top of page

Privacy Policy

Purpose of the Policy

This privacy policy aims to inform visitors and customers of the website https://dojoleaf.com, operated by Dojoleaf, registered as a sole proprietor in Luxembourg under the number LU36571615, about how their personal data is collected, processed, and protected in accordance with Regulation (EU) 2016/679 (GDPR) and the Luxembourg law of August 1, 2018, on the protection of natural persons with regard to the processing of personal data.
We are committed to ensuring the confidentiality, integrity, and security of your data.

 

Data Controller

Controller: Dojoleaf
Address: 2 rue Félix de Blochausen, L-1243 Luxembourg, Luxembourg
Email: contact@dojoleaf.com

Data Collected

We collect various categories of data:

  • Identity Data
    This includes information that directly identifies you, such as your first and last name, full postal address, phone number, and email address. These data are necessary for creating and managing your customer account, communicating with you, and shipping your orders.
     

  • Order-related Data
    These data concern the products you purchase, the total amount of your orders, billing, and delivery information. They are essential for processing your orders, managing billing, and ensuring proper delivery.
     

  • Payment Data
    Payment information (credit card numbers, banking details) is collected and processed exclusively by our secure payment providers such as Stripe or PayPal. We do not store or process these sensitive data ourselves, ensuring the security of your transactions.
     

  • Browsing Data
    We automatically collect certain technical data during your visit to our site, such as your IP address, browser type and version, pages visited, duration of your visits, and traffic sources. These data help us improve site performance and security and analyze how the site is used.
     

  • Marketing Data
    These include your communication preferences and consents, particularly for receiving newsletters or promotional offers. They enable us to personalize the communications we send you and respect your marketing preferences.
     

We do not collect so-called “sensitive personal data” as defined by the GDPR. These include information related to racial or ethnic origin, religious or philosophical beliefs, political opinions, trade union membership, genetic or biometric data, health, sex life, or sexual orientation.


Due to their particularly private nature and risk of discrimination, the GDPR imposes enhanced safeguards for processing such data. To protect your privacy and comply with legal standards, our site does not collect these sensitive categories of information.

 

Purposes and Legal Bases

We use your data to:

  • Fulfill a contract (processing and delivery of your orders)
     

  • Manage your customer account and after-sales service
     

  • Send marketing information and newsletters (with your consent)
     

  • Improve the website and personalize your user experience
     

  • Comply with our legal obligations (billing, taxation, dispute management)
     

Legal bases (Article 6 of the GDPR):

  • Consent (newsletter subscription, marketing cookies)
     

  • Contract performance (orders, customer account)
     

  • Legal obligation (billing)
     

  • Legitimate interest (statistical analysis and fraud prevention)
     

Hosting and International Transfers

Our site is hosted by Wix.com Ltd., located in Israel, a country recognized by the European Commission as providing an adequate level of protection (Decision 2011/61/EU).


Wix may also store data on servers located in the United States, Europe, and other jurisdictions. When data is transferred outside the European Economic Area (EEA), Wix implements appropriate safeguards, including standard contractual clauses.

Recipients of Data

​Your data may be shared with:

  • Our payment providers (Stripe, PayPal, etc.)
     

  • Our logistics providers (carriers, warehouses)
     

  • Our technical providers (hosting, marketing tools, emailing solutions)
     

  • Public authorities if required by law
     

All our providers are contractually bound to maintain the confidentiality and security of your data.

Data Retention Periods

  • Order management data
    We retain your order-related data (products purchased, billing, delivery) for 10 years, in accordance with Luxembourg and EU legal and accounting obligations.
     

  • Marketing data (newsletters and commercial communications)
    Your marketing data, notably for newsletters or promotional offers, is kept until you unsubscribe or for 3 years after your last interaction with our communications (email opening, click, etc.).
     

  • Browsing data (cookies and trackers)
    The retention period of your browsing data depends on the type of cookie or tracker used:
     

    • Essential cookies: retained only for the duration of your session
       

    • Analytical and advertising cookies: typically retained between 3 and 13 months (e.g., Google Analytics)
      For more details, please refer to the “Cookies” section of this policy.
       

  • Customer service data
    Information collected during your customer service requests is retained only as long as necessary to process your request and provide follow-up.
     

Cookies and Tracking Tools

​We use cookies and similar technologies to:

  • Ensure the proper functioning of the site (necessary cookies)
     

  • Analyze audience (Google Analytics or equivalent)
     

  • Personalize your experience (e.g., saved shopping cart)
     

  • Offer tailored content or advertising (with consent)
     

On your first visit, a banner allows you to manage your consent for each cookie category.
You can modify your preferences anytime in your browser or via the “Cookie Management” link at the bottom of the site.

Here is the list of essential cookies that do not require consent:

  • XSRF-TOKEN – Security, duration: session
     

  • hs – Security, duration: session
     

  • svSession – Unique visitor identification, duration: 2 years
     

  • SSR-caching – Page rendering origin, duration: 1 minute
     

  • _wixCIDX – Session management, duration: 3 months
     

  • _wix_browser_sess – Browser session, duration: session
     

  • consent-policy – Saves consent choices, duration: 1 year
     

  • smSession – Identifies logged-in members, duration: session
     

Security

​We implement technical and organizational measures in compliance with Article 32 of the GDPR, including:

  • Encrypted communications (HTTPS)
     

  • Regular backups
     

  • Access limited to authorized personnel only
     

  • Monitoring and detection of potential security breaches
     

Your Rights

​Under the General Data Protection Regulation (GDPR), you have the following rights which you can exercise at any time by contacting us at contact@dojoleaf.com :

  • Right of access
    You have the right to request a copy of the personal data we hold about you and information on how we use it.
     

  • Right of rectification
    If your data is inaccurate, incomplete, or outdated, you can request its correction or update.
     

  • Right to erasure (“right to be forgotten”)
    You can request the deletion of your personal data in certain circumstances, such as when it is no longer necessary for the purposes it was collected or if you withdraw your consent.
     

  • Right to restriction of processing
    In some cases, you may request that the processing of your data be limited, for example, if you contest its accuracy or oppose deletion.
     

  • Right to object
    You have the right to object at any time to the processing of your personal data, particularly for direct marketing purposes.
     

  • Right to data portability
    You may request to receive your personal data in a structured, commonly used, and machine-readable format, or ask that your data be transferred to another controller where technically feasible.
     

  • Right to withdraw consent
    If processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.
     

To exercise these rights, please contact us at: contact@dojoleaf.com
You can also lodge a complaint with the Luxembourg National Commission for Data Protection (CNPD): www.cnpd.lu.

Newsletters and Marketing Communications

If you have consented to receive our newsletters, we use your email address to send you information and offers about our products.
You can unsubscribe at any time using the link included in each email.

Secure Payments

Payments are processed via secure third-party providers (Stripe). We never store your full bank or credit card details.

Changes to this Policy

We may update this privacy policy for legal, technical, or organizational reasons. The date of the last update is indicated at the top of the page.

Document updated on 10/09/2025

bottom of page