Privacy policy
Privacy Policy
Current version dated 20 April 2026.
This Privacy Policy (hereinafter — the "Policy") defines the procedure for processing the personal data of users of the online store dukhmian.com (hereinafter — the "Site"). The controller of personal data is individual entrepreneur Sydorak S.O. (hereinafter — "DUKHMIAN," "we"), acting in accordance with the Law of Ukraine No. 2297-VI "On Personal Data Protection," Regulation (EU) 2016/679 (GDPR), and other applicable regulations.
By using the Site or placing an order, You confirm that You have read this Policy and consent to the processing of Your personal data on the terms set out below.
1. Terms and Definitions
1.1. Personal data — information or a set of information about a natural person who is identified or can be specifically identified.
1.2. Controller of personal data — DUKHMIAN (individual entrepreneur Sydorak S.O.), which determines the purposes of personal data processing and owns the personal data database.
1.3. Data subject — the natural person whose personal data is being processed (hereinafter — "You," "User").
1.4. Processing of personal data — any action or set of actions performed with personal data, including collection, registration, storage, adaptation, modification, updating, use, dissemination, depersonalisation, and destruction.
2. Personal Data We Process
2.1. When placing an order, You provide: surname, first name, email address, phone number, and delivery address (country, city, post office or street).
2.2. When visiting the Site, the following data is collected automatically: IP address, browser and operating system type, date and time of visit, URLs of pages viewed, and cookie data.
2.3. In connection with transactions, we record the payment amount, currency, payment status, and transaction identifier. We do not collect or store payment details (card number, CVV, expiry date) — these are processed exclusively by certified payment providers.
3. Purposes and Legal Bases of Processing
3.1. Performance of the sales contract — processing and delivery of the order, communication regarding order status, refunds. Legal basis: Article 11 part 1 paragraph 2 of Law No. 2297-VI; Article 6(1)(b) GDPR.
3.2. Legal compliance — tax accounting, fiscal reporting, and maintenance of primary documents. Legal basis: Art. 11, Part 1, Clause 3 of the Law of Ukraine No. 2297-VI; Art. 6(1)(c) GDPR.
3.3. Marketing communications — newsletters, promotional offers, and information about new products. Carried out exclusively with your separate consent. Legal basis: Art. 11, Part 1, Clause 1 of the Law of Ukraine No. 2297-VI; Art. 6(1)(a) GDPR.
3.4. Analysis and improvement of the Website based on the Controller's legitimate interest. Legal basis: Art. 6(1)(f) GDPR.
4. Transfer of data to third parties
4.1. We do not sell or transfer your personal data to third parties for commercial purposes.
4.2. Payment providers (Hutko) receive the minimum amount of data necessary for processing payments.
4.3. Postal operators — LLC "Nova Poshta", JSC "Ukrposhta", as well as international partner carriers in the case of international shipping — receive the data necessary to fulfill the delivery of your order.
4.4. Fiscalization services (Checkbox) receive the data necessary to generate fiscal receipts in accordance with legal requirements.
4.5. Hosting provider Shopify Inc. receives data required to ensure the Website's operation.
4.6. Government authorities receive data solely in cases and within the scope provided for by applicable law.
5. Cross-border data transfers
5.1. Some of our partners (in particular, Shopify Inc.) are located outside Ukraine and the EU. In such cases, data is transferred on the basis of Standard Contractual Clauses approved by the European Commission, or under the recipient's certification in accordance with GDPR.
6. Retention periods
6.1. Personal data related to order fulfillment is stored for 7 (seven) years from the date of the transaction — in accordance with the requirements of the Tax Code of Ukraine regarding the retention periods for primary documents.
6.2. Data processed on the basis of consent (marketing communications) is stored until the consent is withdrawn.
6.3. Cookie data is stored for the periods defined in the settings of each cookie, but no longer than 12 months.
7. Cookies
7.1. The Website uses strictly necessary cookies — for the operation of the shopping cart, authentication, and core functionality of the Website. Such cookies do not require consent.
7.2. The Website uses analytical cookies — for collecting anonymized visit statistics. Such cookies are used exclusively with your consent.
7.3. You can disable cookies in your browser settings. However, this may result in reduced Website functionality.
8. Rights of the data subject
8.1. Under Art. 8 of the Law of Ukraine No. 2297-VI and Art. 15–22 GDPR, you have the right to be informed about the processing of your personal data, to access it, and to request correction of inaccurate or incomplete data.
8.2. You have the right to request the deletion of your data ("right to be forgotten"), except where processing is mandatory under the law.
8.3. You have the right to restrict processing and to object to processing.
8.4. You have the right to receive your data in a structured, machine-readable format (data portability).
8.5. You have the right to withdraw your consent to data processing at any time.
8.6. You have the right to lodge a complaint with the Ukrainian Parliament Commissioner for Human Rights (https://ombudsman.gov.ua) or with the relevant supervisory authority in an EU Member State.
8.7. To exercise your rights, send a request to info@dukhmian.com. A response will be provided within 30 (thirty) calendar days.
9. Data security
9.1. We apply technical and organizational data protection measures: SSL/TLS encryption of the connection, restricted database access, regular software updates, and secure storage of credentials.
9.2. Despite the measures applied, no method of transmitting data over the Internet is completely secure, and therefore we cannot guarantee 100% security.
10. Children's data
10.1. The Website is not intended for persons under 16 years of age. We do not knowingly collect personal data from children. If such data is discovered, it will be deleted immediately.
11. Changes to the Policy
11.1. We reserve the right to make changes to this Policy. The current version is always published on this page, indicating the date of the last update.
11.2. Material changes are additionally communicated by email to users who have consented to receive communications.
12. Controller's contacts
12.1. DUKHMIAN (Individual Entrepreneur Sydorak S.O.)
12.2. Email: info@dukhmian.com
12.3. Website: dukhmian.com
12.4. For all questions regarding the processing of personal data, please contact us at the email address indicated above.