Privacy Policy

 

Last updated: 15-10-2025

 

This privacy statement describes how MERRACHI (the "Website", "we", "us" or "our") collects, uses and discloses personal data when you visit the Website, use our services or make a purchase through bymerrachi.com (the "Website") or otherwise communicate with us (collectively, the "Services"). For the purposes of this privacy statement, "you" and "your" means the user of the Services, whether you are a customer, website visitor, or any other individual from whom we have collected (personal) data in accordance with this privacy statement.

 

Please read this privacy statement carefully. By using or accessing any of the Services, you agree to the processing of your personal data as described in this privacy statement. If you do not agree to this privacy statement, we ask that you do not use the Services. 

How do we process your personal data?

In order to provide the Services, we collect personal data from you. This can be done, as described below, for various purposes. The personal data we process varies depending on how you interact with us.

In addition to the purposes described below, we may use the information we collect about you to communicate with you, provide the Services, comply with legal obligations, enforce applicable terms and conditions, and to protect or defend the Services, our rights, and those of our users or third parties.

What Personal Information We Collect

The types of personal data we process about you depend on how you use our Website and interact with our Services. When we use the term "personal data," we mean information that identifies, relates to, describes you, or can otherwise be connected to you. The purposes below provide an overview of the categories and specific types of personal data that we process.

For what purpose do we process your personal data? 

Depending on the Services you want to use, it is necessary in some cases to process (part of) your personal data. We process your personal data, depending on the matter, for the following purposes:

 

  • Delivery of Products and Services: We process your personal data to provide the Services, including processing payments, fulfilling orders, sending notifications related to your account, purchases, exchanges, and or returns or other transactions, creating, maintaining, and managing your account, shipping your order, facilitating exchanges and/or returns, and enabling product reviews.
  • Customer service: We only process the personal data that is strictly necessary to handle or resolve your request or request and to improve our services. We do this so that we can respond quickly and effectively to your questions and requests and maintain our relationship with you. If you contact us by phone, the conversation may be recorded for training and quality purposes.
  • Marketing and advertising: We may process your personal data for marketing purposes. By personalizing the Services we provide to you and providing recommendations based on your interactions with us through the account and an analysis of your usage profile that allows us to better tailor our Services to your preferences. We do this through the various channels (such as email and/or SMS). In addition, we may provide you with this information via push notifications if you have activated it on your device.
  • Improving services: If you use the Services, we inform you that we will process your browsing data for analytical and statistical purposes. This means that we can understand how users interact with our Services and the actions we take on other websites and applications that help us improve our services. 
  • Security and fraud prevention: We use your personal information to detect, investigate, or deter potential fraudulent, illegal, or harmful activity. If you decide to use our Services and create an account, you are responsible for keeping your account information secure. We strongly recommend that you do not share your username, password, or other credentials with others. If you believe someone has gained unauthorized access to your account, please contact us immediately so we can take action quickly. If we suspect that a transaction is fraudulent, illegal, or harmful, or detect abnormal behavior that indicates possible fraudulent use of our services, there may be consequences, such as blocking the transaction or deleting your account.  

What is the basis for processing your personal data?

When processing personal data, we strictly comply with the legal requirements. Below we explain the legal bases on which we process your data.

We ensure that your data is only processed if there is a legitimate basis for doing so. 

  • Provision of products and services: The processing of your data is necessary for the execution of the agreement you enter into with us. 
  • Customer service: The processing of your data is necessary for customer service where We believe that there is a legitimate interest. The processing of your data is also beneficial for you, as it enables Us to adequately assist you and provide answers to your questions. Where your request concerns the exercise of your rights under the General Data Protection Regulation, we are legally permitted to process your data in order to comply with our legal obligations. 
  • Marketing and Advertising: We may process your personal data for marketing purposes because you give us consent , for example, to personalize the Services we provide to you, provide recommendations based on your interactions with us through the account, and an analysis of your usage profile that allows us to better tailor our Services to your preferences. In addition, we may provide you with this information via push notifications if you have activated it on your device.
  • Improving services: We may process your (personal) data because we have a legitimate interest in analyzing the usability of our Services and the user's customer satisfaction.
  • Security and fraud prevention: We may also process your (personal) data in the context of security and fraud prevention. We do this because we believe we have a legitimate interest in carrying out the necessary checks to detect and prevent potential fraud or fraudulent use of our Services. 

Which categories of (personal) data do we process?

Information that you provide directly to us through our Services may include the following categories of information:

 

  • Basic data such as your (first and last) name, address, contact details, language preference and the country from which you contact us
  • Financial and transaction data: for example, your payment or card details, information about your purchases, orders, exchanges and returns, etc. 
  • Account information, including your username, password, security questions.
  • Information about your purchases, such as the items you view, add to your shopping cart or add to your wish list.
  • Customer service information, including the information you choose to provide in communications with us, such as when you send a message through the Services.

Certain features of the Services may require you to provide specific information about yourself directly to us. You may choose not to share this information, but doing so may result in you not being able to use or access these features. An example of this could be that you as a user are unable to register or use our Services and benefits. 

What information do we process through third parties?

We offer functionalities that make it necessary to share personal data about you, as a user, with third parties who support us in providing the services we offer. This includes suppliers and/or service providers who collect information on our behalf, namely:

 

  • Financial institutions, which collect payment information to process your payment and fulfill your orders.
  • Service providers and partners of service providers in the field of logistics, transport and deliveries
  • Service providers and partners of service providers who support our Website and Services, for example, IT management, customer service, payment processing, data analytics, cloud storage. 
  • When you request us, designate us, or otherwise consent to the provision of certain information to third parties, for example, for shipping products or through your use of social media widgets or login integrations, with your consent.
  • Business and Marketing Partners When you visit our website, open emails, or click on links in emails we send to you, or interact with our Services or advertisements, we, or third parties we work with, may automatically collect certain information through online tracking technologies, such as pixels, web beacons, software development kits, third-party libraries, and cookies.
  • In connection with a corporate transaction, such as a merger or bankruptcy, to comply with applicable legal obligations (including responding to subpoenas, search warrants, and similar requests), to enforce applicable terms of use, and to protect or defend the Services, our rights, and the rights of our users or others.

In the past 12 months, we have disclosed the following categories of personal data and sensitive personal data (marked with *) about users for the purposes set out above:

 

Category Categories of Recipients
  • Identification data, such as basic contact details and certain order and account information.
  • Commercial information, such as order information, store details, and customer service information. 
  • Internet or other similar network activity, such as usage data. 
  • Suppliers and third parties who perform services on our behalf (such as internet service providers, payment processors, fulfilment partners, customer service partners and data analytics providers).
  • Business and marketing partners
  • Affiliates


We do not use or provide sensitive personal data to draw conclusions about you.  In the past 12 months, we have "sold" and "shared" personal information (as those terms are defined in applicable law) for the purpose of advertising and marketing activities, as described below.

 

Category of Personal Information Categories of Recipients
Identification data, such as basic contact details and certain order and account information. Business and marketing partners
Commercial information, such as details of purchased products or services and shopping information. Business and marketing partners
Internet or other similar network activity, such as usage data. Business and marketing partners


Any information we obtain from third parties will be treated in accordance with this privacy statement. We are not responsible for the accuracy of information provided to us by third parties. In addition, we are not responsible for the policies or practices of third parties. For more information, see the section below on third-party websites and links.

Storing and securing your personal data. 

The retention periods of your data depend on the purpose for which we process the data, as explained below:

 

  • Provision of products and services: Personal data necessary for the processing of your order will be kept for as long as necessary for the execution of the agreement. This means that data will be retained until the transaction is fully settled, including the return period and any legal warranty periods (typically 7 years, in line with tax obligations).
  • Customer service: Data processed for the purpose of answering questions or solving problems will be kept for a maximum of 2 years after the last moment of contact, unless this data is necessary for other purposes such as legal obligations.
  • Marketing and advertising: For marketing purposes, we will retain your data for as long as you have consented to this or until you unsubscribe from marketing communications. Once you opt out, your data will be deleted within 30 days, unless it is necessary for other legitimate purposes.
  • Improving services: Data processed for analytical and statistical purposes is anonymized where possible. Non-anonymized data will be kept for a maximum of 1 year after collection.Security and fraud prevention: Data processed to prevent fraud or illegal activities will be retained for as long as necessary to detect, investigate, and prevent potential fraud. This can vary depending on the nature of the activities, but is usually no longer than 5 years, unless legal requirements prescribe a longer period.
  • Security and fraud prevention: Data processed to prevent fraud or illegal activities will be retained for as long as necessary to detect, investigate, and prevent potential fraud. This can vary depending on the nature of the activities, but is usually no longer than 5 years, unless legal requirements prescribe a longer period.

Technical and organizational measures

 

The retention periods of your data depend on the purpose for which we process the data, as explained below.

 

We take appropriate technical and organisational measures to protect your personal data against loss, theft, unauthorised access, unwanted disclosure and unlawful processing. Examples of these measures are:
Technical measures:

 

  • Use of a secure platform for our customer administration (Shopify), including encryption of data during transmission and storage.
  • Regular software updates and security patches to ensure that our system meets the latest security standards.
  • Access to personal data is restricted to authorized personnel and protected with strong passwords and two-step verification.
    Organizational measures:
  • Policies and procedures to ensure that personal data is only used for specific purposes.

  • Regular training of employees on data protection and privacy.

  • Cooperation with certified third parties that comply with the applicable laws and regulations. 

Please note that while we take all reasonable steps to protect your data, no system is completely secure. We cannot fully guarantee the security of data during transmission over the Internet.

Cookies and the information we process

Like many other websites, we use cookies on our Website. For detailed information about the cookies we use in connection with the operation of our webshop via Shopify, please consult the following link: https://www.shopify.com/legal/cookies. We use cookies to improve the Website and our Services. This includes remembering your actions and preferences, performing analytics, and gaining a better understanding of how the Services are used.

 

We automatically collect certain information about your use of the Services, which we refer to as "Usage Data." To collect this information, we may use cookies, pixels, and similar technologies ("Cookies"). Usage Data may include information about how you access and use our Website, as well as data about your account. This may include details such as the device you are using, the browser you have, information about your network connection, your IP address, and other data related to how you interact with the Services. 

Most web browsers automatically accept cookies, but you can choose to delete or block cookies through your browser settings. However, please note that deleting or blocking cookies may negatively impact your user experience, which may cause some features of the Services to malfunction or become unavailable.

User-Generated Content

The Services may provide you with the opportunity to post product reviews and other user-generated content. If you decide to post such content in a public area of the Services, it will become visible and accessible to everyone.  

We do not control who has access to the information you share and cannot guarantee that those who access it will respect your privacy or keep it secure. We are not responsible for the privacy or security of any information you disclose yourself, nor for the accuracy, use, or misuse of any information you provide or receive from third parties.  

Third-party websites and links  

Our website may contain links to websites or other online platforms operated by third parties. When following these links to websites that are not operated or controlled by us, we encourage you to carefully read their privacy and security policies, as well as other terms. We cannot guarantee and are not responsible for the privacy and/or security of such websites, nor for the accuracy, completeness or reliability of the information provided there.  


Information you share on public or semi-public platforms, including on third-party social networks, may also be visible to other users of our Services and/or users of those third-party platforms, without restrictions on use by us or by third parties. The provision of such links does not automatically imply that we approve the content of these platforms or their owners and administrators, unless otherwise stated in our services.

Exercising your rights

You can exercise your rights described below in relation to the processing of your personal data. However, these rights are not absolute and apply in certain cases. In some situations, we may reject your request, to the extent permitted by law and regulations.

 

  • Right of access: You have the right to request access to the personal data we hold about you, including information about how we use and share your data.
  • Right to erasure: You have the right to request us to delete all or part of your personal data, insofar as this is applicable according to the laws and regulations.
  • Right to rectification: You have the right to correct inaccurate or outdated personal data that we hold about you.
  • Right to data portability: You have the right to receive a copy of the personal data we hold about you and, in certain cases, to transfer this data to a third party.
  • Right to restrict processing: You have the right to ask us to stop or restrict the processing of your personal data, under certain conditions.
  • Right to withdraw consent: Where we process your personal data on the basis of consent, you have the right to withdraw this consent at any time.
  • Management of communication preferences: We may send you emails for advertising purposes, but you can unsubscribe at any time using the unsubscribe link in our emails. Please note that even if you opt out, we may still send you important non-promotional emails, such as messages about your account or orders.

Further, you have the right to request that we not "sell" or "share" your personal data, or to opt out of processing your data for targeted advertising, as defined by applicable law. Please note that if you visit our website with the Global Privacy Control opt-out setting enabled, depending on your location, we will automatically consider this as a request to exclude the "sale" or "sharing" of your data for the device and browser you are using.

 

If we are unable to honour your request, you have the right to appeal our decision. You can do this by responding directly to our refusal.

 

If you have any complaints about the processing of your personal data, you can contact us using the contact details below. If you are not satisfied with our response, you have the right to appeal our decision. This can be done by contacting us again or submitting your complaint to the Supervisory authority in the EU member state.

 

You can exercise the rights listed above as indicated on our website, or by contacting us using the contact details below.  
However, we may need to collect certain information from you, such as your email address or account information, in order to verify your identity before we can provide a substantive response to your request.  


Under applicable law, you may appoint an authorized representative to make requests on your behalf to exercise your rights. Before we accept such a request from an agent, we will ask for proof that you have given them permission to act on your behalf. We may also require you to verify your identity directly with us.

Transfer of personal data outside the European Economic Area

We may store and process your personal data outside of your country of residence, including the United States. Your data may also be processed by our staff and third-party service providers and partners in these countries.  


When we transfer your personal data outside of Europe, we will use recognised data transfer mechanisms, such as the European Commission's Standard Contractual Clauses, or equivalent contracts approved by the competent authority. This applies unless the transfer takes place to a country that has been recognised by the European Commission or other competent authorities as having an adequate level of protection for personal data.

Contact us

If you have any questions about our policies or this privacy statement, or if you would like to exercise any of your rights, please contact us at legal@bymerrachi.com.  
For the purposes of the relevant data protection laws, we are the controller of your personal data.

Changes to this Privacy Statement

We may update this privacy statement as necessary, for example to reflect changes or for other operational reasons and/or laws and regulations. We will post the revised privacy statement on the Website, update the date of the "Last Updated" listing, and take other steps required by applicable laws and regulations, such as notifying you personally in some cases.