DaylinNail Supply

Privacy Policy

Last updated: 30 March 2026

This policy describes how personal data is processed through the website daylin.ie.

1. Data controller

The controller of personal data is:

Daylin Nail Supply
Reg. No.: [Company Registration Number]
VAT No.: [VAT Number, if registered]
Registered address: [Registered Address, Ireland]
Data protection contact email: contact@daylin.ie

Within the meaning of Regulation (EU) 2016/679 on the protection of personal data (“GDPR”), Daylin Nail Supply is the controller of data processed through this site.

2. Who this policy applies to

This policy applies to persons who:

  • visit the site;
  • place orders;
  • request information via forms, phone or email;
  • choose online payment or other available payment methods;
  • interact with the site through technical, statistical or marketing modules, to the extent that they have given their consent where required.

3. What data we process

Depending on how you use the site, we may process the following categories of data:

a) For placing and delivering orders

  • first and last name;
  • phone number;
  • email address;
  • delivery address;
  • billing address;
  • order details;
  • notes entered by the customer in the order;
  • business entity data if you request a company invoice, such as: company name, VAT number, registration number, registered address, contact person.

b) For communication

  • name;
  • email address;
  • phone number;
  • content of the message sent.

c) For site operation and analytics

Technical data about the use of the site, such as truncated/anonymised IP address where applicable, online identifiers, device type, browser, pages visited, session duration, traffic source and interactions with the site, via tools such as Google Analytics, only under the conditions provided by applicable law and consent settings.

d) For online payment

In the case of online payment, we do not store or process your card data. Payment is processed by NETOPIA Payments, which acts as a specialised payment service provider and will process payment data in accordance with its own terms and policies.

4. Purposes and legal bases for processing

We process personal data only to the extent that a valid legal basis exists.

4.1. Processing and fulfilling orders

We process data for:

  • receiving the order;
  • confirming it;
  • picking, packing and dispatching the products;
  • issuing the receipt/invoice;
  • communicating with the customer about the order status;
  • handling order-related requests.

Legal basis: performance of a contract or taking steps at the request of the data subject prior to entering into a contract.

4.2. Compliance with legal obligations

We process certain data for:

  • accounting and tax records;
  • issuing and retaining supporting documents;
  • compliance with legal obligations to authorities.

Legal basis: compliance with a legal obligation.
Data relating to accounting and tax documents may be retained for as long as applicable accounting and tax legislation requires.

4.3. Customer communication

We process data to respond to questions, complaints or requests submitted via form, email or phone.

Legal basis: legitimate interest in responding to requests and, where applicable, pre-contractual steps or performance of a contract.

4.4. Improving the site and statistical analysis

We may process data about site usage for:

  • traffic analysis;
  • identifying technical issues;
  • improving the user experience;
  • measuring page and campaign performance.

Legal basis:

  • your consent, when we use cookies/analytics technologies that require consent;
  • legitimate interest, only for operations strictly necessary for the security and functioning of the service, where the law permits.

4.5. Marketing

If we implement commercial communications by email or SMS, we will send them only on the basis of your consent, where required by law, or under other conditions permitted by applicable legislation.

Legal basis: consent of the data subject.
You may withdraw your consent at any time without affecting the lawfulness of processing carried out before the withdrawal.

5. Whether providing data is mandatory

For placing and fulfilling an order, certain data is required. Without it, we may not be able to process the order or deliver the products.

Data used for analytics, non-essential cookies or marketing is not mandatory and is generally only processed if you have given your consent, where the law requires it.

6. Who we share data with

We may transfer your data, to the extent necessary, to the following categories of recipients:

  • hosting and IT infrastructure providers, including Vercel;
  • transactional email providers, including Resend;
  • traffic analytics and measurement service providers, including Google Analytics;
  • payment processors, including NETOPIA Payments;
  • courier and postal services involved in delivering orders;
  • technical maintenance and software development providers;
  • accountants, auditors, consultants, where necessary;
  • public authorities, where a legal obligation exists.

All providers who process data on our behalf must provide adequate guarantees regarding the security and confidentiality of data, on the basis of applicable contractual relationships.

7. International data transfers

We aim in principle to limit data processing within the European Economic Area. However, the use of services such as Vercel, Resend or certain Google services may involve the transfer of data outside the EEA, including to the United States or other jurisdictions.

In such cases, transfers will be based on mechanisms recognised by the GDPR, such as:

  • adequacy decisions, where applicable;
  • standard contractual clauses;
  • other appropriate safeguards provided by law.

8. How long we retain data

We retain data only for as long as necessary for the purposes for which it was collected, while also complying with applicable legal obligations.

As a guide:

  • data relating to orders is retained for the duration necessary to perform the contract and thereafter in accordance with accounting, tax and archiving legal obligations;
  • correspondence data is retained for as long as necessary to resolve the request and to defend a legal claim, where applicable;
  • data used for marketing is retained until consent is withdrawn or until it is no longer needed for the purpose;
  • data collected through cookies/analytics is retained in accordance with the technical settings and policies of the relevant providers and in line with your consent choices.

9. Cookies and similar technologies

The site may use cookies and similar technologies for:

  • the technical operation of the site;
  • remembering preferences;
  • measuring traffic and performance;
  • potential marketing functionalities, if implemented.

Strictly necessary cookies may be used without consent, to the extent permitted by law.
Analytics, measurement or marketing cookies that are not strictly necessary must only be activated after you have given your consent through the cookie banner / preference centre mechanism. Consent must be as easy to withdraw as it was to give.

For further details, please also consult the Cookie Policy of this site.

10. Data security

We take reasonable technical and organisational measures to protect data against unauthorised access, loss, destruction, accidental or unlawful disclosure or alteration.

However, no computer system or internet data transmission can be guaranteed to be completely secure.

11. Your rights

Under the conditions provided by the GDPR, you have the following rights:

  • the right to be informed;
  • the right of access to data;
  • the right to rectification;
  • the right to erasure;
  • the right to restriction of processing;
  • the right to data portability;
  • the right to object;
  • the right to withdraw consent at any time, where processing is based on consent;
  • the right not to be subject to a decision based solely on automated processing, including profiling, where the legal conditions are met;
  • the right to lodge a complaint with the competent supervisory authority;
  • the right to apply to the competent courts.

To exercise your rights, please contact us at: contact@daylin.ie

We will respond to requests in accordance with the timescales and conditions provided by applicable law.

12. Supervisory authority

If you believe your rights have been infringed, you may lodge a complaint with:

Data Protection Commission (DPC)
21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland
Email: info@dataprotection.ie
Phone: +353 (0)57 868 4800

13. Profiling and automated decisions

We do not ordinarily use solely automated decision-making processes that produce legal effects on you or similarly significantly affect you.

To the extent that we use aggregated or statistical data for commercial analysis and service improvement, this is not used to make solely automated decisions with legal effect on customers.

14. Minors' data

The site is not directed at minors. We do not knowingly collect personal data from minors in the absence of the applicable legal framework and the involvement of a legal representative, where required.

15. Changes to this policy

We reserve the right to update this policy periodically to reflect legislative, technical or operational changes. The updated version will be published on the site with the date of the last update.