Privacy Policy

Privacy Policy

1. Data Protection Overview

General Information
The following information provides a simple overview of what happens to your personal data when you visit our website. Personal data refers to any data that can personally identify you. Detailed information on data protection can be found in the full privacy policy below.

Data Collection on This Website
Data processing on this website is carried out by the website operator. You can find contact details in the section "Controller Information" in this privacy policy.

How Do We Collect Your Data?
Your data is collected in part when you provide it to us, for example, via a contact form. Other data is automatically collected or collected after your consent when visiting the website by our IT systems, primarily technical data (e.g., browser, operating system, time of page visit). This data is collected automatically as soon as you access the website.

Why Do We Use Your Data?
Part of the data is collected to ensure the website functions properly. Other data may be used to analyze user behavior.

Your Rights Regarding Your Data
You have the right to receive information about the origin, recipients, and purpose of your stored personal data at any time. You also have the right to request the correction or deletion of this data. If you have given consent to data processing, you may revoke this at any time. Under certain conditions, you also have the right to restrict processing. You may also lodge a complaint with the relevant supervisory authority.

2. Hosting

Shopify
This website is hosted by Shopify International Ltd., Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland. Shopify collects technical data (such as IP addresses, browser information, and timestamps) and processes order-related data (e.g., name, email, shipping & billing addresses, payment data). Shopify also uses cookies to analyze visitor traffic and customer behavior.

More information: https://www.shopify.com/legal/privacy

Processing is based on Art. 6(1)(f) GDPR – our legitimate interest in a reliable website infrastructure. Where consent is required (e.g., for cookies), processing is based on Art. 6(1)(a) GDPR and §25(1) TTDSG.

External Hosting
This site may also be hosted by third-party providers (e.g., GoDaddy Inc., 2155 E. GoDaddy Way, Tempe, AZ 85284, USA) to improve performance and reliability. The host processes only the data necessary to fulfill their service obligations.

3. General Information and Legal Bases

We treat your personal data confidentially and in accordance with legal data protection regulations and this privacy policy.

Controller Information
The controller for data processing on this website is:

Twentyfour Ecommerce – FZCO
DSO-IFZA, IFZA Properties, Dubai, UAE
Email: ohhmygeneral@gmail.com

Data Retention
Unless a specific retention period is mentioned, your data will be kept until the purpose for data processing no longer applies. Data will be deleted upon request unless legal obligations prevent us from doing so.

Legal Basis for Processing
We process your data based on:

  • Art. 6(1)(a) GDPR – consent

  • Art. 6(1)(b) GDPR – contract performance

  • Art. 6(1)(c) GDPR – legal obligation

  • Art. 6(1)(f) GDPR – legitimate interest

Recipients of Personal Data
We only share personal data with third parties when required for contract execution, legal compliance, or when we have a legitimate interest. Processors act under contractual obligation and follow our instructions.

Revoking Consent
You may withdraw your consent to data processing at any time. The legality of processing before withdrawal remains unaffected.

Right to Object Under Art. 21 GDPR
If data is processed based on Art. 6(1)(e) or (f), you have the right to object for reasons arising from your situation. If your data is processed for direct marketing, you may object at any time without needing a specific reason.

Right to Lodge Complaints
You may file complaints with the supervisory authority of your residence or relevant jurisdiction.

Right to Data Portability, Access, and Deletion
You have the right to receive your personal data in a structured, machine-readable format and, where applicable, have it transmitted to another controller.

Right to Restrict Processing
You may request restriction under certain conditions – e.g., if the accuracy of your data is contested, or processing is unlawful but you oppose deletion.

Secure Payment Processing
Payment transactions use SSL or TLS encryption to protect your data.

Objection to Marketing Emails
Use of published contact details for sending unsolicited ads is prohibited. Legal steps may be taken in the event of violations.

4. Data Collection via Cookies Our website uses cookies. Cookies are small data packages that are stored on your device. They may be session-based (deleted after your visit) or persistent (stored for longer). Cookies may be set by us (first-party) or by third parties (third-party cookies).

Cookies serve different purposes: some are necessary for technical functions (e.g., cart), while others are used for analysis or marketing.

Cookies required for electronic communication, cart functionality, or optimization (e.g., audience measurement) are stored under Art. 6(1)(f) GDPR unless another legal basis is provided. If consent is requested (e.g., via cookie banner), data is processed under Art. 6(1)(a) GDPR and §25(1) TTDSG. Consent can be revoked at any time.

You can configure your browser to accept cookies only in certain cases or delete cookies when closing the browser. Deactivating cookies may limit site functionality.

5. Contact & Communication

Contact Forms
If you contact us via a form, we store your input (e.g., name, email, message) to handle your request. Legal basis: Art. 6(1)(b) GDPR (contract performance), or Art. 6(1)(f) GDPR (legitimate interest), or Art. 6(1)(a) GDPR (if consented).

Email, Phone & Fax
If you contact us via email or phone, your data is processed for communication purposes. Legal basis: same as above.

WhatsApp Communication
We use WhatsApp Business (WhatsApp Ireland Ltd., Dublin). Communication is encrypted; however, metadata may be shared with Meta (USA). WhatsApp complies with the EU-U.S. Data Privacy Framework.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest) or Art. 6(1)(a) GDPR (consent).

6. Analytics and Advertising Tools

Klaviyo
We use Klaviyo (Klaviyo Inc., Boston, USA) for email marketing, automation, and analytics. Klaviyo may collect names, email addresses, order details, and behavior on our site. This allows us to send personalized marketing emails and analyze campaign effectiveness. Data is processed based on your consent (Art. 6(1)(a) GDPR).

More: https://www.klaviyo.com/legal/privacy

Cloudflare
To improve speed and security, we use Cloudflare (Cloudflare Inc., USA). They may process IP addresses and browser data to protect the site from attacks and ensure availability. Processing is based on Art. 6(1)(f) GDPR.

More: https://www.cloudflare.com/privacypolicy/

Meta (Facebook & Instagram)
We use Meta tools for social media marketing and analytics. If you interact with our site via embedded elements (e.g., Like buttons), Meta may collect data including your IP address, browser type, and behavior.

We are joint controllers with Meta under Art. 26 GDPR regarding data collected through plugins. You can read more about this here: https://www.facebook.com/legal/controller_addendum

Legal basis: Consent (Art. 6(1)(a) GDPR); Legitimate interest (Art. 6(1)(f) GDPR)

More: https://www.facebook.com/policy.php and https://privacycenter.instagram.com/policy

7. Social Media Plugins

Facebook
This website uses plugins from the social network Facebook (Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland). If the plugin is active, a connection to Facebook’s servers is established. Facebook receives your IP address and may link your visit to your Facebook profile if you're logged in. We have no knowledge of how Facebook uses this data.

Legal basis: Art. 6(1)(a) GDPR and §25(1) TTDSG – consent required, revocable at any time.
Shared responsibility per Art. 26 GDPR exists only for data collected and transmitted from this website. Post-transmission processing is solely Facebook’s responsibility.
More: https://www.facebook.com/policy.php
Facebook is certified under the EU-U.S. Data Privacy Framework.

Instagram
This site includes Instagram features provided by Meta Platforms Ireland Ltd., Dublin. When active, it connects to Instagram’s servers and may associate your visit with your profile.

Legal basis: Art. 6(1)(a) GDPR and §25(1) TTDSG – consent required.
We share joint control for data collected and transmitted from this site per Art. 26 GDPR. Meta is solely responsible for further processing.
More: https://privacycenter.instagram.com/policy/
Meta is certified under the EU-U.S. Data Privacy Framework.

8. Analytics & Marketing

Klaviyo
We use Klaviyo Inc. (125 Summer Street, Floor 6, Boston, MA, 02110, USA) for email/SMS marketing and customer analytics. Klaviyo processes your email, device, usage data, and marketing interactions.

Legal basis: Art. 6(1)(a) GDPR and §25(1) TTDSG – consent required and revocable.
More: https://www.klaviyo.com/legal/privacy
Klaviyo is certified under the EU-U.S. Data Privacy Framework. Data transfers to third countries are protected by Standard Contractual Clauses (SCCs).

Cloudflare
We use Cloudflare Inc. to optimize speed and security. Cloudflare may collect technical data like IP addresses.
More: https://www.cloudflare.com/privacypolicy/
Legal basis: Art. 6(1)(f) GDPR – legitimate interest in security and performance.

9. Newsletter

To subscribe to our newsletter, we require your email address and verification of your ownership/consent.

Legal basis: Art. 6(1)(a) GDPR – consent (revocable at any time).
Data is stored until you unsubscribe. Unsubscribed emails may be blacklisted to prevent future emails, based on our legitimate interest (Art. 6(1)(f) GDPR).

10. eCommerce & Payment Providers

Order Fulfillment & Contract Data
We process contract and customer data (Art. 6(1)(b) GDPR) and retain it per legal retention periods.

Third-Party Fulfillment (Dropshipping)
Some orders may be fulfilled by suppliers on our behalf. We share shipping details with them solely for fulfillment purposes (Art. 6(1)(b), Art. 6(1)(f) GDPR).

Payment Services
We integrate third-party payment processors. When purchasing, your data (name, amount, method) is shared with providers under contract.

Legal basis: Art. 6(1)(b) and (f) GDPR; consent (Art. 6(1)(a)) if applicable.

Included Providers:

11. Final Notes

We reserve the right to update this policy as needed. The current version is always available on our website.

All legal policies on this website are provided in English for clarity and international accessibility.