PRIVACY POLICY
1. Data ControllerThis website is operated by Farabuto OÜ, registered in Estonia and operating under the brand name “DIPPONG” (hereinafter referred to as “the Company”).
The Company is the data controller within the meaning of Article 4(7) GDPR.
Contact:
Email: farabuto@proton.me
We may process the following categories of personal data:
• Full name
• Email address
• Reservation details
• Communication content
• Stated product interests
• Device and browser information
• IP address (shortened where possible)
• Usage behavior on this website
When submitting a reservation request, personal data is processed for:
• Responding to inquiries
• Preparing individualized offers
• Initiating contract formation
• Managing limited-edition allocation
Legal Basis:
Article 6(1)(b) GDPR – pre-contractual measures
Article 6(1)(f) GDPR – legitimate interest in managing business inquiries
The Company uses CleverReach, a Germany-based email service provider, for managing reservation-related communication and, where applicable, newsletters.
CleverReach acts as a data processor on behalf of the Company under a Data Processing Agreement (DPA).
Personal data processed via CleverReach may include:
• Name
• Email address
• Reservation interest
• Email interaction data
Legal Basis:
• Article 6(1)(b) GDPR – contract-related communication
• Article 6(1)(a) GDPR – consent (for newsletters or future collection updates)
Processing takes place within the European Union.
The Company may record customer preferences and product interests for the purpose of:
• Providing tailored offers
• Informing customers about future limited releases
This may include:
• Product category interest
• Past reservation history
• Email engagement
No automated decision-making within the meaning of Article 22 GDPR takes place.
Where used for marketing beyond an active reservation, processing is based on explicit consent under Article 6(1)(a) GDPR.
This website may use privacy-focused analytics (e.g., Matomo) to understand user interaction and improve performance.
Analytics may process:
• Anonymized IP address
• Device and browser type
• Pages visited
• Time spent on pages
Legal Basis:
Article 6(1)(f) GDPR – legitimate interest in website optimization.
Where required by law, tracking will only occur after user consent via a cookie banner.
The website is hosted within the European Union. Hosting providers process server log data for security and operational stability.
Legal Basis:
Article 6(1)(f) GDPR – legitimate interest in secure website operation.
Personal data is retained only as long as necessary for:
• Reservation handling
• Contract performance
• Compliance with accounting and legal obligations
Data not required will be securely deleted.
Under GDPR, you have the right to:
• Access your data
• Rectify inaccurate data
• Request deletion
• Restrict processing
• Object to processing
• Data portability
You have the right to lodge a complaint with the Estonian Data Protection Inspectorate or your local supervisory authority.
Appropriate technical and organizational measures are implemented to protect personal data against unauthorized access, loss, or misuse.
11. Changes to This PolicyThis Privacy Policy may be updated as necessary. The current version is available on this website.