Privacy policy

Last updated: 06 April 2026

Chloe Dublin operates this store and website, including all related information, content, features, tools, products and services, in order to provide you, the customer, with a curated shopping experience (the "Services"). Chloe Dublin is powered by Shopify, which enables us to provide the Services to you.

This Privacy Policy describes how we collect, use, and disclose your personal data when you visit, use, or make a purchase or other transaction using the Services or otherwise communicate with us. It applies to all processing activities carried out by Chloe Dublin as data controller in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the Data Protection Act 2018.

If there is a conflict between our Terms of Service and this Privacy Policy, this Privacy Policy controls with respect to the collection, processing, and disclosure of your personal data.

Please read this Privacy Policy carefully. By using and accessing any of the Services, you acknowledge that you have read this Privacy Policy and understand the collection, use, and disclosure of your information as described in this Privacy Policy.

Data Controller

For the purposes of the GDPR and the Data Protection Act 2018, the data controller responsible for your personal data is:

Chloe Dublin
108 James's St
The Liberties
Dublin 8, D08 PV2T
Ireland
Email: support@chloedublin.com
Phone: +353 1 408 4800

Personal Data We Collect or Process

When we use the term "personal data," we are referring to information that identifies or can reasonably be linked to you or another natural person, as defined under Article 4(1) of the GDPR. Personal data does not include information that is collected anonymously or that has been de-identified so that it cannot identify or be reasonably linked to you.

We may collect or process the following categories of personal data, depending on how you interact with the Services:

  • Contact details, including your name, address, billing address, shipping address, phone number, and email address.
  • Financial information, including payment card information, financial account information, transaction details, form of payment, payment confirmation, and other payment details.
  • Account information, including your username, password, security questions, preferences, and settings.
  • Transaction information, including the items you view, put in your cart, add to your wishlist, or purchase, return, exchange, or cancel, and your past transactions.
  • Communications with us, including the information you include in communications with us, for example when sending a customer support enquiry.
  • Device information, including information about your device, browser, or network connection, your IP address, and other unique identifiers.
  • Usage information, including information regarding your interaction with the Services, including how and when you interact with or navigate the Services.

Personal Data Sources

We may collect personal data from the following sources:

  • Directly from you, including when you create an account, visit or use the Services, communicate with us, or otherwise provide us with your personal data.
  • Automatically through the Services, including from your device when you use our products or services or visit our website, and through the use of cookies and similar technologies.
  • From our service providers, including when we engage them to enable certain technology and when they collect or process your personal data on our behalf.
  • From our partners or other third parties.

Lawful Bases for Processing

Under Article 6 of the GDPR, we are required to have a lawful basis for each processing activity. We rely on the following lawful bases:

  • Performance of a contract (Article 6(1)(b) GDPR): Where processing is necessary to perform a contract with you or to take steps at your request before entering into a contract, such as processing your orders, arranging payment, and fulfilling deliveries via An Post.
  • Legal obligation (Article 6(1)(c) GDPR): Where processing is necessary to comply with a legal obligation to which we are subject, including our obligations under the Value-Added Tax Consolidation Act 2010 and other applicable Irish and EU legislation.
  • Legitimate interests (Article 6(1)(f) GDPR): Where processing is necessary for our legitimate interests or those of a third party — for example, fraud prevention, network and information security, and improving our Services — provided those interests are not overridden by your rights and interests.
  • Consent (Article 6(1)(a) GDPR): Where you have given your explicit consent to the processing of your personal data for one or more specific purposes, such as the sending of direct marketing communications by electronic means in accordance with S.I. 336/2011 (European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011, the "ePrivacy Regulations").

How We Use Your Personal Data

Depending on how you interact with us or which of the Services you use, we may use personal data for the following purposes:

  • Provide, Tailor, and Improve the Services. We use your personal data to provide you with the Services, including to perform our contract with you, to process your payments, to fulfil your orders, to remember your preferences and items you are interested in, to send notifications to you related to your account, to process purchases, returns, exchanges, or other transactions, to create, maintain, and otherwise manage your account, to arrange for shipping via An Post, to facilitate any returns and exchanges, to enable you to post reviews, and to create a customised shopping experience for you, such as recommending products related to your purchases.
  • Marketing and Advertising. We use your personal data for marketing and promotional purposes, such as to send marketing, advertising, and promotional communications by email or other electronic means, where you have provided prior consent in accordance with S.I. 336/2011 (ePrivacy Regulations), and to show you online advertisements for products or services on the Services or other websites, including based on items you have previously purchased or added to your cart and other activity on the Services.
  • Security and Fraud Prevention. We use your personal data to authenticate your account, to provide a secure payment and shopping experience, to detect, investigate, or take action regarding possible fraudulent, illegal, unsafe, or malicious activity, to protect public safety, and to secure our Services. If you choose to use the Services and register an account, you are responsible for keeping your account credentials safe. We highly recommend that you do not share your username, password, or other access details with anyone else.
  • Communicating with You. We use your personal data to provide you with customer support, to be responsive to you, to provide effective services to you, and to maintain our business relationship with you.
  • Legal Compliance. We use your personal data to comply with applicable Irish and EU law, or to respond to valid legal process, including requests from law enforcement or government agencies, to investigate or participate in civil discovery, potential or actual litigation, or other adversarial legal proceedings, and to enforce or investigate potential violations of our terms or policies.

Cookies and Similar Technologies

We use cookies and similar tracking technologies on our website in accordance with S.I. 336/2011 (ePrivacy Regulations). Non-essential cookies — including analytics and advertising cookies — are only placed on your device with your prior, freely given, and informed consent. You may manage or withdraw your cookie consent at any time through our cookie preference centre. Essential cookies that are strictly necessary for the operation of our website do not require your consent but are disclosed here for transparency.

How We Disclose Personal Data

In certain circumstances, we may disclose your personal data to third parties for legitimate purposes, subject to this Privacy Policy and in accordance with the GDPR. Such circumstances may include:

  • With Shopify, vendors, and other third parties who perform services on our behalf (e.g. IT management, payment processing, data analytics, customer support, cloud storage, fulfilment, and shipping via An Post).
  • With business and marketing partners to provide marketing services and advertise to you. For example, we use Shopify to support personalised advertising with third-party services based on your online activity. Our business and marketing partners will use your information in accordance with their own privacy notices. You may manage your preferences regarding such uses at any time via our Your Privacy Choices page.
  • When you direct, request, or otherwise consent to our disclosure of certain information to third parties, such as to ship you products or through your use of social media widgets or login integrations.
  • With our affiliates or otherwise within our corporate group.
  • In connection with a business transaction such as a merger or acquisition, to comply with any applicable legal obligations (including to respond to court orders, warrants, and similar requests), to enforce any applicable terms of service or policies, and to protect or defend the Services, our rights, and the rights of our users or others.

Relationship with Shopify

The Services are hosted by Shopify, which collects and processes personal data about your access to and use of the Services in order to provide and improve the Services for you. Information you submit to the Services will be transmitted to and shared with Shopify as well as third parties that may be located in countries other than Ireland, in order to provide and improve the Services for you.

In addition, to help protect, grow, and improve our business, we use certain Shopify enhanced features that incorporate data and information obtained from your interactions with our store, along with other merchants and with Shopify. To provide these enhanced features, Shopify may make use of personal data collected about your interactions with our store, along with other merchants, and with Shopify. In these circumstances, Shopify acts as an independent data controller and is responsible for the processing of your personal data, including for responding to your requests to exercise your rights over the use of your personal data for these purposes.

To learn more about how Shopify processes your personal data and any rights you may have, you can visit the Shopify Consumer Privacy Policy and the Shopify Privacy Portal.

Third-Party Websites and Links

The Services may provide links to websites or other online platforms operated by third parties. If you follow links to sites not affiliated or controlled by us, you should review their privacy and security policies and other terms and conditions. We do not guarantee and are not responsible for the privacy or security of such sites, including the accuracy, completeness, or reliability of information found on these sites. Information you provide on public or semi-public venues, including information you share on third-party social networking platforms, may also be viewable by other users of the Services and/or users of those third-party platforms without limitation as to its use by us or by a third party. Our inclusion of such links does not, by itself, imply any endorsement of the content on such platforms or of their owners or operators, except as disclosed on the Services.

International Transfers of Personal Data

Please note that we may transfer, store, and process your personal data outside the Republic of Ireland and the European Economic Area ("EEA"). Where we transfer your personal data outside the EEA, we will ensure that such transfers are carried out in accordance with Chapter V of the GDPR and we will rely on recognised transfer mechanisms, such as the European Commission's Standard Contractual Clauses (SCCs) or an adequacy decision by the European Commission in respect of the destination country. We will take all reasonable steps to ensure that your personal data remains protected and is treated in accordance with this Privacy Policy.

Children's Data

The Services are not intended for use by children under the age of 16. We do not knowingly collect personal data from children under 16 years of age. In Ireland, the age of digital consent is set at 16 years under Section 31 of the Data Protection Act 2018. If you are the parent or guardian of a child who has provided us with their personal data, please contact us by email at support@chloedublin.com to request that it be deleted. Upon verification, we will take prompt steps to remove such information from our records.

Security and Retention of Your Personal Data

Please be aware that no security measures are perfect or impenetrable, and we cannot guarantee "perfect security." In addition, any information you send to us may not be secure whilst in transit. We recommend that you do not use unsecure channels to communicate sensitive or confidential information to us.

How long we retain your personal data depends on different factors, such as whether we need the information to maintain your account, to provide you with the Services, to comply with legal obligations (including those arising under the Value-Added Tax Consolidation Act 2010), to resolve disputes, or to enforce other applicable contracts and policies. In all cases, we will not retain your personal data for longer than is necessary for the purposes for which it was collected, in accordance with the storage limitation principle under Article 5(1)(e) of the GDPR.

Your Rights Under GDPR

As a data subject under the GDPR and the Data Protection Act 2018, you have the following rights in relation to your personal data. These rights are not absolute and may be subject to certain conditions, limitations, and exemptions as provided by applicable law.

  • Right of Access (Article 15 GDPR). You have the right to request access to the personal data we hold about you, including information about the purposes of processing, the categories of data concerned, the recipients to whom data has been disclosed, and the envisaged retention period. This is commonly known as a Subject Access Request (SAR).
  • Right to Rectification (Article 16 GDPR). You have the right to request that we correct any inaccurate or incomplete personal data we hold about you without undue delay.
  • Right to Erasure / "Right to be Forgotten" (Article 17 GDPR). You have the right to request that we delete your personal data in certain circumstances, including where it is no longer necessary for the purposes for which it was collected, where you withdraw your consent (if consent was the lawful basis), or where the processing is unlawful.
  • Right to Restriction of Processing (Article 18 GDPR). You have the right to request that we restrict the processing of your personal data in certain circumstances, for example where you contest the accuracy of the data or where processing is unlawful but you oppose erasure.
  • Right to Data Portability (Article 20 GDPR). Where processing is based on your consent or on the performance of a contract and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to request that we transmit it directly to another data controller where technically feasible.
  • Right to Object (Article 21 GDPR). You have the right to object at any time to the processing of your personal data where that processing is based on our legitimate interests (Article 6(1)(f) GDPR). You also have an absolute right to object to the processing of your personal data for direct marketing purposes at any time, including profiling to the extent that it is related to such direct marketing.
  • Rights Related to Automated Decision-Making and Profiling (Article 22 GDPR). You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless such processing is necessary for the performance of a contract, authorised by law, or based on your explicit consent.
  • Right to Withdraw Consent. Where our processing of your personal data is based on your consent, you have the right to withdraw that consent at any time without detriment. Withdrawal of consent will not affect the lawfulness of processing carried out before the withdrawal.

To exercise any of these rights, please contact us by email at support@chloedublin.com or via our Contact Us page. We will respond to your request within one calendar month of receipt, in accordance with Article 12 of the GDPR. This period may be extended by a further two months where requests are complex or numerous, in which case we will notify you accordingly. We may need to verify your identity before we can process your request. We will not discriminate against you for exercising any of these rights.

You may also manage certain privacy and marketing preferences directly via our Your Privacy Choices page.

Managing Marketing Communications

We will only send you promotional emails or other direct marketing communications by electronic means where you have provided your prior consent in accordance with S.I. 336/2011 (ePrivacy Regulations). You may withdraw your consent and opt out of receiving marketing communications at any time by using the unsubscribe link displayed in any of our marketing emails, or by contacting us at support@chloedublin.com. If you opt out of marketing communications, we may still send you non-promotional communications, such as those about your account or orders that you have placed with us.

Complaints

If you have concerns or complaints about how we process your personal data, please contact us in the first instance by email at support@chloedublin.com or via our Contact Us page. We will endeavour to address your concern promptly and fairly.

If you are not satisfied with our response, or if you consider that our processing of your personal data infringes the GDPR or the Data Protection Act 2018, you have the right to lodge a complaint with the Data Protection Commission (DPC), the supervisory authority for data protection matters in Ireland:

Data Protection Commission
21 Fitzwilliam Square South
Dublin 2, D02 RD28
Ireland
Website: dataprotection.ie

Changes to This Privacy Policy

We may update this Privacy Policy from time to time, including to reflect changes to our practices or for other operational, legal, or regulatory reasons, including changes required by the GDPR or Irish data protection law. We will post the revised Privacy Policy on this website, update the "Last updated" date, and provide notice as required by applicable law. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data.

Contact Us

Chloe Dublin
108 James's St
The Liberties
Dublin 8, D08 PV2T
Ireland

Phone: +353 1 408 4800
Email: support@chloedublin.com
Website: chloedublin.com