🛁 15% off beauty & care — use code CARE15

🚚 Free shipping from €100+ · Ships EU-wide · Free returns 💌 Subscribe for 10% off

Privacy policy

Last updated: 1 November 2025

Introduction

Bisou Dog (trade name of MELA consulting comm v) ("we," "us," or "our") operates bisoudog.com (the "Website"). This Privacy Policy describes how we collect, use, and disclose your personal information when you visit, use, or make a purchase from our Website.

Data Controller:
Bisou Dog (trade name of MELA consulting comm v)
Frans Birontlaan 3/5
2600 Antwerpen, Belgium
VAT: BE0740734164
Email: hello@bisoudog.com

This Privacy Policy complies with the General Data Protection Regulation (GDPR) and applicable Belgian and European Union data protection laws. Our Website is powered by Shopify, which provides our e-commerce platform and processes certain data on our behalf.

Please read this Privacy Policy carefully. By using our Website, you acknowledge that you have read and understand how we collect, use, and disclose your personal information as described in this Privacy Policy.

Personal Information We Collect

When we use the term "personal information," we are referring to information that identifies or can reasonably be linked to you. Personal information does not include information that has been anonymized or aggregated so that it can no longer identify you.

We collect the following categories of personal information:

Contact Information:

  • Name
  • Email address
  • Shipping address
  • Billing address
  • Phone number

Financial Information:

  • Payment card information (processed securely by our payment providers)
  • Transaction details
  • Purchase history

Account Information:

  • Username and password
  • Account preferences and settings
  • Order history

Transaction Information:

  • Items you view, add to cart, wishlist, or purchase
  • Past purchases, returns, and exchanges

Communications:

  • Information you provide when contacting customer support
  • Email newsletter preferences
  • Product reviews and feedback

Device and Usage Information:

  • IP address
  • Browser type and version
  • Device information
  • Pages visited on our Website
  • Time and date of visits
  • Referring website
  • Search queries on our Website

Marketing Information:

  • Products you've viewed or purchased
  • Email open rates and click-through rates
  • Responses to marketing campaigns

How We Collect Personal Information

We collect personal information from the following sources:

Directly from you:

  • When you create an account
  • When you make a purchase
  • When you sign up for our newsletter
  • When you contact customer support
  • When you leave product reviews

Automatically through our Website:

  • Through cookies and similar tracking technologies
  • From your device when you browse our Website
  • Through analytics tools

From our service providers:

  • Shopify (our e-commerce platform)
  • Sendcloud (shipping and logistics)
  • bpost (shipping carrier)
  • Payment processors (Shopify Payments, PayPal, Stripe)
  • Email marketing providers
  • Analytics providers (Google Analytics)

How We Use Your Personal Information

We use your personal information for the following purposes:

Order Processing and Fulfillment:

  • Process and fulfill your orders
  • Send order confirmations and shipping notifications
  • Arrange shipping and delivery
  • Process returns, refunds, and exchanges
  • Provide customer support
  • Create and manage your account

Marketing and Communications:

  • Send marketing emails (only with your consent)
  • Show you personalized product recommendations
  • Display targeted advertisements on our Website and other platforms
  • Send transactional emails (order updates, account notifications)

Website Improvement:

  • Analyze how customers use our Website
  • Improve our products, services, and user experience
  • Conduct market research and analytics
  • A/B testing and optimization

Security and Fraud Prevention:

  • Authenticate your account
  • Detect and prevent fraud
  • Protect against malicious activity
  • Secure our systems and services

Legal Compliance:

  • Comply with legal obligations
  • Respond to legal requests from authorities
  • Enforce our Terms of Service
  • Resolve disputes

Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

Contract Performance:
Processing necessary to fulfill our contract with you (e.g., order fulfillment, customer service).

Consent:
Processing based on your explicit consent (e.g., marketing emails, cookies). You may withdraw consent at any time.

Legitimate Interest (Article 6(1)(f) GDPR):
We process certain data based on our legitimate business interests, 
balanced against your rights:

- Fraud Prevention: Necessary to protect our business and customers 
  from fraudulent transactions and security threats
- Website Optimization: Aggregated analytics to improve user experience 
  (less intrusive than individual tracking requiring consent)
- Business Operations: Internal analytics for inventory, logistics, 
  and operational efficiency

We have conducted a Legitimate Interest Assessment (LIA) for each 
processing activity. You can request a copy at hello@bisoudog.com.

You have the right to object to processing based on legitimate interest 
at any time.

Legal Obligation:

Processing required to comply with legal obligations (e.g., tax records, consumer protection laws).

How We Share Your Personal Information

We do not sell your personal information. We share your information only in the following circumstances:

Service Providers:

We share your information with trusted third-party service providers who perform services on our behalf:

  • Shopify: E-commerce platform that hosts our Website, processes orders, and handles payments
  • Sendcloud: Shipping and logistics provider for order fulfillment across Europe
  • bpost: Shipping carrier for Belgium deliveries

  • Payment Processing:
    - Shopify Payments: Integrated payment solution provided by Shopify Inc. 
      See Shopify Privacy Policy: https://privacy.shopify.com/en
    - PayPal: Independent payment processor. Privacy Policy: https://www.paypal.com/privacy
    - Stripe: Independent payment processor. Privacy Policy: https://stripe.com/privacy

    All payment processors are PCI-DSS compliant and implement appropriate 
    security measures.

  • Email Service Providers: For sending transactional and marketing emails
  • Analytics Providers: Google Analytics for Website analytics
  • Cloud Storage Providers: For secure data storage

All service providers are contractually required to protect your personal information and use it only for the purposes we specify.

Legal Requirements:

  • To comply with legal obligations (court orders, subpoenas)
  • To enforce our Terms of Service
  • To protect our rights, property, or safety
  • To prevent fraud or illegal activities

Business Transfers:

  • In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new owner

With Your Consent:

  • When you direct or consent to our disclosure of information to third parties

Advertising and Marketing Partners (with your consent):

We share the following data with advertising platforms for retargeting 
and measurement:

Meta (Facebook/Instagram):
- Hashed email addresses (SHA-256)
- IP addresses
- Browser and device information
- Pages viewed and products clicked
- Purchase events (order value, items purchased)
- Facebook Pixel collects this data automatically when you visit our site

Google Ads:
- Hashed email addresses
- Conversion events (purchases, add-to-cart)
- Google Analytics data (with separate consent)

TikTok Ads:
- Hashed email addresses
- Purchase events
- TikTok Pixel collects browsing data when you visit our site

Legal basis: Consent (you can withdraw via cookie settings)

Data retention by platforms:
- Meta: Up to 180 days for ad delivery, longer for analytics
- Google: Varies by product (see Google Privacy Policy)
- TikTok: Up to 13 months

To opt out:
You can opt out of personalized advertising by:
- Adjusting cookie preferences on our Website
- Using browser "Do Not Track" settings
- Opting out via platform-specific settings (Google Ads Settings, Facebook Ad Preferences)
- Using industry opt-out tools: www.youronlinechoices.eu

Shopify's Role in Data Processing

Our Website is powered by Shopify Inc., which provides our e-commerce platform. Shopify collects and processes personal information about your use of our Website to provide and improve services for you.

Shopify acts as:

  • A service provider (data processor) when processing data on our behalf for order fulfillment and Website operation
  • An independent data controller when using data to improve its own services and provide enhanced features

To provide enhanced features, Shopify may use personal information collected about your interactions with our Website, along with other merchants and Shopify. In these cases, Shopify is responsible for processing your personal information.

Shopify has appointed an EU representative as required by GDPR Article 27:

Shopify International Limited
Victoria Buildings, 2nd Floor
1-2 Haddington Road
Dublin 4, D04 XN32
Ireland

For Shopify data protection matters, you can also contact Shopify's 
EU representative via: https://privacy.shopify.com/

To learn more about Shopify's data practices:

We have a Data Processing Agreement (DPA) with Shopify as required by GDPR Article 28. This agreement ensures Shopify:
- Processes data only on our instructions
- Implements appropriate security measures
- Assists with data subject rights requests
- Notifies us of data breaches

View Shopify's DPA: https://www.shopify.com/legal/dpa

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our Website.

Types of cookies we use

Essential Cookies (Required):
Necessary for the Website to function properly. These enable shopping cart, checkout, account access, and security features. These cannot be disabled.

Analytics Cookies (Optional):
Help us understand how visitors use our Website (e.g., Google Analytics, Shopify Analytics). Used to improve Website performance and user experience.

Marketing Cookies (Optional):
Used for targeted advertising and measuring campaign effectiveness. Enable personalized product recommendations and retargeting ads.

Cookies We Use

Essential Cookies:

Cookie name Purpose Duration
_shopify_s Session management Session
_shopify_y Shopping cart 1 year
cart Shopping cart contents 2 weeks
secure_customer_sig Customer login 1 year

 

Analytics Cookies (with your consent):

Cookie name Purpose Duration Provider
_ga
 Google Analytics - visitor tracking
 2 years Google
_gid
 Google Analytics - session tracking
 24 hours Google
_gat Google Analytics - throttling
 1 minute Google


We use Google Analytics 4 to analyze Website usage. This involves 
data transfer to the United States.

Safeguards in place:
- IP anonymization enabled
- Data retention set to 2 months (minimum)
- Google's Standard Contractual Clauses (SCCs)
- Data Processing Amendment with Google
- We have assessed that US surveillance risks are mitigated by Google's 
  supplementary measures

You can opt out of Google Analytics via cookie settings or by installing 
the Google Analytics Opt-out Browser Add-on: 
https://tools.google.com/dlpage/gaoptout

For Google's data practices: https://policies.google.com/privacy

Marketing Cookies (with your consent):

Cookie name Purpose Duration Provider
_fbp
 Facebook Pixel
 3 months Meta
TikTok Pixel TikTok Pixel 13 months TikTok

 

You can view and delete cookies through your browser settings.

Cookie Management
You can control cookies through your browser settings. Note that disabling essential cookies may affect Website functionality. You can also manage your cookie preferences through our cookie consent banner when you first visit the Website.

For more information about cookies, visit www.allaboutcookies.org.

Your Rights Under GDPR

As an EU resident, you have the following rights regarding your personal information:

Right to Access:
Request a copy of the personal data we hold about you.

Right to Rectification:
Request correction of inaccurate or incomplete data.

Right to Erasure ("Right to be Forgotten"):
Request deletion of your personal data, subject to legal retention requirements.

Right to Restriction of Processing:
Request that we limit how we use your data in certain circumstances.

Right to Data Portability:
Request your data in a structured, machine-readable format to transfer to another service.

Right to Object:
Object to processing based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent:
Withdraw consent for processing at any time (where consent is the legal basis).

Right to Lodge a Complaint:
File a complaint with your national data protection authority.

Right Not to Be Subject to Automated Decision-Making:
Object to decisions made solely by automated means, including profiling.

To exercise your rights:

  • Email: hello@bisoudog.com
  • We will respond within 1 month
  • We may need to verify your identity before processing requests 
       (e.g., by matching your email address or account details with 
       our records).

Belgian Data Protection Authority:
Gegevensbeschermingsautoriteit
Rue de la Presse 35
1000 Brussels, Belgium
Website: www.gegevensbeschermingsautoriteit.be

Managing Communication Preferences

Marketing Emails:
You can opt out of marketing emails at any time by:

  • Clicking the "unsubscribe" link in any marketing email
  • Emailing hello@bisoudog.com
  • Updating your account preferences (if you have an account)

Transactional Emails:
Even if you unsubscribe from marketing, you will still receive transactional emails (order confirmations, shipping notifications, account updates) necessary for your purchases.

Data Retention

We retain your personal information only as long as necessary for the purposes described in this Privacy Policy or as required by law.

Retention periods:

Order and Transaction Data:
Retained for 10 years to comply with Belgian tax and accounting regulations.

Account Information:
Retained until you request deletion or close your account.

Marketing Consents:
Retained until you unsubscribe or withdraw consent.

Website Analytics:
Retained for 2 months (Google Analytics 4 setting), then anonymized for aggregated reporting purposes.

Customer Support Communications:
Retained for 1 year after case closure for quality assurance and dispute resolution.

Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

Security measures include:

  • SSL/TLS encryption for data transmission
  • Secure payment processing via PCI-DSS compliant providers
  • Regular security assessments and updates
  • Access controls and authentication
  • Secure data storage with encrypted backups
  • Employee training on data protection

However, no method of transmission over the internet is 100% secure. While we strive to protect your data using commercially acceptable means, we cannot guarantee absolute security.

Incident Response:
In the event of a personal data breach:
- We will notify the Belgian Data Protection Authority within 72 hours if the breach poses a risk to your rights (GDPR Article 33)
- We will notify affected customers without undue delay if the breach poses a high risk to your rights and freedoms (GDPR Article 34)
- Notifications will include the nature of the breach, likely consequences, and measures taken to address it

International Data Transfers

Your personal information may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States and Canada, where our service providers (e.g., Shopify) operate servers.

Safeguards for international transfers:
- Standard Contractual Clauses (SCCs): We use SCCs approved by the European Commission with all processors outside the EEA
- Supplementary Measures: We conduct Transfer Impact Assessments and implement additional technical measures (encryption, access controls) as required by the Schrems II ruling
- Adequacy Decisions: Where available, we rely on European Commission adequacy decisions (e.g., Canada, Japan)

Shipping and Logistics:

Sendcloud (Netherlands) processes shipping data within the EEA. When using non-EEA carriers, Standard Contractual Clauses ensure adequate protection. For details: Sendcloud DPA/sub-processor list.

These mechanisms ensure that your data receives an adequate level of protection regardless of where it is processed.

For questions about international transfers, contact hello@bisoudog.com.

Third-Party Links

Our Website may contain links to third-party websites or services. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing personal information.

Children's Privacy

Age Restrictions:
Our Website is intended for users aged 13 and older. We do not knowingly 
collect personal information from children under 13 without parental consent.

Under Belgian law, children under 13 require parental consent for 
processing of personal data in relation to information society services 
(online services).

If you are under 13:
You may only use our Website with your parent or guardian's permission. 
We may request verifiable parental consent before processing your data.

If you are a parent/guardian and believe your child under 13 has provided 
us with personal information without consent, contact hello@bisoudog.com. 
We will delete the data promptly.

Automated Decision-Making and Profiling

Fraud Prevention (Automated with Human Review):
We use automated fraud detection systems that may flag suspicious 
transactions. Flagged orders are reviewed by our team before final 
decisions. You have the right to human intervention and can contact 
hello@bisoudog.com to contest any decision.

Product Recommendations (Profiling):
We use algorithms to suggest products based on browsing history and 
purchases. This does not produce legal effects or significantly affect 
you. You can opt out via cookie settings.

No Solely Automated Decisions:
We do not make decisions based solely on automated processing that 
produce legal effects or similarly significantly affect you (Article 22 GDPR).

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other operational reasons.

Notification of changes:

  • The "Last updated" date at the top will be revised
  • Significant changes will be communicated via Website banner or email
  • Continued use of our Website after changes constitutes acceptance of the updated Privacy Policy

Contact Us

Data Protection Contact:
We have designated a data protection contact (not a formal Data Protection Officer as we are not required to appoint one under GDPR Article 37). For data protection inquiries, contact:

Email: hello@bisoudog.com  
Response time: Within 1 month

For questions about this Privacy Policy, to exercise your data protection rights, or to file a complaint:

Email: hello@bisoudog.com
Response time: Within 1 month

Mailing Address:
Bisou Dog (trade name of MELA consulting comm v)
Frans Birontlaan 3/5
2600 Antwerp
Belgium

VAT: BE0740734164

Belgian Data Protection Authority (Gegevensbeschermingsautoriteit/APD):

Postal Address:  
Rue de la Presse 35  
1000 Brussels, Belgium

Email: contact@apd-gba.be  
Phone: +32 2 274 48 00  
Website: www.gegevensbeschermingsautoriteit.be  

Online Complaint Form: https://www.gegevensbeschermingsautoriteit.be/complaint

Bisou Dog · Frans Birontlaan 3, 2600 Antwerp, Belgium · hello@bisoudog.com

VAT: BE0740734164