Last updated: 12 June 2025
Dr Vibes (“we”, “our”, “us”) respects your privacy. This page explains what data we collect, why we collect it, and the choices you have. We follow Pakistan’s Personal Data Protection Bill (draft), the EU’s GDPR, and Shopify’s platform rules.
1. Information We Collect
|
Category |
When we collect it |
Examples |
|
Personal details |
Checkout, account sign-up, contact forms |
Name, shipping & billing address, phone, e-mail |
|
Order data |
Checkout, returns, warranty claims |
Product purchased, price, payment method, courier tracking ID |
|
Marketing preferences |
Newsletter opt-in, SMS alerts |
Your consent status, preferred language |
|
Device & usage |
Site visit, email opens |
IP address, browser type, referring URL, pages viewed, time spent |
|
Cookie & analytics |
Site visit |
Session cookies, Google Analytics ID, Facebook Pixel |
|
Support history |
Live chat, WhatsApp, e-mail |
Conversation transcripts, images you send (e.g., skin reaction photos) |
We do not knowingly collect data from anyone under 16. If you believe a minor has provided personal data, e-mail info@drvibes.org so we can delete it.
2. How We Use Your Data
|
Purpose |
Lawful basis (GDPR) |
|
Fulfil orders, process payments, arrange delivery |
Contract |
|
Send order confirmations, shipping updates & returns labels |
Contract |
|
Provide personalised product tips, routine builders & offers |
Consent (you can opt out) |
|
Detect fraud & secure payments (Shopify Risk API) |
Legitimate interest |
|
Improve website performance & debug issues |
Legitimate interest |
|
Run ads for look-alike audiences on Meta & Google |
Consent |
|
Maintain tax & accounting records (7 years) |
Legal obligation |
3. Who We Share It With
|
Partner type |
Why |
Safeguards |
|
Payment processors (Shopify Payments, 3G Ban k, Stripe) |
Handle card & wallet payments |
PCI-DSS compliance, tokenised data |
|
Couriers (TCS, Leopard, Trax) |
Deliver your parcel & send tracking SMS |
Limited to name, address, phone |
|
Analytics & marketing (Google Analytics, Meta, Klaviyo) |
Understand traffic & send e-mails/SMS |
EU-US DPF or SCCs for GDPR |
|
IT & security vendors (Cloudflare, BugCrowd) |
Keep the site fast & secure |
NDA + SOC 2 reports |
We never sell your data.
4. Cookies & Similar Tech
|
Cookie type |
Example |
Lifespan |
Opt-out |
|
Essential |
Cart ID, Checkout token |
Session |
Not optional |
|
Analytics |
_ga, _gid |
26 months |
Browser settings or our banner |
|
Marketing |
_fbp, _gcl_au |
90 days |
Banner or Ad-settings pages |
|
Functional |
Locale, wish-list |
12 months |
Browser settings |
The first time you visit, a banner lets you accept or manage non-essential cookies. You can also clear cookies via your browser.
5. Your Rights
- Access – Ask for a copy of your data.
- Correction – Fix inaccurate info.
- Deletion – “Right to be forgotten” (unless we must keep it for tax or fraud prevention).
- Restriction – Pause processing while an objection is investigated.
- Portability – Receive your data in a machine-readable file.
- Withdraw consent – Opt out of marketing any time (link in every e-mail or SMS “STOP”).
To exercise any right, e-mail info@drvibes.org . We’ll respond within 30 days.
6. Data Security
- Shopify PCI Level 1 secure hosting
- TLS 1.2 encryption on every page
- Tokenised card data (we never see your full PAN)
- Quarterly penetration tests & 24/7 Cloudflare WAF
- Role-based staff access, 2-factor authentication
7. Retention Periods
|
Data type |
Typical retention |
|
Orders & invoices |
7 years (tax law) |
|
Support tickets & chat logs |
3 years from last contact |
|
Marketing consent records |
Until you opt out + 2 years |
|
Analytics logs |
26 months, then anonymised |
8. International Transfers
Our store is hosted on Shopify servers in the USA and Canada. Shopify relies on contractual Standard Contractual Clauses (SCCs) to protect EU/UK personal data.
9. Third-Party Links
Blog articles may link to external sites (e.g., PubMed studies). We aren’t responsible for their privacy practices—read their policies before submitting data.
10. Changes to This Policy
We update this page when laws change or we add new features. Major changes will be announced via e-mail and site banner 14 days before they take effect.
11. Contact Us
Data Protection Officer
info@drvibes.org | +44 7727 751 882
Innovation Tower, Chaklala Scheme 3, Commercial Market, Rawalpindi, Pakistan.