

9. Policy Updates

This Privacy Policy may be updated periodically. The latest version will always be available on our website.