Privacy

EU Privacy Notice

This notice explains how DAYSTAND processes personal data for EU visitors and customers under the GDPR.

Effective date
2026-04-28
Last updated
2026-04-28

1. Controller

DAYSTAND is a Korea-based daily wear online store. For GDPR purposes, DAYSTAND acts as the controller for personal data processed through this website and guest checkout.

  • Operator: 데이스탠드(DAYSTAND)
  • Representatives: 서이헌, 정현성
  • Mail-order business report number: 제2026-경남진주-0085호
  • Address: 경상남도 진주시 신안들말길10번길 8(신안동) 2층
  • Contact: contact@daystandstudio.com / 010-6494-9490
  • EU representative: DAYSTAND should review and appoint an EU representative before actively targeting EU consumers where Article 27 GDPR applies. Until then, contact the controller directly.
  • Data Protection Officer: not formally appointed because the current processing profile does not require one; privacy inquiries are handled by DAYSTAND customer support.

2. Personal data we process

  • Buyer details: name, email address, phone number
  • Delivery details: recipient name, phone number, postal code, address, detailed address, delivery note
  • Order and payment details: order number, products, options, quantity, price, payment method, payment status, receipt URL, payment provider identifiers
  • Service data: cart cookies, checkout draft token cookies, order lookup token cookies
  • Technical data: IP address, access time, browser and device information, security logs, cookies

3. Purposes and legal bases

  • Contract performance: to prepare orders, open the payment window, verify payment, deliver products, and provide order confirmation.
  • Legal obligation: to keep e-commerce, payment, tax, accounting, consumer dispute, and security records required by applicable law.
  • Legitimate interests: to protect the website, prevent fraud, troubleshoot service errors, answer customer inquiries, and maintain business records.
  • Consent: to use non-essential analytics or marketing technologies if they are enabled in the future.

4. Retention

We keep personal data only for as long as needed for the purpose collected, unless a longer legal retention period applies.

  • Order, payment, delivery, withdrawal, and dispute records: generally up to 5 years under Korean e-commerce and financial record rules.
  • Consumer complaint and dispute records: generally up to 3 years.
  • Checkout draft cookie: up to 24 hours.
  • Cart cookie: up to 30 days unless the user clears it earlier.
  • Security logs: kept only as long as needed for security, audit, and abuse prevention.

5. Recipients and processors

  • NicePay: payment authentication, approval, transaction inquiry, receipt processing.
  • Delivery carriers: recipient and address details needed to deliver purchased products after a carrier is selected.
  • Cloudflare: hosting, CDN, security, Workers runtime, and log processing.
  • Turso/libSQL: database hosting for storefront, order, product, and payment-status records.
  • Cloudflare R2: product image storage and delivery.
  • Instagram/Meta API: display of public operating content. Meta Pixel or Conversions API will be used only after appropriate notice and consent controls are in place.
  • Google Analytics 4: not loaded in the current deployed code; if enabled, analytics processing will follow consent requirements.

6. International transfers

DAYSTAND is established in Korea. Data may be processed in Korea and in countries where our infrastructure and processors operate. Where GDPR transfer rules apply, DAYSTAND will rely on appropriate safeguards such as adequacy decisions, standard contractual clauses, processor terms, and supplementary measures as required.

7. Your GDPR rights

Subject to legal conditions, EU data subjects may exercise the following rights by contacting DAYSTAND at the email address above.

  • Access to personal data
  • Rectification of inaccurate data
  • Erasure of data
  • Restriction of processing
  • Data portability
  • Objection to processing based on legitimate interests
  • Withdrawal of consent at any time where processing is based on consent
  • Rights related to automated decision-making under Article 22 GDPR
  • Complaint to a competent EU supervisory authority

8. Cookies

DAYSTAND currently uses necessary cookies for cart, checkout, and order lookup. Non-essential analytics or marketing cookies will not be enabled for EU users unless appropriate opt-in consent controls are implemented.

9. Children

DAYSTAND does not knowingly offer checkout or account services to children under 16. If we learn that we processed a child’s personal data without the required authorization, we will delete or restrict it as required.

10. Automated decisions

DAYSTAND does not currently make decisions based solely on automated processing that produce legal or similarly significant effects for users.

11. Security and breach handling

DAYSTAND uses access controls, secret management, server-side payment verification, and limited logging to protect personal data. Where GDPR breach notification rules apply, DAYSTAND will assess incidents and notify the competent authority and affected users when required.

Official references