Privacy Policy
Last Updated: 03/12/2026
Droppe Oy ("Droppe", "we", "us", or "our") is committed to protecting your privacy and your organization's information. This Privacy Policy describes how we collect, use, and share personal and business information when you use www.droppe.com (the "Website") or any service through our digital platform (the "Platform").
1. About Droppe and Data Collection
Data Controllers:
Droppe GmbH and Droppe Oy act as joint controllers for personal data collected through the Platform in compliance with GDPR Article 26.
- Droppe GmbH (HRB 112082, Düsseldorf) is responsible for: customer relationship data (orders, payments, support inquiries), marketing communications for German-market customers, and customer service and complaint handling
- Droppe Oy (Business ID: 3130765-4, Helsinki, Finland) is responsible for: platform technology and infrastructure, analytics and platform improvement, and group-level data protection compliance
Your single point of contact: For all data protection inquiries, regardless of which entity processes your data, contact: management@droppe.com. You can exercise all your GDPR rights through this single contact point—we handle internal coordination.
About Droppe:
Droppe Oy is a Finnish company headquartered in Helsinki, Finland. The Platform is operated in Germany by our subsidiary Droppe GmbH, which serves customers in Germany, Austria, Netherlands, Belgium, and Italy under license from Droppe Oy. Droppe GmbH is your contracting party for purchases.
Our Platform is designed for individual workers, sole traders, self-employed professionals, and businesses who need workwear for their day-to-day work. Our services are not intended for individuals under 18 years old, and we do not knowingly collect data from anyone under 18, in compliance with applicable German law.
Information we collect:
Full name, email, phone number, job title, company name, Business ID, delivery and billing address (country, city, postal code), order and account information, marketing preferences and communication history, and any other data you voluntarily submit.
2. Why We Process Your Data
We process your information for providing our services (account setup, onboarding, ordering, and customer support), managing sales and onboarding for both suppliers and customers, processing payments, refunds, and invoices, conducting credit checks (via Schufa in Germany and Debtist where applicable), communicating with you including service-related messages and support responses, marketing purposes based on your preferences or consent, operating as an e-commerce accelerator across multiple sales channels (our marketplace, third-party platforms, paid advertising, social media, and AI-powered shopping), A/B testing and platform improvements, preventing fraud or misuse of the Platform, and complying with legal obligations such as tax or regulatory requirements.
Legal bases: Contract performance, legitimate interest, consent where applicable, and legal obligations.
3. Payments and Data Sharing
We support invoice payments such as net 14 days terms, credit/debit cards, and other EU payment options depending on account eligibility. We may assess creditworthiness and payment risk before extending invoice payment terms. This may include checks with third-party credit agencies such as Schufa (Germany) and, if needed, debt collection partners like Debtist.
Who we share data with:
We share personal and business data only as necessary to provide our services. All partners are contractually bound to process data under strict confidentiality and GDPR-compliant terms. We never sell your data.
Essential services (required for orders):
Brands receive your delivery address, contact information, and order details to fulfill orders. Shipping companies receive delivery address and contact information. Stripe and other payment providers process payment information securely. Crisp chat system processes customer support conversations.
Optional services (with your consent):
Google Analytics and Hotjar help us improve the website. Meta Pixel, AdRoll, and Google Ads help us show relevant ads. You can opt out of all advertising and analytics cookies through our cookie banner.
We may share browsing data with advertising partners for retargeting only if you consent via our cookie banner.
4. Data Storage and Retention
We retain personal data only as long as necessary for the purposes described in this Privacy Policy, to comply with legal obligations, or to resolve disputes.
Geographic storage:
We primarily process and store data in the European Economic Area (EEA). If data is transferred outside the EEA, we use legal safeguards such as Standard Contractual Clauses (SCCs), adequacy decisions, and supplementary measures where needed such as Technical and Infrastructure Assessments.
Retention periods by data category:
We retain different types of data for varying periods based on legal requirements and business needs:
Legal retention (7 years): Order and transaction data, payment records processed by Stripe—required by German tax law (AO §147) and financial regulations.
Account data: Active accounts retained while you use our services. Inactive accounts deleted after 5 years of inactivity, unless legal retention applies.
Analytics and marketing: Analytics data (Google Analytics, Hotjar) for 26 months. Marketing cookies and advertising data (Meta Pixel, AdRoll, Google Ads) for 18 months. Session recordings for 12 months.
Communication: Chat conversations and support history (Crisp) for 24 months from last message, or until deletion requested.
Other data: Session cookies for 30 days or until browser session ends. Marketing opt-outs retained indefinitely to ensure we do not re-contact you.
Legal basis for extended retention:
Some data must be retained longer to comply with German and EU legal requirements: accounting and tax records for 7-10 years (AO §147, HGB §257), warranty and product liability claims for minimum 2 years after delivery (BGB §438), and contract documentation for the duration of contract plus applicable warranty and statute of limitations periods.
Your deletion rights:
If you request deletion of your personal data (right to erasure under GDPR Article 17), we will delete or anonymize your data unless we have a legal obligation to retain it. In such cases, we will restrict processing to only what is legally required and will not use your data for any other purposes.
Automated deletion:
We have implemented automated systems that delete or anonymize data when retention periods expire. Third-party analytics providers automatically delete data after configured retention periods, marketing cookies expire automatically based on their set duration, inactive customer accounts are flagged for review and deletion after 5 years of inactivity, and session recordings and temporary data are automatically purged after retention periods.
5. Data Security and Your Rights
We use technical and organizational safeguards to protect data, including encryption in transit and at rest, access control and logging, and continuous monitoring. If we detect a data breach that affects your rights or freedoms, we will notify you and the relevant Data Protection Authority promptly in accordance with GDPR.
Your GDPR rights:
You may request access to your personal data, correction of inaccurate or incomplete data, erasure of data ("right to be forgotten"), restriction of processing under certain conditions, objection to processing for marketing or legitimate interest purposes, or data portability to receive a structured digital copy of your data.
6. Cookies and Tracking Technologies
We use cookies and similar technologies to remember user preferences and session states, analyze website usage and flows, improve product performance and interface, and deliver personalized marketing and advertising.
Third-party services:
We work with trusted analytics and marketing partners to improve your experience and measure website performance. With your consent, these services help us analyze how visitors use our Platform, optimize user experience, deliver relevant advertising, and measure campaign effectiveness. Services include website analytics tools, conversion tracking for advertising campaigns, multi-channel retargeting platforms, session replay tools, and customer support systems. You control which services can collect your data through our cookie consent banner.
Information collected:
These services may collect and process search terms used on the Platform, links clicked and products viewed, products added to your shopping cart, product information on orders placed, session recordings and interaction patterns, and conversion events and user journey data. This information helps us improve our service, provide you with more relevant products, deliver better offers, and optimize our marketing campaigns.
Your consent and control:
We use a cookie banner with opt-in consent for non-essential cookies (analytics and advertising), in line with GDPR and ePrivacy rules. You can manage your cookie preferences at any time via the cookie banner or your browser settings. Essential cookies (required for site functionality) do not require consent.
What are cookies? Cookies are small text files placed on your device (computer, smartphone, tablet) when you visit our Platform. They help us recognize your device, remember your preferences, and improve your experience.
Types of Cookies We Use
1. Essential Cookies (Always Active)
These cookies are necessary for the Platform to function and cannot be disabled. They enable user authentication and account access, shopping cart functionality, security and fraud prevention, payment processing, and load balancing and performance.
Legal Basis: Legitimate interest (required for service delivery)
Retention: Session cookies—deleted when you close your browser—or up to 12 months
2. Analytics Cookies (Requires Consent)
These cookies help us understand how visitors use our Platform, which pages are most popular, and where improvements are needed.
Services used:
We use analytics platforms to track page views, session duration, traffic sources, and user navigation patterns. Session replay tools record user interactions to help us improve website usability. Sensitive form fields such as payment information and passwords are automatically excluded from all recordings. You can opt out of analytics tracking by rejecting analytics cookies via our cookie banner.
Data collected:
IP address (anonymized), pages visited, time on site, device/browser type, referral source, clicks and navigation patterns
Legal Basis: Consent—opt-in via cookie banner
Retention: Up to 26 months for analytics data, up to 12 months for session recordings
3. Marketing & Advertising Cookies (Requires Consent)
These cookies track your browsing behavior to deliver personalized advertisements and measure campaign effectiveness.
Services used:
We use conversion tracking and retargeting tools to measure advertising campaign effectiveness and show you relevant ads across social media platforms, display networks, and search engines.
Data collected:
Products viewed, items added to cart, purchases completed, pages visited, conversion events, user behavior patterns
How advertising works:
When you visit our Platform, these cookies may share your browsing activity with advertising networks. This allows us to show you relevant ads when you browse other websites, social media platforms, or use search engines. You may see ads for products you recently viewed or similar items.
Legal Basis: Consent—opt-in via cookie banner
Retention: Up to 18 months depending on the service
Third-party data sharing: Marketing cookies share data with third-party advertising platforms. These platforms process data according to their own privacy policies.
4. Functional Cookies (Requires Consent)
These cookies remember your choices and preferences to provide enhanced features.
Services used:
Customer support chat systems, language and currency preferences, and user interface customization settings.
Data collected:
Language selection, currency preference, chat conversation history, UI settings
Legal Basis: Consent—opt-in via cookie banner
Retention: Up to 12 months
Managing your cookie preferences:
Cookie banner:
When you first visit our Platform, you'll see a cookie banner allowing you to accept or reject non-essential cookies including analytics, marketing, and functional cookies. Essential cookies are always active.
Update preferences:
You can change your cookie preferences at any time by clicking the cookie settings link in our website footer, clearing your browser cookies (note that this may require you to log in again and will reset your preferences), or using our privacy preference center available in the cookie banner.
Browser settings:
Most web browsers allow you to control cookies through their settings. You can typically view, delete, or block cookies. Note that blocking all cookies may affect site functionality. Consult your browser's help menu for specific instructions.
Opt-out of personalized advertising:
You can opt out of personalized advertising through:
- Our cookie banner to Reject or customize marketing cookies when you visit our site
- Your browser settings via privacy settings
- Third-party advertising platforms such as Google, Meta/Facebook, and AdRoll that offer their own ad preference centers where you can manage personalization
For questions about cookies or this Privacy Policy, please contact us or message us via chat. See also contact information in the Legal Notice below.
We may revise this Privacy Policy occasionally. If material changes occur, we will notify you via the Platform or by email. The updated version will always be available at droppe.com. This Privacy Policy complies with the General Data Protection Regulation (EU 2016/679) and applicable German law.
---