GDPR Compliance Policy for Do Epic Good

Last Updated: November 6, 2024

At Do Epic Good, a brand of Do Epic Group, we prioritize the privacy and security of our users’ personal data and are committed to processing data responsibly and in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679. This GDPR Compliance Policy outlines our approach to data processing, your rights, and our commitment to protecting personal data.



1. Who We Are

Do Epic Good, under Do Epic Group, operates as the Data Controller for personal data collected and processed through our website, applications, and services. Our contact details are provided at the end of this policy, and we encourage you to reach out with any questions regarding data privacy.

2. What Data We Collect and Why

We collect various types of personal data for specific purposes, as outlined below:

A. Information Provided Directly by Users

  • Identity and Contact Information: Name, email address, mailing address, and phone number are collected when users register for an account, sign up for newsletters, make purchases, or contact us for support.

  • Payment Information: Billing address and payment details are collected to process transactions. Payment information is securely processed by third-party payment providers.

  • Communications: Any information you provide in messages, emails, surveys, or other direct communications.

B. Information Collected Automatically

  • Technical Data: This includes IP address, browser type, device identifiers, language preferences, and browsing activity on our website. Such information is collected to improve site functionality and security.

  • Cookies and Similar Technologies: We use cookies and similar tracking technologies to recognize you, analyze site traffic, and personalize your experience on our website. You may adjust your cookie settings as detailed in our [Cookie Policy].

C. Information from Third Parties

  • Social Media Platforms: When interacting with our content on social media or other platforms, we may receive personal information subject to the privacy settings you have enabled on those platforms.

3. Purpose and Legal Basis for Data Processing

In compliance with GDPR requirements, Do Epic Good processes personal data on lawful bases, including:

  • Consent: We rely on consent when you voluntarily submit data, such as for marketing emails or surveys. You have the right to withdraw consent at any time by contacting us.

  • Contractual Necessity: Data is processed as necessary to fulfill our contractual obligations, such as providing services you’ve requested or purchased.

  • Legitimate Interests: Where we have a legitimate interest, such as analyzing user behavior to improve our services, provided such interests are not overridden by your rights.

  • Legal Compliance: We process data as needed to comply with regulatory and legal obligations, including responding to legal requests or preventing fraud.

4. Your Rights Under GDPR

Under GDPR, individuals have the following rights related to their personal data:

  • Right of Access: You can request information on the personal data we hold about you, including details about how we use and process it.

  • Right to Rectification: If your personal data is inaccurate or incomplete, you have the right to request that we correct or update it.

  • Right to Erasure (“Right to be Forgotten”): In specific cases, you may request that we delete your data if it is no longer necessary for the purposes for which it was collected, if you withdraw consent, or if processing is unlawful.

  • Right to Restrict Processing: You can request a restriction on processing your data under certain conditions, such as while contesting data accuracy or if processing is unlawful.

  • Right to Data Portability: You have the right to receive your data in a structured, commonly used format, or request that it be transferred to another data controller.

  • Right to Object: You may object to our processing of your data for direct marketing or based on legitimate interests.

  • Right to Withdraw Consent: When data is processed based on consent, you may withdraw this consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

To exercise any of these rights, please contact us at [email protected]. We aim to respond within one month, in accordance with GDPR requirements, unless the request is complex and requires additional time.

5. Data Retention Policy

We retain personal data only as long as necessary to fulfill the purposes for which it was collected, including for legal, regulatory, or reporting obligations.

  • Transactional Data: Retained for seven years as part of our legal and regulatory record-keeping obligations.

  • User Account Data: Retained for the duration of your relationship with us and for three years thereafter for record-keeping purposes.

  • Marketing Data: Retained until you opt-out or unsubscribe from marketing communications.

6. International Data Transfers

Do Epic Good operates globally, and personal data may be processed in countries outside the EEA. These transfers are necessary for the provision of our services and occur in accordance with GDPR protections.

  • Standard Contractual Clauses (SCCs): We use the European Commission’s approved SCCs when transferring data to non-EEA countries without an adequacy decision.

  • Third-Party Agreements: We ensure that all third parties who process data on our behalf provide equivalent protections in compliance with GDPR standards.

7. Data Security Measures

To safeguard your personal data, Do Epic Good employs stringent technical and organizational security measures:

  • Encryption: Personal data is encrypted in transit and at rest, using industry-standard protocols to prevent unauthorized access.

  • Access Controls: Access to personal data is restricted to authorized personnel only, based on roles and responsibilities.

  • Data Minimization: We limit data collection to only what is necessary for each specific purpose.

  • Incident Response: In the event of a data breach, we have a structured response plan in place. We will notify you and any applicable supervisory authority within 72 hours if the breach poses a high risk to your rights.

8. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze usage patterns, and improve functionality. Our [Cookie Policy] provides more information on the types of cookies we use and how to manage your preferences.

  • Essential Cookies: Required for the operation of our site, such as enabling secure logins and page navigation.

  • Performance Cookies: Help us understand how visitors interact with our website, enabling us to improve functionality.

  • Advertising Cookies: Used to deliver relevant advertisements and track ad performance.

  • Managing Cookies: You may adjust your browser settings to refuse cookies, although some functionalities may be limited if you do so.

9. Third-Party Data Processors

Do Epic Good uses third-party service providers to assist with specific functions, such as payment processing, email marketing, and website analytics. We ensure that these providers comply with GDPR and other applicable data protection laws through data processing agreements that require them to maintain strict security protocols.

  • Payment Processors: For secure payment transactions.

  • Analytics Services: To better understand user behavior on our site, improve functionality, and personalize user experiences.

  • Marketing Platforms: For email communications and advertising purposes, with opt-out options provided in all communications.

10. Complaints and Dispute Resolution

If you believe your GDPR rights have been infringed, please contact us directly at [email protected], and we will work to resolve your concerns. Additionally, you have the right to lodge a complaint with your local supervisory authority in the EEA.

11. Policy Updates

We may update this GDPR Compliance Policy periodically to reflect changes in our data practices or legal requirements. The “Last Updated” date at the top indicates when revisions were made. We encourage you to review this policy regularly for the latest information.

12. Contact Information

If you have questions or wish to exercise any of your GDPR rights, please contact us at:

Do Epic Good
Email: [email protected] 
Address: Do Epic Good, P.O. Box: 74170, Dubai, U.A.E.