Privacy Policy for the Dream Shoes online shop
[June 2025]1 About Dream Shoes and this Privacy Policy
This Privacy Policy (“Privacy Policy”) sets out how Dream Shoes (“we”, “us”, or “our”) processes your personal data in connection with our UK online store at shopdreamshoes.com (the “Site”). In our capacity as a “controller” under the UK General Data Protection Regulation (“UK GDPR”), we are obliged to comply with statutory provisions on data protection. We value transparency, and in this Privacy Policy we provide you with the information that you need to understand and exercise your data protection rights. We explain our approach to the processing of any personal data that we may collect from you or a third party, and the purposes for which we process that personal data. When we talk about “personal data”, we mean any information which relates to an identified or identifiable living individual. Individuals might be identified by reference to a name, an identification number, location data, an online identifier (such as an IP address), or other factors that are specific to them, such as their physical appearance. Anonymised data that we may collect when you visit our Site (which cannot be directly or indirectly associated with your identity) are not considered to be your personal data.
2 How to contact Dream Shoes
Dream Shoes is the controller of your personal data. You can contact us (including to exercise any of your UK GDPR rights, as explained below) using the details provided on our Site.
3 Personal Data Processing
When you visit our Site, including when you visit (i) as a guest without registering for an online account (“Guest”), or (ii) as an online account holder, we carry out the following processing of your personal data:
| Purpose | Categories of personal data | Our UK GDPR Legal Basis for processing |
|---|---|---|
| Guests only: Processing orders submitted via the Site. | Title, first name, last name, date of birth, billing/shipping address, email address, order data, IP address, chosen payment method | Necessary for the performance of a contract between you and Dream Shoes |
| Guests only: If you use the Site as a Guest and make a payment via PayPal, you will be redirected from the shopping cart to PayPal and must log in there. Your data will then be shared by PayPal with Dream Shoes. | Title, first name, last name, billing address, email address | Necessary for the performance of a contract between you and Dream Shoes |
| We process your payment data when you make a purchase on the Site. Depending on your chosen payment method, we transmit your payment data to third-party payment processors. | Payment details (such as your name, billing address and your credit or debit card number) | Necessary for the performance of a contract between you and Dream Shoes |
| Contacting you electronically (e.g., via email) to inquire about service quality and customer satisfaction | Title, first name, last name, email address, billing/shipping address, correspondence | Consent |
| Contacting you via postal mail to inquire about service quality and customer satisfaction | Title, first name, last name, email address, billing/shipping address, correspondence | Dream Shoes’s legitimate interest in maintaining customer relationships and marketing its offerings |
| Sending general newsletters to subscribers | Title, first name, last name, email address, your interests (if you choose to provide these) | Consent |
| Email advertising for similar products to those you have already purchased from us | Title, first name, last name, email address, purchase history | Dream Shoes’s legitimate interest in marketing its offerings to pre-existing customers |
| The pursuit, defence and assertion of legal claims, and handling of proceedings before authorities (including courts) | Title, first name, last name, date of birth, billing/shipping address, email address, order data, purchase history, IP address | Dream Shoes’s legitimate interest in undertaking or defending any legal claims to which it is a party |
| Compliance with our legal obligations, including any laws, procedures and regulations that may apply to us | Any personal data that we need to process pursuant to our compliance with our legal obligations | Necessary for compliance with a legal obligation to which Dream Shoes is subject |
| Maintaining a customer blacklist in case of justified suspicion of misuse (e.g., repeated refusal to accept, fraud, repeated return of used goods, etc.) | Title, first name, last name, email address, IP address, data on the incident that justifies the suspicion of misuse | Dream Shoes’s legitimate interest in protecting its business and preventing misuse of the Site |
| Automated data collection (e.g. via cookies/web-tracking technologies) for the purpose of defending our IT systems and the Site | Hostname of the accessing computer, IP address, browser information, visited pages, date and time of visit, operating system | Dream Shoes’s legitimate interests in ensuring the security of our IT systems and the Site, and ensuring the availability of the Site |
| Processing of personal data obtained via non-essential cookies or web-tracking technologies (e.g. for analytics or marketing purposes) | Any personal data that we may collect and process through the cookies and web-tracking technologies described in section 8, below | Consent |
| When you contact us with a query or a concern | Email address, name, and any additional personal data that you choose to provide | Dream Shoes’s legitimate interest in effectively responding to your query, so that we can provide a high quality service |
| Processing of insights relating to your use of Dream Shoes web pages on social media services. We process this data jointly with Meta Platforms Ireland Limited (“Meta”). | Meta analyses your behaviour on our Facebook fan page and provides us with insights data in anonymised form | Dream Shoes’s legitimate interest in optimising and designing our Facebook fan page to suit your needs |
| Processing of insights relating to your use of Dream Shoes web pages on social media services. We process this data jointly with LinkedIn Ireland Unlimited Company (“LinkedIn”). | LinkedIn processes page insights data when you visit our LinkedIn corporate page. LinkedIn provide us with non-personally identifiable information and analyses about the use of our account or interactions with our posts in so-called page insights. For this purpose, LinkedIn processes, in particular, the data you have provided to LinkedIn Ireland through the information in your profile. | Dream Shoes’s legitimate interest in optimising and designing our corporate profile on the social network LinkedIn |
| When you visit our social media pages (e.g. via Facebook), we process some of your data when you interact with our pages or account, like or comment on our posts, respond, or provide other content. | Any personal data that are shared with Dream Shoes by the social media provider, relating to your interaction. | Dream Shoes’s legitimate interest in providing you with corresponding functions on our social media pages |
If you have registered for an online account, in addition to the processing activities described above which are relevant to account holders, we also carry out the following processing of your personal data:
| Purpose | Categories of personal data | Our UK GDPR Legal Basis for processing |
|---|---|---|
| Registering your online shop account | Title, first name, last name, date of birth, billing address, email address, your password, your online shop customer number, your purchase history | Necessary for the performance of contract between you and Dream Shoes |
| Processing orders submitted via the Site as an account holder | Title, first name, last name, date of birth, billing/shipping address, email address, online shop customer number, IP address and order data | Necessary for the performance of a contract between you and Dream Shoes |
| Maintaining customer relationships with online shop account holders through postal direct advertising of current offers (reactivation mail) | Title, first name, last name, billing/shipping address, purchase history | Dream Shoes’s legitimate interest in maintaining customer relationships and marketing its offerings |
Data Processing Purposes and Legal Grounds for Participation in the Dream Shoes Customer Program (every registered online shop account holder automatically receives all benefits of the customer loyalty program):
Overview:
- Fulfilment and processing of the Dream Shoes customer program, including program communication via email (sending of welcome greetings, sending price protection coupons, sending birthday surprises)
- Data categories: Online shop master data, Dream Shoes customer program master data, participation and collection data, purchase history, voucher data
- Legal basis: Fulfilment of the contract under Article 6(1)(b) UK GDPR
- Managing the customer relationship and history
- Data categories: Dream Shoes customer program master data, contact data, data regarding issues in the contractual relationship, support data
- Legal basis: Fulfilment of the contract under Article 6(1)(b) UK GDPR and legitimate interest under Article 6(1)(f) UK GDPR for the assertion, exercise, or defence of legal claims
- Legal enforcement, defence, and assertion of legal claims
- Data categories: Dream Shoes customer program master data, participation and collection data, purchase history (as described below), voucher data, contact data, problem data, purchase behaviour data, support data
- Legal basis: Legitimate interest under Article 6(1)(f) UK GDPR
- Customer segmentation based on analysis of purchasing behaviour with the aim of optimizing individual customer offers and sending targeted newsletters, reminders about promotions, and (review) surveys, via email, post, and by displaying these contents as push notifications in the online shop
- Data categories: Online shop master data, Dream Shoes customer program master data, participation and collection data, purchase history, voucher data
- Legal basis: Consent under Article 6(1)(a) UK GDPR
- Data analysis and advertising based on that: Display and sending of contextualized advertising (online banners, emails), including on other websites you visit, particularly on various social media platforms, based both on pseudonymous tracking of browsing behaviour for statistical purposes and the use of your pseudonymized email address via cookies from the company Criteo SA
- Data categories: Email address
- Legal basis: Consent under Article 6(1)(a) UK GDPR
Detailed Explanations:
Through your participation in the Dream Shoes customer program, in addition to the data categories mentioned in connection with the online shop and online shop account, the following personal data is processed:
- Dream Shoes customer program master data: Billing address, membership number, card number, any delivery addresses provided
- Purchase history data: Date and time, location, and content of purchases, receipt number, position number (= item position on the receipt), item number, brand of ordered or purchased products, shoe size, product characteristics (women’s product, men’s product, children’s product, sports product), sale price, transaction type (sale/exchange), type of sales point (online shop or store), number and location of the sales point
- Voucher data: Voucher ID, voucher value, voucher sending date, voucher status (created/redeemed/expired), voucher type (e.g., whether it’s a birthday voucher), validity period of the voucher (date range), creation date of the voucher, internal approval date of the voucher
- Contact data: Type of contact (e.g., sending of marketing campaigns, unsubscribing from newsletters, requests to change email addresses, sending birthday vouchers), channel (Dream Shoes customer service, email, online shop), date and time of contact, details of the contact (e.g., keywords for marketing campaigns; information about a complaint or order made by you), reference contact (fact of receiving our general online shop newsletter if you consented, fact of receiving the double opt-in email at the beginning of registration)
- Problem data: Customer account history for service, e.g., the information that the double opt-in email for registration was not confirmed or an email could not be delivered, or other problems in relation to the contractual relationship with you
- Purchase behaviour data: Number of purchases made per time period, brands and product categories purchased, where purchased (store, online shop)
- Support data: Sent advertising materials, information about which newsletters you received, fact of receiving a price protection voucher or a birthday voucher
As part of the Dream Shoes customer program, your personal data is processed for the following purposes:
a) Fulfilment and processing of the Dream Shoes customer program according to the terms and conditions of participation:
– Sending of a welcome greeting via email
– Sending of birthday vouchers via email (birthday: day, month)
– Fulfilment of the price protection promise: If, within 30 days after purchasing shoes, the price for a pair is permanently reduced, a Dream Shoes customer program member automatically receives the difference to the paid price as a voucher via email
– Sending information via email about special discount promotions that are only valid for Dream Shoes Plus customers
– Exchange of goods without a receipt for Dream Shoes customer program members (email address, first and last name, and if required for identification, also the date of birth)
Participation in the Dream Shoes customer program requires the processing of your personal data (Article 6(1)(b) UK GDPR). The mentioned processing operations are carried out for the purpose of fulfilling the contract in connection with the Dream Shoes customer program and the agreed terms and conditions with you. The provision of the above data is not legally required but is necessary for concluding the contract. Without the required data, such as particularly the master data and purchase history, we cannot fulfil our contractual obligations.
b) Managing the customer relationship and history: We process data regarding contacts with you and any issues related to our contractual relationship, e.g., if you make a complaint or there is an issue with an order. This data is processed both to fulfil the contract with you and to assert our rights in case of mutual legal claims.
c) Legal enforcement, defence, and assertion of legal claims: Our legitimate interest lies in enforcing existing and defending non-existing claims as well as processing administrative (including judicial) procedures to protect our legal position.
d) Customer segmentation based on analysis of purchasing behaviour: We form customer groups by selecting according to the following criteria:
– Salutation
– Purchase channel (store, online shop, both, never purchased)
– Percentage of sales in a particular store or stores in a geographically defined area
– Sales in a particular period (e.g., last quarter, last half year)
– Number of purchases in a certain period
– Date of last purchase
– Product categories (children’s shoes, sports shoes, women’s shoes, men’s shoes)
– Brands
– Shoe size
– Corresponding sending of newsletters tailored to these customer groups, displaying this content as a push notification in the online shop (if logged in)
e) Shopping cart and wish list reminders: Displaying push notifications in the online shop (if logged in) and sending emails:
– If a product is in the shopping cart but the order was not completed within 30 days
– If a product is in the wish list but not ordered/purchased within 30 days
f) Market Research: Internal analysis to capture the customer structure (gender, age, purchasing behaviour, average purchase value, coupon redemptions).
Processing occurs only with your consent in the following cases:
- Consent for Customer Segmentation Based on Purchasing Behaviour Analysis: Your personal and other data will only be processed for the purpose of customer segmentation based on purchasing behaviour analysis with the goal of optimizing individual offers, if you explicitly consent to this.
- Consent for Data Analyses and Advertising Based on That: Display and sending of contextualized advertisements (online banners, emails), even on other websites you visit, particularly on various social media platforms, based on both pseudonymous tracking of your browsing behaviour for statistical purposes and the use of your pseudonymized email address through cookies from Criteo SA (http://www.criteo.com). (Pseudonymized means that the name or another identifier is replaced with a code, making it difficult or impossible to identify the participant). You can withdraw your consent for receiving personalized advertising by email or post, receiving surveys, customer segmentation based on purchasing behaviour analysis, and data analysis-based advertising at any time by clicking the unsubscribe link in an email you’ve received or by contacting us through the methods provided on our Site. Each consent statement can be withdrawn separately. Processing of your data that occurred before the withdrawal remains lawful.
- Consent for Newsletter Reception: If you provide us with your consent, we use the technologies of Emarsys eMarketing Systems AG to personalize newsletter content by creating user profiles with the Emarsys Marketing Cloud. For this purpose, all data collected through the Emarsys Web Extend database are captured and stored through JavaScript commands and cookies.
For visitors who have signed up for the newsletter, our website uses JavaScript commands to collect browsing and purchase data. This data is used solely to improve our services and personalize your shopping experience. Additionally, we store the following personal data and use it to send you tailored advertisements:
- Email address
- Salutation
- First and last name
- Date of birth
- IP address
- Order data
In connection with the use of Emarsys Marketing Cloud, your data may be matched by Google and Meta. This could also lead to the transfer of personal data to the USA. Regarding the transfer of personal data to the USA, the EU Commission has issued an adequacy decision for the EU-US Data Privacy Framework (“DPF”) as per Art. 45 of the UK GDPR. Google and Meta are certified under the DPF, ensuring an adequate level of protection for the transfer of personal data. Profiling.
4 Data sharing
We only share your personal data with third-parties when we are legally permitted to do so. When we share your personal data, we put in place contractual arrangements and security measures to protect your personal data and to comply with our data protection, confidentiality and security standards and obligations. We may need to share your personal data with third parties (including other entities within our group of companies) for the reasons set out in the table below. This list is non-exhaustive and there may be circumstances where we need to share personal data for other reasons or with other third parties.
| Category of recipient | Details of the sharing |
|---|---|
| Group companies | We may share your personal data with our group companies, such as those who provide us with services related to warehousing and order picking. |
| Payment providers | Depending on the payment option that you choose when you make a purchase on the Site, we may share your personal data with third-party payment processors such as PayPal (Europe) S.à r.l. et Cie, S.C.A., Klarna Bank AB or other payment service providers. |
| Delivery and transport companies | Your personal data is disclosed to the delivery service responsible for delivery, as far as necessary for the delivery of the goods. The delivery service uses your personal data exclusively for the execution of the delivery. |
| Web-tracking service providers (including our advertising partners) | As detailed below in section 8 of this Privacy Policy, the Site deploys various cookies and web-tracking technologies (including, for example, to run the Site, to ensure the security of the Site, to improve the functionality of the Site, and to increase the effectiveness of our online marketing campaigns). We receive certain categories of personal data from those providers and, in some cases, we may share your personal data with them (including our advertising partners and social media companies who assist us with our online marketing activities). |
| Third-party suppliers who provide applications/ functionality, data processing or IT services | To support us in managing the Site and our IT systems. Such third parties may include, for example, cloud service providers, IT service providers and software service providers. |
| Auditors, lawyers, accountants and other professional advisers | To advise Dream Shoes in relation to the lawful and effective management of our organisation and in relation to any disputes we may become involved in. |
| Law enforcement or other government and regulatory agencies and bodies | If it is necessary to investigate unlawful use of our services or for legal proceedings, personal data will be disclosed to law enforcement authorities and possibly affected third parties. However, this only happens if there is a justified suspicion of unlawful or abusive behaviour. Disclosure can also occur if it serves to enforce contracts or other agreements. We are also legally obliged to provide information to certain public authorities upon request (such as law enforcement authorities or tax authorities). |
| Another corporate entity in connection with a business transition | If we are involved in a business transition such as a merger, reorganisation, acquisition by another company, or sale of any of our assets, we may share or transfer personal data to a third party. |
5 International Transfers
Where necessary to provide our Site and any associated services, we use third-party service providers located outside of the UK. In addition, Dream Shoes is a global company with worldwide operations. As a result, in certain instances it may be necessary for us to transfer your personal data to our group companies to perform certain tasks of the group. Countries outside the UK do not share the same data protection laws as the UK, and may not provide the same degree of protection for your personal data as is provided under the UK GDPR. As such, when transferring your personal data outside of the UK, we will only do so on the basis of (a) adequacy regulations issued by the UK government (which means the recipient country has been deemed to provide an adequate level of protection for personal data by the UK government); (b) the UK Extension to the EU-US Data Privacy Framework (commonly referred to as the “UK-US Data Bridge”), which allows us to transfer personal data to recipients in the United States who have signed up for the scheme; or (c) the UK International Data Transfer Addendum to the EEA Standard Contractual Clauses, or the UK International Data Transfer Agreement, each as issued by the UK’s Information Commissioner’s Office (“ICO”) and as may be updated from time to time.
For more information, please visit the ICO’s website.
6 How long will Dream Shoes retain my personal data?
Dream Shoes will process your personal data for so long as we are legally permitted under the UK GDPR and any other applicable laws or regulations to which we are subject, following which it may be destroyed by Dream Shoes without further notice or liability. Below, we set out the retention periods applicable to personal data processed following your use of the Site:
| Category of data | Retention period |
|---|---|
| Data relating to your online Site account (e.g. title, first name, last name, date of birth, postal address, email address, online shop customer number, password, IP address, membership number, card number) | For as long as the online shop account exists, and six years following its closure. |
| Billing data (first name, last name, billing/delivery address, order number, billing date, payment method, payment amount) | Six years from the contract’s termination or expiration. |
| Purchase history (date and time, place and content of purchases, receipt number, item number, article number, brand of ordered or purchased products, sales price, type of transaction (sale/exchange), type of sales outlet (online shop or store), number and location of the sales outlet) | Six years from the contract’s termination or expiration |
| Personal data collected via cookies and web-tracking tools whenever you visit the Site (e.g. purchase history, voucher data, purchasing behaviour, support data) | As long as your Site account exists, or until such time as you withdraw your consent |
| Data relating to any administrative or judicial procedures that Dream Shoes is a party to | Depending on the type of procedure, according to the usual limitation periods based on UK law |
| Details relating to your online newsletter subscription (first name, last name, email address) | Until such time that you withdraw your consent to receiving the newsletter |
| Any personal data that you share when you contact us with a query | We delete your personal data once storage is no longer necessary to provide a high quality response (e.g. after the query has been fully processed) |
7 Your rights
We would like to inform you of the following rights you hold under the UK GDPR, with respect to your personal data:
- Your right of access: You have the right to ask us for copies of your personal data. There are some exemptions, which means you may not always receive all of the information we process.
- Your right to rectification: You have the right to ask us to rectify information that you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Your right to restrict processing: You can ask us to suppress the processing of your personal data in certain circumstances, such as where you contest the accuracy of that personal data or you object to us processing it for a particular purpose. This may not mean that we will stop storing your personal data but, where we do keep it, we will tell you if we remove any restriction that we have placed on your personal data to stop us processing it further.
- Your right to data portability: This only applies to information you have given us. You have the right to ask that we transfer the information you have given us from one organisation to another, or give it to you.
- Your right to object: You have the right to object to processing if we are able to process your information because the processing is in our legitimate interests. You also have the right to object to our processing of your personal data for direct marketing purposes at any time.
- Your rights in relation to automated decision-making and profiling: You have the right not to be subject to a decision when it is based on automatic processing, including profiling, if it produces a legal effect or similarly significantly affects you, unless such profiling is necessary for the entering into, or the performance of, a contract between you and us. We do not conduct automated decision-making in relation to personal data concerning you when you use the Site.
- Your right to withdraw consent: If we rely on your consent as our legal basis for processing your personal data, you have the right to withdraw that consent at any time.
- Your right to lodge a complaint with a supervisory authority: If you have a concern about any aspect of our privacy practices, including the way we have handled your personal data, please contact us using the contact details provided on our Site. Alternatively, you can report any issues or concerns to the UK data protection regulator, the Information Commissioner’s Office (“ICO”). Contact details for the ICO can be found on its website.
To exercise any of the above rights, please contact us using the contact details provided on our Site.
8 Cookies and other web-tracking technologies
Cookies – To enable the use of certain functions on our Site and to distinguish you from other visitors, we use cookies. These are small text files that are stored on your device. Some of the cookies we use are deleted after the end of the browser session (so-called “session” cookies). Other cookies remain on your device and allow us or our partner companies to recognise your browser during your next visit (so-called “persistent” cookies).
We use various types of cookies on the Site, including:
- Strictly necessary cookies: these cookies are essential for providing the Site and therefore do not require your consent under UK privacy laws.
- Analysis and functional cookies: these cookies enable the Site to provide enhanced functionality and personalisation. They can be set by us or by third-party providers whose services we use on our pages. If you do not allow these cookies, some or all of these services may not work properly. These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our Site. They help us answer questions about which pages are most popular, which are least used, and how visitors move around the Site. All information collected by these cookies is aggregated. We require your consent to deploy these cookies (which we request through the Site’s cookie banner and cookie settings page).
- Marketing cookies: These cookies can be set by us or our partners via our Site in order to display relevant content/advertising to you on our Site, as well as on third-party websites. In the process, so-called “profiles” can be formed on the basis of your interests. We require your consent to deploy these cookies (which we request through the Site’s cookie banner and cookie settings page).
If we use cookies based on your consent (i.e. for analysis and functional cookies, and marketing cookies), you can withdraw your consent at any time by editing your cookie settings on our Site.
Tracking pixels – Tracking pixel files function similarly to cookies but are not visible to the user. If you give your consent, tracking pixels are used within the Site’s functionality to measure user behaviour, and within the newsletter to manage offers in remarketing. This data is anonymous and is not linked to personal data on the user’s computer or a database.
What cookies does the Site use? – For more information on the cookies and other web-tracking technologies that we use when you visit the Site, please see our cookie banner on shopdreamshoes.com. You can also adjust your cookie settings by selecting “Edit cookie settings” at the bottom of the Site.
Microsoft Clarity – We work with Microsoft Clarity and Microsoft Advertising to track how you use and interact with our website, using behavioural metrics, heatmaps and session replays, in order to improve and market our products and services. Website usage data is collected using first-party and third-party cookies and other tracking technologies to determine the popularity of products/services and online activities. We also use this information to optimise the website, for fraud and security purposes, and for advertising. For more information on how Microsoft collects and uses your data, please see the Microsoft Privacy Statement.
9 Security
Dream Shoes applies standard security measures via your browser – the so-called SSL encryption. Encryption of user data is done with SSL certificates (Class 2) 256-bit encryption with a maximum key length of 2048 bits. You can recognise SSL-protected areas by the lock symbol in your browser.
Secured connections are usually identifiable by their address, which begins with “https://”. If you double-click on the lock symbol, you will receive more information about the security certificate. Your personal data is securely transmitted to us through this encryption. This applies to your order and also to the customer login. Although no one can guarantee absolute protection, we secure our Site and other systems through technical and organisational measures against loss, destruction, access, alteration, or dissemination of your data by unauthorised persons. We have also taken technical and organisational security measures to protect your personal data against loss, destruction, manipulation, and unauthorised access. All our employees are committed to data secrecy, i.e., the confidential handling of personal data. Our security measures are continuously revised according to technological developments.
10 Updates to this Privacy Policy
Parts of the Privacy Policy may be changed or updated by us. If we make any updates, we will post the updated Privacy Policy on our Site. If we materially change the way in which we process your personal data, we will provide you with prior notice, or where legally required, request your consent prior to implementing such changes. Please regularly check the Privacy Policy before using our services to stay up to date with any changes or updates.