Privacy Policy

Your privacy and the security of your personal data are very important to us. At MØRKE, we are committed to collecting and storing your data with the utmost care and using strict security measures to protect it.

This Privacy Policy explains what personal data we collect, how we use it, and what rights you have when you browse or shop on our website (the “Website”), visit our physical points of sale (if applicable), or use any of our other services.

We comply with the minimum data protection requirements set out in the European Union General Data Protection Regulation (EU 2016/679) (“GDPR”) and, where applicable, other local privacy laws. This means we must inform you in advance what personal data we collect, for what purposes, and on which legal basis we process your data, as required by Articles 5 and 6 of the GDPR.

This policy is an integral part of our General Terms and Conditions of Use and Sale. By making a purchase on the Website or using our services, you will be asked to read and accept this Privacy Policy so that we can process your order, provide information about shipping and returns, and send you marketing communications related to the products or services you have purchased or that may be of interest to you.

Please note that we do not knowingly process data relating to customers under eighteen (18) years of age. By accessing the Website and using our services, you confirm that you are at least eighteen (18) years old.

1. DATA CONTROLLER – WHO WE ARE

The “data controller” (as defined in Article 4(7) GDPR) is the entity that determines the purposes and means of processing your personal data.

The data controller is:

MØRKE Studio

Sole propietor: Júlia Cher

Passeig de La Marina 91E - 08860 Castelldefels (Barcelona), Spain

ID Number available upon request for legal purposes

If you have any questions about how we collect, use or manage your data, you can contact us at:

  • Customer Care: studio@moerke-studio.com

  • Data Protection contact: thecircle@moerke-studio.com

2. DATA WE COLLECT AND PURPOSES OF PROCESSING

We collect personal data when you browse our Website, interact with us on social media, contact Customer Care, subscribe to our marketing, or purchase our products online or in-store (where applicable).

We may process your data for the following purposes:

a. Purchasing products

What we collect
Full name, billing and shipping addresses, phone number, mobile number, email address, and payment details.

Why
To process and fulfil your order, manage delivery and returns, provide invoices and comply with legal and tax obligations.

The legal basis for this processing is the performance of a contract with you (Article 6(1)(b) GDPR) and compliance with legal obligations (Article 6(1)(c) GDPR).

b. Processing payments

What we collect
Name on the card, card issuer and type, card number, start and expiry dates, partial payment details, payment method and account data; details relating to gift cards or store credit, where applicable.

Why
To process payments for your purchases, verify that you are the authorised holder of the payment method and handle refunds and financial records for tax and accounting purposes.

We do not store your CVV security code. Payment data may be processed by our secure payment providers.

c. Fraud prevention

What we collect
Information relating to suspected fraud or warnings on transactions, declined payment attempts, suspected criminal activity and related claims.

Why
To protect you, our customers and our business against fraud and other illegal activities, and to comply with legal obligations.

The legal basis is our legitimate interest in preventing and detecting fraud and protecting our business and customers (Article 6(1)(f) GDPR), and compliance with legal obligations.

d. Account registration and use of MØRKE services

What we collect
Full name, address, phone number, mobile number, email address, date of birth (if you choose to provide it), and account login details.

Why
To create and manage your MØRKE account, enable you to use our Website features and services (such as wishlists, saved details, order history, personalised recommendations, and any omnichannel services we may offer like in-store collection or appointments).

The legal basis is the performance of a contract (Article 6(1)(b) GDPR) and our legitimate interest in providing an enhanced and personalised customer experience (Article 6(1)(f) GDPR).

e. Customer Care

What we collect
Full name, contact details (address, phone, mobile, email), order details, and the content of your request or complaint.

Why
To provide support, answer your questions, manage complaints, and offer after-sales services.

The legal basis is the performance of a contract (Article 6(1)(b) GDPR) and our legitimate interest in maintaining high-quality customer service (Article 6(1)(f) GDPR).

f. Account verification

What we collect
Email address, surname, postcode, phone number, and order history, where necessary.

Why
To verify your identity when you contact us about your account or request changes when you cannot log in. This helps us protect your account from unauthorised access.

The legal basis is our legitimate interest in ensuring security and preventing misuse of your account (Article 6(1)(f) GDPR).

g. Marketing communications

What we collect
Full name, email address, phone number, postal address, and your marketing preferences.

Why
To send you marketing communications, including news and stories about MØRKE, new collections, exclusive products, invitations, offers and promotions, as well as satisfaction surveys and product or service feedback.

We only send marketing communications where you have given your consent (Article 6(1)(a) GDPR) or where permitted by law based on our legitimate interest in promoting our products and services (Article 6(1)(f) GDPR).

You can withdraw your consent or change your preferences at any time via:

  • “Unsubscribe” link in our emails

  • Your account settings on the Website

  • Contacting Customer Care

h. Cookies and similar technologies

What we collect
Technical information such as IP address, browser type, operating system, Internet Service Provider, referring/exit pages, date and time stamps, clickstream data and general usage statistics.

Why
We use cookies and similar technologies to:

  • Make our Website work properly

  • Improve your browsing experience

  • Understand how visitors use our Website

  • Personalise content and offers

  • Support our future marketing and business strategies (in aggregated and anonymised form where possible)

Some cookies are necessary for the functioning of the Website (strictly necessary cookies). Others (analytics, performance, marketing) are used only with your consent.

For more details, please refer to our Cookie Policy.

i. Social media

What we collect
Photos, videos, tags, comments, messages, and interactions with our official pages or content on platforms such as Instagram, Facebook, TikTok, Pinterest, LinkedIn, X/Twitter, and others.

Why
To interact with you, respond to your comments or messages, handle complaints, and understand how our brand is perceived.

If we would like to reuse your photos or videos (for example, on our Website or channels), we will always ask for your explicit permission.

Once you click on a social media button on our Website, you are redirected to that platform, and their own privacy policies apply.

j. Recruitment

What we collect
CV, application form, cover letter and any other information you choose to provide during the recruitment process.

Why
To assess your application for a role at MØRKE, contact you about the recruitment process and maintain basic records of candidates.

Your data will be used exclusively for recruitment purposes and may be shared with trusted third-party recruitment or HR software providers. Application data will be kept only for as long as necessary and in line with applicable law (for example, for current vacancies and a limited period thereafter).

k. Health and safety

What we collect
Information about accidents, injuries or health and safety incidents occurring at our premises or events organised by MØRKE.

Why
To ensure your safety and that of our staff, to contact emergency services if necessary, and to manage any insurance or legal claims.

l. Marketing personalisation

We may use your purchase history, browsing behaviour and interaction with our communications to personalise:

  • Product recommendations

  • Content and offers

  • Email or SMS marketing

  • Website experience (e.g., what products you see first)

We may also use third-party size-recommendation tools or similar technologies to help you choose the best fit. Where this involves personal data, we will anonymise it whenever possible or use it in aggregated form.

The legal basis is your consent (for certain types of profiling cookies or personalised marketing) and/or our legitimate interest in offering relevant content and improving your experience (Article 6(1)(f) GDPR).

m. Anti-fraud checks

If you purchase products from MØRKE using a credit or debit card or other payment method, we may use your personal data to conduct anti-fraud checks.

We have a legitimate interest in carrying out such checks to prevent and pursue fraudulent practices (Article 6(1)(f) GDPR). For internal administrative purposes, your data may be shared within the MØRKE group of companies (if applicable).

n. Links to other websites

Our Website may contain links to third-party websites or services. This Privacy Policy applies only to MØRKE and our Website. We do not control and cannot be held responsible for the privacy practices of third parties. We recommend that you read the privacy policies of those websites.

3. WHO PROCESSES YOUR DATA

Your personal data will be processed by MØRKE staff who are specifically authorised and trained to handle such information confidentially.

We also share your data with carefully selected third parties who act as data processors on our behalf, including:

  • Payment and financial service providers

  • IT and hosting providers

  • Logistics and courier companies

  • Marketing and communication agencies

  • Customer care tools and platforms

  • Legal, tax and other professional advisors

Some of these providers may be located outside the European Union. In such cases, any transfer of your personal data will be made in accordance with Articles 44–47 GDPR, using appropriate safeguards such as Standard Contractual Clauses or equivalent legal mechanisms, and implementing suitable technical and organisational measures to protect your data.

In addition, your data may be disclosed to law enforcement authorities, courts and regulatory bodies when required by law, for example:

  • Detecting and prosecuting criminal offences

  • Preventing threats to public security

  • Enabling MØRKE to establish, exercise or defend legal claims

  • Protecting the rights and freedoms of others

4. DATA RETENTION – HOW LONG WE KEEP YOUR DATA

We keep your personal data only for as long as necessary for the purposes for which it was collected, and in accordance with legal retention periods. After that, your data will be deleted or irreversibly anonymised. For example:

  • Order and purchase data: kept for the time necessary to manage the sale, delivery, returns and administrative/accounting obligations. Invoices and billing details are usually kept for up to 10 years, according to tax regulations.

  • Account data: kept until you delete your MØRKE account or we close it due to inactivity in line with our policies and legal requirements.

  • Payment data: kept for the time required to complete the transaction, manage refunds, prevent fraud and meet legal and regulatory obligations.

  • Omnichannel services data (e.g., store pick-up, appointments): kept until the service has been fully performed or cancelled.

  • Recruitment data: kept for a limited period from the date of your application, unless a longer period is allowed or required by law and with your consent.

  • Marketing data: kept until you withdraw your consent or object to processing, or for a period defined by applicable law and our internal policies.

  • Data used for personalisation and profiling: kept until you request us to stop such activities and, in any case, for no longer than 2 years after your last interaction with MØRKE (e.g. purchase, login, opening a marketing email), unless a longer period is legally allowed.

5. INTERNATIONAL DATA TRANSFERS

As a general rule, we do not transfer your personal data to countries outside the European Economic Area (“EEA”) unless strictly necessary.

Where such transfers are required (for example, because a service provider is based outside the EEA), we ensure an adequate level of data protection, as required by Articles 44–49 GDPR. This may include:

  • A European Commission adequacy decision, or

  • Standard Contractual Clauses approved by the European Commission, and

  • Additional technical and organisational safeguards.

6. YOUR RIGHTS

Under Articles 12–23 GDPR, you have the following rights in relation to your personal data:

  • Right of access: to obtain confirmation of whether we process your personal data and to receive a copy of such data, together with information about how it is used.

  • Right to withdraw consent: where processing is based on your consent, you can withdraw it at any time. This will not affect the lawfulness of processing carried out before withdrawal.

  • Right to object: you may object to processing based on our legitimate interests, including profiling. We will assess your request and stop processing unless we have compelling legitimate grounds or need the data to establish, exercise or defend legal claims.

  • Right to restriction of processing: in certain circumstances, you can request that we limit the use of your data (for example, while we verify its accuracy or when you object to our legitimate interest).

  • Right to erasure (“right to be forgotten”): you can request deletion of your data where, for example, the data is no longer needed for the purposes it was collected, you withdraw consent, you successfully object to processing, or the processing is unlawful.

  • Right to rectification: to have inaccurate or incomplete personal data corrected or updated.

  • Right to data portability: you can request to receive your personal data in a structured, commonly used and machine-readable format, and/or ask us to transmit it to another controller, where technically feasible and where the processing is based on consent or contract and carried out by automated means.

To exercise any of these rights, please contact us at:

Email: [insert privacy/dpo email, e.g. privacy@morke.com]

For your protection, we may need to verify your identity before processing your request, to prevent unauthorised access or misuse of your data.

7. COMPLAINTS

If you believe that your personal data has been processed in a way that infringes data protection law, you have the right to lodge a complaint with your local supervisory authority.

If our main establishment is in [Country], the relevant authority may be:

  • [Name of national Data Protection Authority, e.g. Agencia Española de Protección de Datos (AEPD) for Spain]

We would, however, appreciate the chance to deal with your concerns before you approach a supervisory authority, so please contact us first if possible.

8. DATA SECURITY

We protect your personal data using appropriate technical and organisational security measures designed to prevent unauthorised or unlawful processing, accidental loss, destruction or damage. These include:

  • Pseudonymisation and encryption where appropriate

  • Measures to ensure ongoing confidentiality, integrity, availability and resilience of systems and services

  • Procedures to restore access to personal data in a timely manner in the event of a physical or technical incident

We regularly test, assess and evaluate the effectiveness of our security measures.

Please note that no method of communication (such as email or post) or online transmission is completely secure. Your data may be at risk if a third party gains unauthorised access to your email account, your MØRKE account or other systems where your data is stored.

For this reason, we strongly recommend that you:

  • Use strong, unique passwords for your MØRKE account and email

  • Do not share your passwords with anyone

  • Log out after using shared or public devices

9. CCTV (IF APPLICABLE)

If MØRKE uses CCTV in its physical locations (e.g. boutiques, studios or pop-up spaces), this is solely for the safety of staff, customers and visitors, and for the prevention and detection of crime.

CCTV footage may be used to pursue or defend legal actions or to comply with legal obligations. Footage is stored securely for a limited period and then deleted unless needed for ongoing investigations or proceedings, in line with our CCTV policy and applicable law.

10. AI-POWERED CUSTOMER SERVICE

We may use AI-enabled customer service tools (for example, chatbots or virtual assistants) to provide faster and more efficient support through chat or contact forms on our Website.

10.1 AI-generated responses

These tools may be trained on information related to MØRKE (such as order information, FAQ content, brand guidelines and help centre articles) to provide accurate and personalised answers. If the AI assistant cannot resolve your issue, your conversation may be handed over to a human agent.

10.2 Data collected and purpose

When you interact with our chat or contact forms, we may collect:

  • Identifiers: basic contact details such as name and email address

  • Order history and support interactions

  • Usage and technical data related to your interaction with the service

This information is used solely to respond to your requests and to provide customer support. It will not be used for marketing or profiling without your consent.

10.3 Legal basis and retention

The legal bases for processing your data via AI-based support tools are:

  • Performance of a contract or pre-contractual measures (Article 6(1)(b) GDPR), as the data is necessary to provide customer service

  • Our legitimate interest in offering efficient, high-quality support (Article 6(1)(f) GDPR)

Your data is kept only for as long as necessary to handle your request and for a limited period thereafter, unless a longer period is required by law.

10.4 Third-party providers and transfers

We may rely on trusted third-party service providers to host or operate these AI tools. These providers only process your data on our instructions, under strict contractual obligations, and with adequate security measures.

If data is transferred outside the EEA, appropriate safeguards (such as Standard Contractual Clauses) are put in place to ensure your data remains protected in line with the GDPR.

10.5 Your rights

You can exercise your GDPR rights (access, rectification, deletion, restriction, objection, portability) in relation to data processed via these tools by contacting us at thecircle@moerke-studio.com

11. THIRD-PARTY CHECKOUT AND PAYMENT SERVICES

If you choose to use external checkout or payment services offered on our Website (for example, express checkout apps or wallet services provided by third parties), your relationship with those services is independent from MØRKE.

In those cases, the external provider acts as an independent data controller and processes your personal data according to its own privacy policy. MØRKE does not control and cannot be held responsible for such processing.

To exercise your privacy rights in relation to those services, please contact the provider directly and refer to their privacy documentation.

12. MORE INFORMATION

If you would like more information about how we collect, use and manage your personal data, or if you have any questions about this Privacy Policy, you can contact us at:

Email: thecircle@moerke-studio.com
Customer Care: studio@moerke-studio.com

13. CHANGES TO THIS PRIVACY POLICY

We may update or amend this Privacy Policy from time to time, for example to reflect new services, changes in how we process data, or changes in applicable laws and regulations.

When we make significant changes, we will try to inform you as clearly and promptly as possible (for example, by email or website notice). We nevertheless encourage you to review this page periodically to stay informed about our latest privacy practices.