Privacy policy

DERMIQO — Privacy Policy

Last updated: March 18, 2026

DERMIQO, operated by MB GROUP j.d.o.o. (Jarun 86, Zagreb, 10000, Croatia), operates this store and website, including all related information, content, features, tools, products and services, in order to provide you, the customer, with a curated shopping experience (the "Services"). DERMIQO is powered by Shopify, which enables us to provide the Services to you.

This Privacy Policy describes how we collect, use, and disclose your personal information when you visit, use, or make a purchase using the Services or otherwise communicate with us. If there is a conflict between our Terms of Service and this Privacy Policy, this Privacy Policy controls with respect to the collection, processing, and disclosure of your personal information.

Please read this Privacy Policy carefully. By using and accessing any of the Services, you acknowledge that you have read this Privacy Policy and understand the collection, use, and disclosure of your information as described herein.

Personal Information We Collect or Process

When we use the term "personal information," we refer to information that identifies or can reasonably be linked to you. We may collect or process the following categories of personal information depending on how you interact with the Services:

Contact details including your name, billing address, shipping address, phone number, and email address.
Financial information including payment card details, transaction details, and payment confirmation.
Account information including your username, password, security questions, preferences and settings.
Transaction information including items you view, add to cart, purchase, return, or cancel, and your past transactions.
Communications with us including information you include in customer support inquiries or other messages to us.
Device information including your device type, browser, network connection, IP address, and other unique identifiers.
Usage information including how and when you interact with or navigate the Services.

Personal Information Sources

We may collect personal information from the following sources:

Directly from you when you create an account, use the Services, communicate with us, or otherwise provide us with your personal information.
Automatically through the Services from your device when you use our products or visit our website, including through cookies and similar technologies.
From our service providers when we engage them to enable certain technology or when they collect or process your personal information on our behalf.
From our partners or other third parties.

How We Use Your Personal Information

We may use your personal information for the following purposes:

Provide, Tailor, and Improve the Services. We use your personal information to process payments, fulfil orders, manage your account, arrange shipping, facilitate returns and exchanges, send account-related notifications, and create a personalised shopping experience for you.

Marketing and Advertising. We may use your personal information to send marketing and promotional communications by email, and to show you relevant advertisements on our Services or other websites, including based on your past purchases or browsing activity. You can opt out at any time.

Security and Fraud Prevention. We use your personal information to authenticate your account, maintain a secure shopping environment, and detect or take action against fraudulent or unlawful activity.

Communicating with You. We use your personal information to provide customer support and to respond to your inquiries.

Legal Compliance. We use your personal information to comply with applicable law, respond to valid legal process, and enforce our terms and policies.

Legal Bases for Processing (GDPR)

If you are located in the European Economic Area, we process your personal information on the following legal bases:

Performance of a contract — to process your orders and provide the Services.
Legitimate interests — to improve the Services, prevent fraud, and conduct marketing (where this does not override your rights).
Legal obligation — to comply with applicable laws and regulations.
Consent — where you have given us explicit consent, such as for marketing communications. You may withdraw consent at any time.

How We Disclose Personal Information

We may disclose your personal information to third parties in the following circumstances:

With Shopify and service providers who perform services on our behalf, including payment processing, shipping, IT management, cloud storage, and customer support.
With business and marketing partners to provide advertising services. Our partners will use your information in accordance with their own privacy notices. You may have the right to opt out of targeted advertising based on your online activity.
When you direct or consent to disclosure, such as to ship your products or through social media integrations.
In connection with a business transaction such as a merger or acquisition.
To comply with legal obligations, respond to legal process, enforce our Terms of Service, or protect our rights and the rights of our users.

Relationship with Shopify

The Services are hosted by Shopify, which collects and processes personal information about your access to and use of the Services. Information you submit may be shared with Shopify and third parties located in countries other than where you reside. Shopify is independently responsible for the processing of your personal information in certain contexts. To learn more, visit the Shopify Consumer Privacy Policy or the Shopify Privacy Portal.

Third-Party Websites and Links

The Services may contain links to third-party websites. We are not responsible for the privacy or security practices of those sites and encourage you to review their policies before providing any personal information.

Cookies

We use cookies and similar tracking technologies to operate and improve the Services, and to serve relevant advertising. You will be presented with a cookie consent banner when you first visit our store, where you can manage your preferences. You may also adjust cookie settings through your browser at any time.

Children's Data

The Services are not intended for children under the age of 18. We do not knowingly collect personal information from minors. If you believe a child has provided us with their personal information, please contact us and we will delete it promptly.

Security and Retention

We take reasonable technical and organisational measures to protect your personal information. However, no security measures are perfect, and we cannot guarantee absolute security. We recommend you do not share sensitive information over unsecured channels.

We retain your personal information for as long as necessary to provide the Services, maintain your account, comply with legal obligations, resolve disputes, and enforce our agreements.

Your Rights

If you are located in the European Economic Area or the United Kingdom, you have the following rights regarding your personal information:

Right to access — request access to the personal information we hold about you.
Right to deletion — request that we delete your personal information.
Right to correction — request that we correct inaccurate information.
Right to portability — receive a copy of your data and request its transfer to a third party.
Right to object — object to processing based on legitimate interests or for direct marketing.
Right to restrict processing — request that we limit how we use your data in certain circumstances.
Right to withdraw consent — where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at matija.brnas10@gmail.com. We will respond in accordance with applicable law and may need to verify your identity before processing your request. We will not discriminate against you for exercising your rights.

Complaints

If you have concerns about how we handle your personal information, please contact us first. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority. In Croatia, the supervisory authority is the Agencija za zaštitu osobnih podataka (AZOP) — www.azop.hr. For a full list of EEA authorities, visit https://edpb.europa.eu.

International Transfers

We may transfer, store, and process your personal information outside the country in which you reside. Where personal information is transferred outside the European Economic Area, we rely on recognised transfer mechanisms such as the European Commission's Standard Contractual Clauses to ensure your data remains protected.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will post the revised policy on this page, update the "Last updated" date, and provide notice as required by applicable law. Your continued use of the Services following any changes constitutes your acceptance of the updated policy.