Privacy Policy

How we collect, use, and protect your data. Last updated:

Effective date:
Controller: [BrandMerchLab AB], [Address], contact: privacy@brandmerchlab.com.

1. Scope

This Policy describes how we process personal data when you use our website, forms, stores we operate for clients, and when we provide Services.

2. Categories of Data

Identification and contact (name, email, phone, social handles, company, role).
Commercial and storefront data (orders, returns, SKUs, preferences).
Technical (IP, device, cookies, logs).
Communications (messages, support, call notes).
Billing where applicable (limited payment metadata; card details handled by payment processors).

3. Sources

Directly from you; from Client systems you authorize; from storefront and fulfillment platforms; from analytics/ads tools; and from publicly available sources.

4. Purposes & Legal Bases

Provide and operate Services; fulfill orders; support — contract.
Configure storefront, payments, shipping, analytics — contract/legitimate interests.
Improve security, prevent abuse, and analytics — legitimate interests.
Marketing with your opt-in where required — consent.
Legal compliance — legal obligation.

5. Sharing

We share data with processors strictly as needed to provide the Services: hosting, email, project tools, analytics, payment providers, storefront and POD/fulfillment partners, and advertising platforms. We require appropriate safeguards and DPAs where applicable.

6. International Transfers

Where data is transferred outside your jurisdiction, we rely on appropriate safeguards (e.g., SCCs or equivalent).

7. Retention

We retain data only as long as necessary for the purposes above, to meet legal obligations, or to resolve disputes, after which we delete or anonymize it.

8. Your Rights

Subject to law: access, rectification, erasure, restriction, portability, and objection. Where processing is based on consent, you may withdraw it at any time (does not affect prior processing). Exercise rights via privacy@brandmerchlab.com. You may lodge a complaint with your supervisory authority.

9. Cookies and Similar Tech

See our Cookie Policy for details and how to change preferences.

10. Security

We use appropriate technical and organizational measures to protect personal data, proportionate to risk.

11. Children

Our Services are not directed to children under 16. We do not knowingly collect their data.

12. Changes

We may update this Policy; material changes will be signposted on the site with the effective date.