Privacy Policy

Last updated: June 11, 2026

This Privacy Policy explains how Sloom (“we”, “us”, “our”) collects, uses, and protects your personal data when you visit our website or place an order. We process personal data in accordance with the EU General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”) and applicable national data protection laws.

1. Data Controller

Sloom is the data controller responsible for your personal data. For any privacy-related questions, requests, or to exercise your rights, you can contact us at the address provided on our contact page.

2. Information We Collect

We collect information you provide directly to us, such as when you create an account, place an order, subscribe to our newsletter, or contact us for support. This includes:

  • Identity data: name, email address, password
  • Contact data: billing and shipping address, phone number
  • Transaction data: order history, products purchased
  • Payment data (processed securely by our payment provider; we do not store full card details)
  • Technical data: IP address, browser type, device information, cookies
  • Marketing data: preferences and consent for communications

3. How We Use Your Information and Legal Basis

Under the GDPR, we only process personal data when we have a lawful basis to do so:

  • Performance of a contract (Art. 6(1)(b) GDPR): processing and fulfilling your orders, managing your account, providing customer support
  • Legal obligation (Art. 6(1)(c) GDPR): keeping invoicing and accounting records, complying with consumer protection law
  • Legitimate interests (Art. 6(1)(f) GDPR): preventing fraud, securing our website, improving our products and services
  • Consent (Art. 6(1)(a) GDPR): sending marketing communications, using non-essential cookies and analytics. You can withdraw your consent at any time

4. Use of Artificial Intelligence

In line with the EU Artificial Intelligence Act (Regulation (EU) 2024/1689), we inform you that some images displayed on our website — including certain product visuals, lifestyle scenes, and illustrative content — may be created, enhanced, or modified using generative artificial intelligence tools. Such images are intended for illustrative purposes and may not exactly reflect the physical product you receive. We do not use AI to make automated decisions that produce legal or similarly significant effects on you, and we do not use your personal data to train third-party AI models.

5. Information Sharing

We do not sell or rent your personal data. We share it only with trusted recipients who help us operate our business, including:

  • Payment service providers (to process payments securely)
  • Shipping and logistics partners (to deliver your orders)
  • Hosting, IT, and analytics providers (acting as data processors on our instructions)
  • Marketing and email service providers (where you have consented)
  • Public authorities, where required by law

6. International Data Transfers

Whenever your personal data is transferred outside the European Economic Area (EEA), we ensure an adequate level of protection through appropriate safeguards such as European Commission adequacy decisions or Standard Contractual Clauses (SCCs), in accordance with Articles 44 to 49 GDPR.

7. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described in this policy. Order and invoicing data are kept for the period required by tax and commercial law (typically up to 10 years). Account data is kept while your account remains active and for a reasonable period thereafter. Marketing data is retained until you withdraw your consent.

8. Cookies

We use cookies and similar technologies to operate our website, remember your preferences, measure audience, and personalise content. Strictly necessary cookies are required to deliver the service you requested. Analytics and marketing cookies are only set with your prior consent, which you can give, refuse, or withdraw at any time through our cookie banner or your browser settings.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction, including encryption in transit, access controls, and regular security reviews. No method of transmission over the internet is, however, 100% secure.

10. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access (Art. 15) — obtain a copy of the data we hold about you
  • Right to rectification (Art. 16) — correct inaccurate or incomplete data
  • Right to erasure / “right to be forgotten” (Art. 17)
  • Right to restriction of processing (Art. 18)
  • Right to data portability (Art. 20)
  • Right to object to processing based on legitimate interests or for direct marketing (Art. 21)
  • Right to withdraw consent at any time, without affecting prior lawful processing
  • Right to lodge a complaint with a supervisory authority or the authority of your habitual residence

To exercise these rights, please contact us. We will respond within one month, in accordance with Article 12 GDPR.

11. Children’s Privacy

Our website is not directed at children under the age of 16, and we do not knowingly collect personal data from them. If you believe a child has provided us with personal data, please contact us so we can delete it.

12. Changes to this Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top reflects the most recent version. Material changes will be communicated through our website or by email where appropriate.