Daruma Tattoo | darumatattoo.shop | Last updated: June 2026

1. Who We Are

Daruma Tattoo is an e-commerce store selling tattoo aftercare products. Our website is darumatattoo.shop and we are based in Sweden, operating within the European Union.

For any privacy-related questions or requests, please contact us at:

Email: info@darumatattoo.shop

2. Our Commitment to GDPR

We are committed to protecting your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and Swedish data protection law. As a data controller established in Sweden, we are subject to the oversight of the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY).

We only collect and process personal data when we have a valid legal basis to do so. The legal bases we rely on are:

  • Contract performance – processing is necessary to fulfil your order or provide a service you have requested (Article 6(1)(b) GDPR).
  • Legal obligation – processing is required to comply with applicable law, such as Swedish bookkeeping and tax regulations (Article 6(1)(c) GDPR).
  • Legitimate interest – for example, to prevent fraud and improve our services, where these interests are not overridden by your rights (Article 6(1)(f) GDPR).
  • Consent – for optional communications such as marketing emails, where you have explicitly opted in (Article 6(1)(a) GDPR). You may withdraw consent at any time.

3. What Personal Data We Collect

When you place an order

When you shop with us, we collect information including:

  • Name and billing / shipping address
  • Email address and phone number
  • Order details and purchase history
  • Payment method (note: we do not store full card details – see Section 6)
When you create an account

If you create an account on our site, we store your name, email address, and a hashed password. You may also save an address and view your order history.

When you browse the site

We may collect technical information about your visit through cookies and similar technologies, including your IP address, browser type, and pages visited. See Section 8 (Cookies) for details.

Marketing communications

If you choose to receive marketing emails from us, we store your email address and your consent record for that purpose. You can unsubscribe at any time via the link in any marketing email or by contacting us at info@darumatattoo.shop.

4. How We Use Your Data

  • To process and fulfil your orders and send order confirmations and shipping updates.
  • To manage your customer account.
  • To handle returns, refunds, and customer support requests.
  • To send marketing emails, only where you have opted in.
  • To comply with legal and tax obligations under Swedish law.
  • To detect and prevent fraud or abuse of our website.

5. How Long We Keep Your Data

We retain your data only for as long as necessary for the purposes described in this policy:

  • Order data is kept for 7 years in accordance with the Swedish Bookkeeping Act (Bokföringslagen).
  • Account data is retained for as long as your account is active. You may request deletion at any time.
  • Marketing consent records are kept until you withdraw consent, and for a short period thereafter as proof of consent.

6. Who We Share Your Data With

We do not sell your personal data. We share data only with trusted third-party service providers who process it on our behalf, and only to the extent necessary:

Payment processing – Mollie

Payments are processed by Mollie B.V. When you pay, you are redirected to Mollie’s secure environment. Mollie processes your payment data as an independent data controller under their own privacy policy, available at mollie.com/privacy.

Hosting – Hostinger

Our website is hosted on Hostinger. Your data is stored on their servers in accordance with their data processing terms.

Shipping providers

We share your name and delivery address with our shipping carriers in order to deliver your order.

Email service

We use our business email to send order confirmations and customer communications. Our email provider may process message data as part of that service.

Legal or regulatory authorities

We may disclose your data if required to do so by law or in response to a lawful request from a public authority (e.g. the Swedish Tax Agency or law enforcement).

7. International Data Transfers

Some of our service providers may be located outside the European Economic Area (EEA). Where this is the case, we ensure that appropriate safeguards are in place — for example, Standard Contractual Clauses approved by the European Commission — to protect your data in accordance with GDPR requirements.

8. Cookies

Our website uses cookies to make it function correctly and to improve your experience. The main cookies we use are:

  • Session cookies – to keep your shopping cart active during your visit.
  • Authentication cookies – to keep you logged into your account.
  • Analytics cookies – to understand how visitors use our site (where applicable and with consent).

You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of the site (for example, your cart may not work correctly).

9. Your Rights Under GDPR

As a person based in the EU/EEA, you have the following rights regarding your personal data:

  • Right of access – you may request a copy of the personal data we hold about you.
  • Right to rectification – you may ask us to correct inaccurate or incomplete data.
  • Right to erasure – you may request deletion of your data, subject to legal retention obligations.
  • Right to restriction – you may ask us to limit how we use your data in certain circumstances.
  • Right to data portability – you may request your data in a commonly used, machine-readable format.
  • Right to object – you may object to processing based on legitimate interest or for direct marketing purposes.
  • Right to withdraw consent – where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.

To exercise any of these rights, please contact us at info@darumatattoo.shop. We will respond within 30 days. You also have the right to lodge a complaint with the Swedish supervisory authority:

Integritetsskyddsmyndigheten (IMY)

Website: imy.se

10. Data Security

We take reasonable technical and organizational measures to protect your personal data against unauthorized access, loss, or misuse. Our site uses HTTPS encryption. Payments are handled entirely by Mollie in a PCI-DSS compliant environment — we never see or store your full card details.

11. Changes to This Policy

We may update this privacy policy from time to time. The date at the top of this page reflects when it was last revised. Significant changes will be communicated via email or a notice on our website.

12. Contact Us

If you have any questions about this policy or how we handle your data, please reach out:

Email: info@darumatattoo.shop

Website: darumatattoo.shop