Domerce | Privacy Policy

1. WHY SHOULD YOU READ THIS PRIVACY POLICY?

Welcome! This Privacy Policy (“Policy”) explains how Domerce LTD (operating under various Wellness brands) ("Company", "we", "us", or "our") handles personal data about you (“Personal data” or “Data”) when you:

visit our representative website https://domerce.ltd (“Website”);
have business or contractual relationship with us;
or otherwise interact with us (support, social media, contests, affiliate programs, etc.).

This Policy explains what Personal Data we collect, its purposes, how we use and share it, how long we retain it, how we protect it, and your rights. We process Personal Data lawfully, fairly, and transparently in accordance with the UK Data Protection Act, UK GDPR, EU GDPR, the ePrivacy Directive, and other applicable data protection laws.

Note: This Website is purely representative and does not sell products or services directly. Each brand we represent operates under its own privacy policy, available on its respective website.

If you do not agree with this Policy, please refrain from using the Website or submitting your Data. This Policy is effective as of 9th of February 2026. We may update it from time to time; updates take effect upon publication.

2. WHO IS RESPONSIBLE FOR PROTECTING YOUR PERSONAL DATA?

We are: Domerce LTD, your Personal data Controller

Our company number is: 16444636

Our registered address: Unit 22, 3 - 5, Shelford Place, London, England, N16 9HS, United Kingdom.

Our support e-mail address: support@domerce.ltd

We have appointed a Data Protection Officer (DPO) to oversee our data protection obligations. You can contact the DPO directly at: legal@domerce.ltd

3. FOR WHAT PURPOSES AND WHAT DATA DO WE COLLECT?

We only collect the Data we truly need – and only use it for clear, lawful reasons e.g. to respond to your enquiries, maintain communication, ensure Website functionality, etc. You can find a full list of purposes, what Data we collect, how we use it and much more detailed information in Section 11 of this Policy.

Here are also few important things for you to know:

Lawful basis: We process Data only where we have a lawful basis, including contract, consent, legal obligation, or legitimate interest.
Sensitive Data: We do not intentionally collect or process sensitive Personal Data (like your health, religious beliefs, or biometric data).
Automated tools and AI: We may use automated or AI-supported tools (e.g. chatbots) to support communication, but we do not use automated decision-making producing legal or similarly significant effects under Article 22 GDPR.
No sale of Data: We do not sell Personal Data.
Children’s data: This Website is not intended for minors, and we do not knowingly collect Personal Data from children.

4. FROM WHAT SOURCES DO WE GET YOUR DATA?

We might collect Data from the following source (-s):

Directly from you: When you interact with us - contact us, submit forms, or communicate with us via various channels.
Automatically via technology: through cookies, logs, and similar technologies when you use the Website.
From third parties, vendors, and service providers: When we receive services from third party providers – such as hosting platforms, software providers, or professional consultants.
From other Intra-group companies (if applicable): Where necessary for internal administrative, service provision, or business development purposes, we may receive your Data from other entities within our corporate group.
From publicly available sources (if applicable): Where appropriate and permitted by law, we may collect personal data from public registers (e.g. company registries, professional association websites), official government databases, or social media profiles (e.g. LinkedIn), particularly in the context of business-to-business (B2B) communication or due diligence.

5. DO WE SHARE YOUR DATA WITH OTHERS?

We may share limited Personal Data with trusted third parties where necessary to provide our services, meet legal obligations, or support our day-to-day business operations. Whenever we do so, we ensure that your Data is handled lawfully, securely, and responsibly. Third parties that process Personal Data on our behalf act as Data Processors and are bound by Data Processing Agreements (DPAs). These agreements require them to process Data only on our instructions, apply appropriate security measures, and not use the Data for their own purposes.

We may share your Data with:

Service Providers (Data Processors): such as IT support, hosting providers, analytics, professional advisors, and other business support services.
Intra-Group Companies (Data Processors or Joint Controllers): where necessary for internal administrative, operational, or service-related purposes.
Public authorities and other Data Controllers: including regulators, law enforcement authorities, courts, insurers, or fraud prevention bodies, where required by law.
Other corporates or auditors: in connection with a merger, acquisition, restructuring, or similar corporate transaction.
Other third parties with your consent: where you have provided explicit and informed consent, or where legally required.

6. HOW LONG WE KEEP DATA?

We keep your Data only for as long as necessary to:

fulfill the purposes for which it was collected,
comply with legal, regulatory, or contractual obligations, or
resolve disputes or enforce our agreements.

Detailed retention periods for each Data processing purpose are set out in Section 11 of this Policy.

Once the applicable retention period has expired, we will either safely delete your Data or irreversibly anonymize it within a reasonable timeframe, in line with best industry practices and legal requirements.

7. HOW DO WE ENSURE SECURITY OF YOUR DATA?

We take the security of your Data seriously and apply appropriate technical and organizational measures to protect Personal Data against unauthorized access, loss, misuse, alteration, or disclosure. These measures include:

collecting and processing Data only for lawful and specified purposes;
limiting access to authorized personnel only;
retaining Data only for as long as necessary;
sharing Data with third parties only where legally permitted;
providing data protection training to employees;
using encryption and secure systems where appropriate; and
monitoring systems and performing regular backups.

While we apply reasonable security safeguards, no system is completely secure, particularly when data is transmitted over the internet. You should take appropriate precautions, such as using strong passwords and securing your devices. Security incidents caused by user actions (e.g. phishing or credential sharing) may be outside our control.

8. DO WE TRANSFER DATA OUTSIDE THE UK?

Yes - but only where necessary and with appropriate safeguards.

We generally store and process Personal Data within the European Economic Area (EEA). In some cases, Data may be transferred to trusted service providers located outside the EEA, for example for cloud hosting, technical support, or other specialist services.

Whenever Personal Data is transferred outside the UK or EEA, we ensure that it remains adequately protected and that your rights are respected. We assess such transfers carefully and apply appropriate safeguards, including:

the UK International Data Transfer Agreement (IDTA) or the UK addendum to the EU Standard Contractual Clauses (SCCs EU Standard Contractual Clauses);
adequacy decisions issued by the European Commission; or
other legally approved transfer mechanisms.

For further information about international data transfers, you may contact us using the details provided in this Policy.

9. WHAT ARE YOUR RIGHTS?

If we process your Personal Data as described in this Policy, you have the following rights under applicable data protection laws, regardless of whether you interact with us as a client, supplier, contractor, or business contact:

Right to be informed: to receive clear information about how your Data is collected and used.
Right of access: to request confirmation of whether we process your Data and obtain a copy of it.
Right to rectification: to have inaccurate or incomplete Data corrected.
Right to erasure: to request deletion of your Data where it is no longer necessary, unlawfully processed, or where you withdraw consent (subject to legal retention obligations).
Right to restrict processing: to request a limitation on how we process your Data in certain circumstances.
Right to data portability: to receive your Data in a structured, commonly used format where processing is based on consent or contract.
Right to object: to processing based on our legitimate interests or for direct marketing purposes.
Right to withdraw consent: at any time, without affecting prior lawful processing.
Right to lodge a complaint: with the UK Information Commissioner’s Office (ICO) https://ico.org.uk/make-a-complaint

Please note that these rights are not absolute and may be restricted where required by law, including where exercising a right would affect the rights of others or where we must retain Data for legal or regulatory purposes.

10. HOW TO EXERCISE YOUR RIGHTS OR CONTACT US?

If you have questions about this Policy, how we process Personal Data, or wish to exercise your Data Subject rights, you may contact us at legal@domerce.ltd

To help us handle your request efficiently, please:

clearly describe your request or complaint;
indicate which Data Subject right you wish to exercise (if applicable); and
provide sufficient information to identify you (we may request proof of identity where necessary).

You may authorize a representative to act on your behalf. In such cases, we may require written authorization and may refuse the request if adequate proof is not provided.

We aim to respond without undue delay and within one month of receiving your request. Where requests are complex or involve multiple issues, this period may be extended by up to one additional month, in which case we will inform you accordingly.

11. DETAILED INFORMATION ABOUT THE PROCESSING OF YOUR PERSONAL DATA

11.1. TO PROVIDE CUSTOMER SUPPORT SERVICES:

When do we process your Personal Data?	We process Personal Data when you contact us (e.g. by phone, email, live chat, or social media) in order to respond to your enquiry or request. We use artificial intelligence (AI)-based tools (fully or semi-automated) to assist our customer support team. These tools are used for suggesting draft responses, guiding or answering calls before transfer to a human agent, transcribing and summarising conversations, and providing automated replies to frequently asked or trained questions. Note! All AI-generated outputs are reviewed and validated by human staff where decisions could affect your rights. We do not rely solely on automated decision-making that produces legal or similarly significant effects.
Data categories	When contacted by call: name, surname, mobile phone number, email address. Date and time of the call, duration of the call and a recording of the call. Contact by email: name, surname, mobile phone number, email address, residential address. Other information related to the written request, attached documents or other visual content, all correspondence history.
Legal basis (s)	UK GDPR/GDPR Art. 6(1)(f) – Legitimate interest: respond, advise, provide and administer inquiries when any person initiates the first conversation.
Data retention period	Recordings of conversations – 6 months from the moment of creation. Written communication – 3 years after your inquiry was closed. We may retain some information longer if we are required to do so to comply with applicable laws or based on justified interests.
Data recipients	Customer support platform providers (Non-EEA); AI support tools and chatbots (Non-EEA); Customer support agents (some outside EEA); Intra-Group companies (EEA).

11.2. TO MAINTAIN WEBSITE SERVICE AND SECURITY:

When do we process your Personal Data?	We process Personal Data automatically when you access or use our Website to ensure its functionality, security, and stability, and to detect or prevent unauthorized or unlawful activity.
Data categories	Technical and usage data (e.g. IP address, device and browser information, access times, pages visited), and security or system log data.
Legal basic (s)	UK GDPR/ GDPR Art. 6(1)(f) – Legitimate interest: maintaining the security and proper operation of our Website and IT systems.
Data retention period	Technical and log data are generally retained for up to 12 months, unless a longer period is required for security, legal, or compliance purposes.
Data recipients	Intra-group companies (EEA), IT and hosting providers, and security service providers (some may be located outside the EEA).

11.3. TO DEFEND AND PROTECT OUR LEGAL RIGHTS OR INTERESTS:

When do we process your Personal Data?	We may process Personal Data where necessary to establish, exercise, or defend legal claims, to comply with legal or regulatory obligations, or where we are involved in actual or potential legal proceedings. We may also process Data where we reasonably suspect fraud, misuse of our Website or brands, unlawful activities, or violations of applicable law, and where such matters must be reported to competent authorities.
Data categories	Information relevant to legal or compliance matters, such as identification and contact details, correspondence, accounting or legal records, documents related to claims or proceedings, and other information we are legally required to collect or disclose. In limited cases, this may include information relating to criminal offences or special category data where required by law.
Legal basic (s)	UK GDPR/ GDPR Art. 6(1)(f) – Legitimate interest: establishment, exercise, or defense of legal claims and the protection of our rights and interests.
Data retention period	For the duration of legal proceedings and, where applicable, up to 10 years after a final and binding decision or full implementation of such decision, unless a longer period is required by law.
Data recipients	Legal and professional advisers (e.g. lawyers, auditors, consultants), courts, law enforcement or supervisory authorities, and other competent public bodies (EEA and, where applicable, non-EEA).