Privacy policy

Last updated: January 6, 2026

dormi (“we”, “us”, “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, share, and protect your information when you visit our website, purchase our products, or interact with us in any way.

This policy is written in accordance with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and applicable data protection laws.

1. Who We Are

dormi is a consumer wellness brand operating from the United Kingdom. We sell and ship products to customers in the UK and selected European Union countries.

For the purposes of data protection law, Dormi is the data controller of your personal data.

2. Personal Data We Collect

We collect only the data necessary to operate our business, fulfil orders, and comply with legal obligations.

This may include:

  • Identity information: name, title
  • Contact information: email address, billing address, delivery address, phone number
  • Order information: products purchased, payment status, delivery details
  • Payment information: processed securely by authorised payment providers (we do not store full card details)
  • Technical data: IP address, browser type, device information, operating system
  • Usage data: interactions with our website, pages viewed, time spent
  • Marketing preferences: opt-in or opt-out choices
  • Customer communications: emails, messages, reviews, or support enquiries
  • We do not knowingly collect personal data from children under 16.

3. How We Use Your Data

We use your personal data only where legally permitted. This includes:

  • Processing and delivering orders
  • Managing payments, refunds, and returns
  • Providing customer support
  • Sending order confirmations and service communications
  • Improving website performance and user experience
  • Conducting analytics and business planning
  • Sending marketing communications where you have consented
  • Complying with legal, tax, and regulatory obligations
  • Preventing fraud and misuse of our services

We do not sell your personal data.

4. Legal Bases for Processing

Under UK GDPR and EU GDPR, we rely on the following lawful bases:

  • Contractual necessity – to fulfil your purchase
  • Legal obligation – accounting, tax, and regulatory compliance
  • Legitimate interests – improving services, fraud prevention, business analytics
  • Consent – for marketing communications and optional cookies

You may withdraw consent at any time.

5. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Enable core website functionality
  • Remember preferences
  • Analyse website performance
  • Support marketing activities (where consent is given)

You can manage or disable cookies through your browser settings or cookie banner.

6. Data Sharing

We share personal data only with trusted third parties where necessary, including:

  • Payment processors
  • Order fulfilment and logistics partners
  • IT, hosting, and security service providers
  • Analytics and marketing service providers

All third parties are required to process data securely and in accordance with applicable data protection laws.

7. International Transfers

Some service providers may process data outside the UK or EEA. Where this occurs, we ensure appropriate safeguards are in place, such as:

  • Adequacy decisions
  • Standard contractual clauses
  • Equivalent legal protections

8. Data Retention

We retain personal data only for as long as necessary to:

  • Fulfil the purposes described in this policy
  • Meet legal, accounting, or regulatory requirements

When data is no longer required, it is securely deleted or anonymised.

9. Your Rights

Under UK GDPR and EU GDPR, you have the right to:

  • Access your personal data
  • Correct inaccurate or incomplete data
  • Request erasure (“right to be forgotten”)
  • Restrict processing
  • Object to processing
  • Data portability
  • Withdraw consent at any time
  • Lodge a complaint with the relevant supervisory authority

To exercise your rights, contact us using the details below.

10. Security

We implement appropriate technical and organisational measures to protect your personal data from unauthorised access, loss, misuse, or alteration.

No system is perfectly secure, but we design ours to be unfriendly to attackers and boring to regulators.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The most recent version will always be available on our website, with the “Last updated” date revised accordingly.

12. Contact Us

For privacy-related questions or requests, please contact:

Email: info@hellodormi.com