Effective date: 20 September 2025
Who we are: digilois (“digilois”, “we”, “us”, “our”) is a multi-vendor commerce platform that connects independent sellers with shoppers.
Controller:Digilois
Contact: info@digilois.com

This Policy explains what personal data we collect, how we use it, the choices and rights you have, and how we comply with applicable laws, including the EU/UK GDPR, Türkiye’s KVKK (Law No. 6698), and (if applicable) California CCPA/CPRA.

1) Scope & Audience

This Policy applies to:

  • Visitors to our website/app,

  • Shoppers who create accounts or place orders,

  • Vendors who apply, onboard, and sell on digilois,

  • Any third party interacting with our services (e.g., support chats, marketing).

This Policy does not cover vendors’ own websites or services. Vendors are independent businesses with their own privacy responsibilities.

2) What We CollectA. Data you provide

  • Account & profile: name, email, phone, password, addresses, language, preferences, avatar.

  • Vendor onboarding: business name, contact details, IDs/KYC docs, tax info, payout info (e.g., IBAN), storefront content.

  • Orders & returns: shipping address, receiver name/phone, notes, messages to vendors.

  • Support content: emails, chat transcripts, recordings (if any), attachments.

  • Ratings & reviews: text, photos, timestamps, public profile name.

B. Data from your device/usage

  • Technical: IP, device IDs, OS/browser info, app version, crash logs, session IDs.

  • Usage: pages viewed, features used, clicks, time on page, referring URLs.

  • Location: coarse location from IP; precise location only if you opt-in.

  • Cookies/SDKs: see Section 10.

C. Payments

Card and wallet data are processed by our payment partners and never stored in full by digilois. We receive tokens/identifiers, payment status, and basic details needed to fulfill orders and manage disputes.

D. Third-party sources

  • Fraud & KYC providers, address verification,

  • Marketing & analytics tools,

  • Social login (if used): public profile info you authorize.

3) Why We Use Your Data (Purposes & Legal Bases)

We process data to:

  1. Provide the service (create/manage accounts, storefronts, carts, checkout, delivery, returns).

    • Legal bases: contract necessity; legitimate interest.

  2. Vendor marketplace operations (listings, inventory sync, payouts, invoices, tax calculations).

    • Legal bases: contract necessity; legal obligation.

  3. Payments & fraud prevention (KYC, anti-money laundering checks).

    • Legal bases: legal obligation; legitimate interest.

  4. Customer support & communications (tickets, notifications about orders, policy updates).

    • Legal bases: contract necessity; legitimate interest; consent (where required).

  5. Personalization & analytics (recommendations, A/B tests, performance).

    • Legal bases: consent where required (e.g., cookies); legitimate interest.

  6. Marketing (email, push, SMS, retargeting).

    • Legal bases: consent where required; legitimate interest with opt-out.

  7. Security & abuse (rate-limiting, intrusion detection, spam/fraud signals).

    • Legal bases: legitimate interest; legal obligation.

  8. Compliance (tax, accounting, lawful requests) and business continuity (backups).

    • Legal bases: legal obligation; legitimate interest.

We do not sell personal data.

4) Sharing & Disclosures

We share data only as needed:

  • Vendors: Shoppers’ order details (name, items, delivery address/phone, notes) so vendors can fulfill the order.

  • Service providers / processors: hosting, analytics, customer support tools, email/SMS delivery, KYC/fraud, shipping carriers, payments. Bound by contracts to process data only on our instructions.

  • Payment partners: to process payments, refunds, chargebacks.

  • Logistics & couriers: to deliver orders and manage returns.

  • Legal & compliance: to comply with laws, court orders, lawful requests.

  • Business transfers: in a merger, acquisition, or asset sale, data may transfer under appropriate safeguards.

5) International Transfers

If data is transferred outside your country/region, we use appropriate safeguards (e.g., EU Standard Contractual Clauses, UK Addendum, KVKK-compliant measures). You may contact us for copies of relevant safeguards (subject to confidentiality).

6) Retention

We keep data for as long as needed to provide the service and meet legal/financial obligations:

  • Accounts: retained while active; upon deletion request, we minimize or anonymize where feasible.

  • Orders & invoices: retained per tax/accounting laws (often 5–10 years).

  • Support logs & analytics: retained for operational periods, then deleted or anonymized.

  • Backups: time-limited and securely stored.

7) Security

We use technical and organizational safeguards (encryption in transit, access controls, least-privilege, monitoring, regular patching). No method is 100% secure; report incidents to [support@digilois.com].

8) Children

Our services are not directed to children under the age required by local law (e.g., 13/16). We do not knowingly collect data from them. If you believe we have, contact us to delete it.

9) Your RightsEEA/UK (GDPR) & Türkiye (KVKK)

You may have rights to:

  • Access your data; rectify inaccuracies; erase (where applicable);

  • Restrict or object to processing; portability of your data;

  • Withdraw consent at any time (does not affect prior lawful processing);

  • Complain to a supervisory authority (e.g., your DPA; in Türkiye, KVKK Authority).

Submit requests: [info@digilois.com]. We may verify identity and may deny requests where exceptions apply (e.g., legal obligations).

California (CCPA/CPRA) – if applicable

California residents can request:

  • Know/Access: categories/specific pieces of data we collected;

  • Delete data (subject to exceptions);

  • Correct inaccuracies;

  • Opt-out of “sharing” for cross-context behavioral advertising (we do not sell personal data).
    No discrimination for exercising rights. Use [privacy@yourdomain.com] or “[Do Not Sell/Share]” controls if provided.

10) Cookies, SDKs & Similar Technologies

We use:

  • Strictly necessary cookies (login sessions, security, cart);

  • Performance/analytics (traffic, errors, product interest);

  • Functional (remember preferences);

  • Advertising/retargeting (with consent where required).

Manage preferences via our Cookie Settings (if available) and your browser/device settings. Do Not Track signals are not consistently honored industry-wide; we honor consent where required by law.

11) Vendors’ Responsibilities (Important)

Vendors are independent businesses. When vendors receive shopper data (e.g., to fulfill orders), they act as independent controllers for that processing and must:

  • Use data only to fulfill the order and comply with law,

  • Protect data appropriately,

  • Publish their own privacy notices and honor user rights,

  • Comply with payment, tax, and consumer laws.

digilois provides tools and may process certain data as a processor on behalf of vendors (e.g., analytics dashboards), in which case our processing is governed by our terms and any applicable data processing agreement.

12) Automated Decisions & Profiling

We may use automated systems to detect fraud, secure accounts, and personalize recommendations. These do not produce legal or similarly significant effects without human review. You can contact us to request human review of significant automated decisions where required by law.

13) Third-Party Links & Social Logins

Our site/app may link to third-party services or allow social logins. Your use of those services is governed by their privacy policies, not this one.

14) Changes to This Policy

We may update this Policy to reflect changes in our practices or law. We’ll post updates here and change the “Effective date.” If changes are material, we’ll notify you via the service or email.


Shoping Cart

0 Item’s selected

Subtotal

$ 0.00
View Shopping Cart