Privacy Policy

                                                                                     Last updated: 14.01.2026

1. Introduction

This Privacy Policy explains how DUKAAN (“Dukaan”, “we”, “us”, “our”) collects, uses, discloses, and protects personal data when you use our website, mobile applications, and related services (together, the “Platform”).​

Dukaan is operated by BeyondBorders Limited, registered in Ireland, and acts as the data controller for personal data processed through the Platform, except where vendors act as separate controllers for their own processing activities.​

 2. Who we are and contact details

BeyondBorders Limited is the company behind Dukaan, Ireland’s online marketplace connecting customers with a wide range of Irish and international vendors.​

If you have any questions about this Privacy Policy or how your data is handled, you can contact us at:

  • Email: support@dukaan.ie

If required, you may also contact our Data Protection Officer (DPO) at the same email address, clearly marking your message “Data Protection”.​

 3. Personal data we collect

We may collect and process the following categories of personal data:​

  • Account and profile data: name, email address, password, phone number, billing and shipping addresses.
  • Order and transaction data: products purchased or sold, order history, payment status, invoices, refunds, and related correspondence.
  • Vendor data: business name, contact details, business registration details, tax information, bank account or payout details.
  • Technical and usage data: IP address, device identifiers, browser type, operating system, access times, pages viewed, click‑stream data, and other usage information.
  • Communication data: messages you send to us or to vendors through the Platform, support requests, reviews, and feedback.
  • Marketing and preference data: marketing preferences, cookie preferences, and responses to surveys or promotions.

We do not intentionally collect special category data (such as health or biometric data) and ask that you do not submit such information through the Platform.​

4. How we collect your data

We collect personal data in the following ways:​

  • Directly from you: when you create an account, place an order, register as a vendor, contact customer support, subscribe to marketing, or otherwise interact with the Platform.
  • Automatically: via cookies and similar technologies when you browse the Platform, including analytics and log data.
  • From vendors or partners: for example, where a vendor shares order and fulfilment data or where payment and fraud‑prevention partners provide limited information to help process or verify transactions.

Where data is provided about another person (for example, a gift recipient), you confirm that you have their permission to share their details with us.​

5. Purposes and legal bases for processing

We process personal data for the following purposes and legal bases under applicable data protection law:​

  • To provide and operate the Platform: to create and manage accounts, enable browsing, manage vendor listings, process orders, payouts, and deliveries (performance of a contract).
  • To process payments and prevent fraud: to verify payments, detect suspicious activity, and protect the Platform and users (performance of a contract and legitimate interests).
  • To provide customer and vendor support: to respond to queries, resolve issues, and manage returns, complaints, and disputes (performance of a contract and legitimate interests).
  • To personalise and improve the Platform: to analyse usage, develop new features, and enhance user experience (legitimate interests, with appropriate safeguards).
  • To send service and transactional communications: order confirmations, updates, security alerts, and policy changes (performance of a contract and legal obligations).
  • To send marketing communications: to inform you about offers, products, and services from us and, where permitted, from selected partners (consent or legitimate interests, depending on the channel and your preferences).
  • To comply with legal obligations: record‑keeping, tax and accounting requirements, responding to lawful requests from authorities, and enforcing our terms (legal obligations and legitimate interests).

6. Cookies and similar technologies

We use cookies and similar technologies to:​

  • Enable core functionality of the Platform (for example, keeping you signed in or remembering your basket).
  • Perform analytics and measure performance (for example, understanding which pages are most visited).
  • Support security and fraud prevention.
  • Deliver and measure marketing and personalised content, where permitted.

You can manage your cookie preferences through your browser settings and, where available, through our cookie banner or settings tool. Some cookies are essential; if you disable them, parts of the Platform may not function properly.​

7. How we share personal data

We may share personal data with the following categories of recipients, strictly as necessary:​

  • Vendors and sellers: so that they can process and fulfil your orders, handle returns, and provide customer service.
  • Service providers: payment processors, banks, IT hosting and infrastructure providers, analytics providers, email and SMS providers, marketing platforms, and customer support tools.
  • Logistics and delivery partners: to deliver products and manage returns.
  • Professional advisers: lawyers, auditors, insurers, and tax advisers where needed.
  • Public authorities and regulators: where required to comply with legal obligations, enforce our terms, or protect rights, property, or safety.
  • Corporate transactions: in connection with a merger, acquisition, or sale of all or part of our business, in which case personal data may be transferred as part of the transaction, subject to appropriate safeguards.

We do not sell your personal data in the sense of exchanging it for money, but certain disclosures for advertising or analytics may be considered a “sale” or “sharing” under some laws; where such laws apply, we will provide relevant opt‑out mechanisms.​

8. International data transfers

Your personal data may be processed and stored in Ireland, the European Economic Area (EEA), and, where necessary, in other countries.​

When transferring personal data outside the EEA, we implement appropriate safeguards required by law, such as adequacy decisions, standard contractual clauses, or equivalent mechanisms, and ensure that your rights remain protected.​

9. Data retention

We keep personal data only for as long as necessary for the purposes for which it was collected, including to:​

  • Provide the Platform and fulfil our contractual obligations.
  • Comply with legal, accounting, and tax requirements.
  • Resolve disputes and enforce our agreements.

Retention periods vary depending on the type of data, but generally:​

  • Account data is retained for as long as your account is active and for a reasonable period afterwards, unless you request deletion and we have no overriding legal reason to keep it.
  • Transaction data is retained for the duration of applicable statutory limitation periods and tax or accounting requirements.

When data is no longer needed, it is securely deleted, anonymised, or aggregated.​

10. Your rights

Under applicable data protection laws (including the GDPR as implemented in Ireland), you may have the following rights regarding your personal data:​

  • Right of access: to obtain confirmation and a copy of your personal data.
  • Right to rectification: to have inaccurate or incomplete data corrected.
  • Right to erasure: to request deletion of your personal data in certain circumstances.
  • Right to restriction: to request limited use of your data in specific cases.
  • Right to data portability: to receive certain data in a structured, commonly used, machine‑readable format and transmit it to another controller.
  • Right to object: to object to processing based on legitimate interests or to direct marketing.
  • Right to withdraw consent: where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of processing before withdrawal.

You can exercise these rights by contacting us using the details in section 2. We may need to verify your identity before responding to your request.​

11. Marketing communications

Where permitted by law, we may send you marketing communications about Dukaan and participating vendors, including offers, news, and product recommendations.​

You can opt out of marketing communications at any time by:

  • Using the unsubscribe link in emails or “STOP” instructions in SMS where applicable.
  • Adjusting your marketing preferences in your account settings.
  • Contacting us using the details in section 2.

Even if you opt out of marketing, you will still receive essential service messages such as order confirmations, updates, and important account notices.​

12. Vendor and merchant data

If you are a vendor or merchant on Dukaan, we process your personal and business data to:​

  • Set up and manage your seller account, listings, and storefront.
  • Process payouts, handle fees, and provide financial reporting.
  • Verify your identity and business to meet legal, tax, and anti‑fraud obligations.
  • Provide support and communicate about platform updates, performance, and opportunities.

Vendors may act as separate controllers for personal data they receive directly from customers, such as through their own systems or off‑platform communications, and must provide their own privacy notices where required.​

13. Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, alteration, or disclosure.​

These measures include access controls, encryption or pseudonymisation where appropriate, secure hosting, regular monitoring, and staff training, taking into account the nature of the data and the risks involved.​

14. Third‑party websites and services

The Platform may contain links to third‑party websites, applications, or services, including vendor websites and external payment or logistics providers.​

This Privacy Policy does not cover how those third parties process personal data, and we are not responsible for their privacy practices; you should review their privacy notices before providing personal data.​

15. Children’s privacy

The Platform is not intended for children under 16 years of age, and we do not knowingly collect personal data from children in this age group.​

If you believe a child under 16 has provided personal data through the Platform, please contact us so that we can take appropriate steps to delete such information, unless we are legally required to retain it.​

16. Complaints and supervisory authority

If you have concerns about how we handle your personal data, we encourage you to contact us first so we can try to resolve the issue.​

You also have the right to lodge a complaint with the Irish Data Protection Commission (DPC) or with your local supervisory authority within the European Economic Area.​

17. Changes to this Privacy Policy

We may update this Privacy Policy from time to time, for example to reflect changes in our services, legal obligations, or how we process personal data.​