Limassol

Articles
Gift certificates
Become a seller
Vendors

Compare Favorites

Catalog Catalog

Profile

Orders
Comparison list
Return requests
Wish list

Track my order(s)

E-mail

Password

Remember me

Forgot your password?

Cart

FASHION

Men's Clothing

Women's Clothing

Boys

Girls

Infants & Toddlers

Shoes

Bags

Accessories

HEALTH & WELLNESS

Personal Care

Hair Care

Skin Care

PETS

HOME & KITCHEN

Water Filtration & Treatment

Reverse Osmosis Systems

Ultrafiltration & Water Softeners

Water Filtration Components

UV & Traditional Water Systems

Water Dispensers

TOYS

Boys

Girls

Privacy Policy

Effective Date: 01/01/2025 Last Updated: 24/03/2025

DPAC Products & Services Ltd., operating as SHOP IT BOX IT (“we”, “us” or “our”), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and safeguard your personal data when you use the SHOP IT BOX IT online marketplace (the “Platform”). It also outlines your rights regarding your personal data. By using our Platform, you agree to the collection and use of information in accordance with this Privacy Policy.

1. Company Details

Data Controller: DPAC Products & Services Ltd. (trading as SHOP IT BOX IT) Registered Address: Souliou, 3016, Limassol, Cyprus Contact Email: info@shopitboxit.com Contact Phone: +357 25 254994

If you have any questions about this Privacy Policy or how we handle your data, please contact us using the details above.

2. Personal Data We Collect

We only collect personal data that is necessary to provide our services and operate the marketplace. This includes:

Identification and Contact Information: Name, email address, phone number, and in some cases, identification details (such as an ID number) for verification purposes.
Business Information (for Vendors): Company name, company registration number, VAT number, or other business identification details if you register as a vendor.
Account Credentials: Username and password (which are stored in an encrypted form) for your account security.
Payment Information: Payment details necessary to process transactions or payouts. Note: All payment processing is handled through our third-party payment processor, Stripe. We do not store your full credit/debit card numbers on our servers. Vendors will be required to provide banking or payout information to Stripe; this information is synced with Stripe and handled under Stripe’s security and privacy practices.
Communications: Records of our communications with you, such as emails or messages sent to customer support or via the vendor dashboard.
Usage Data: Basic technical information automatically collected when you use our site, such as IP address, browser type, and browsing activity on the Platform. We may use cookies or similar technologies to collect this usage data (e.g., to remember your preferences and enhance your user experience). You can manage cookie preferences through your browser settings.

How We Use Your Personal Data

We use the collected data for the following purposes:

Providing and Managing the Service: To register and maintain your account, enable you to buy or sell products, process orders and payments, and facilitate deliveries. For example, we use your name and address to deliver products you purchase, and vendors’ business information to set up their seller profiles and process payouts.
Payment Processing: To securely process payments for purchases and vendor payouts via Stripe. (Your payment information is transmitted to Stripe for processing; we only receive confirmation of payment and necessary details to complete the transaction.)
Verification and Security: To verify the identities of vendors and customers as needed (for instance, we might request ID or company documents for vendor registration) and to maintain the security of the Platform.
Communication: To communicate with you about your account, transactions, or customer service inquiries. We will send service-related emails (e.g. order confirmations, shipping updates, or password resets). We may also send newsletters or promotional emails only if you have opted in to receive them. Vendors may receive communications regarding their shop performance or opportunities on the Platform.
Marketing (with Consent): If you are a vendor, you may choose to consent to us using your name, store name, or other business data for marketing and promotional purposes. With your consent, we may feature your products or store in our marketing campaigns (such as on our website homepage, social media, or emails to customers). You can opt-in or opt-out of such marketing at any time through your vendor account settings or by contacting us.
Legal Compliance: To comply with our legal obligations, such as maintaining proper business records, verifying VAT numbers for tax purposes, preventing fraud, and responding to lawful requests by public authorities.

Account Deletion: You may request deletion of your account and personal data at any time. If you no longer wish to use SHOP IT BOX IT, please contact us at info@shopitboxit.com with your request. Upon verification of your identity, we will delete or anonymize your personal data, except for information we are required to keep for legal or regulatory obligations (for example, records of transactions for tax or accounting purposes).

3. Data Sharing and Disclosure

We treat your personal data with care and confidentiality. We do not sell or rent your personal information to third parties. However, we may share your data in the following situations:

With Service Providers: We share necessary information with third-party service providers who help us operate the Platform and provide our services. This includes Stripe (for payment processing) and may include courier/shipping companies (for delivering orders), email service providers, and IT support. For example, when you make a purchase or receive a payout, required payment and identity information will be shared with Stripe to process the transaction. These service providers are contractually obligated to protect your data and use it only for the services requested.
With Marketing Partners (with Consent): If you are a vendor who has given consent, we may share certain business information (such as your store name, product listings, or contact information) with marketing partners or contractors for the purpose of promoting your products or the Platform. This will only be done with your explicit permission, and you can withdraw your consent at any time.
Legal Requirements: We may disclose your personal information if required to do so by law or in response to valid requests by public authorities (for example, to comply with a court order, law enforcement investigation, or regulatory requirement). We may also disclose information if we believe in good faith that it is necessary to: (a) fulfill our legal obligations; (b) enforce our Terms & Conditions or other agreements; (c) protect the rights, property, or safety of DPAC Products & Services Ltd., our users, or the public.
Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our business, user information (including personal data) may be transferred to the new owner as part of the business assets. In such cases, we will ensure the confidentiality of any personal data and give affected users notice before their data is transferred or becomes subject to a different privacy policy.

When we share data with third parties, we only share the minimum information necessary and ensure, through agreements, that your data is handled with an adequate level of protection consistent with this Privacy Policy.

4. Data Retention

We retain personal data for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. In general:

Account Information: We keep your account information (like your profile details, order history, and vendor shop data) for as long as your account remains active. If you request account deletion, we will remove or anonymize your personal data within a reasonable timeframe, except where retention is required by law (for example, retention of transaction records for tax and accounting compliance).
Transaction Data: Information on purchases, sales, and payments may be retained for a minimum period as required under Cyprus law (such as financial record-keeping regulations) and for our legitimate business interests (such as handling disputes or audits).
Marketing Data: If you have consented to marketing communications, we retain your contact information for as long as you remain subscribed. If you unsubscribe or opt-out, we will stop sending you marketing emails and may keep your contact details on a suppression list to ensure we honor your opt-out.
Backup and Archives: Copies of your data may remain in backup storage or archives for a short period even after deletion, but we have processes to eventually delete or destroy such data in accordance with our backup internal retention policies.

We do not have a fixed retention period for all personal data by default; instead, we regularly review the data we hold and securely delete or anonymize information that is no longer needed. If you have specific questions about data retention for certain types of information, you can contact us at any time.

5. Security Measures

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include, but are not limited to:

Encryption: We use Secure Socket Layer (SSL) technology to encrypt data transmission on sensitive pages (such as during login and payment processing). This helps protect your payment details and other personal information when transmitted over the internet.
Access Controls: Personal data stored in our systems (or on our service providers’ systems) is accessible only by authorized personnel who require access to perform their job duties. DPAC Products & Services Ltd. employees and contractors with such access are subject to strict confidentiality obligations.
Secure Data Storage: We store data on secure servers. We rely on reputable third-party hosting and cloud services that employ industry-standard security protocols and firewalls.
Payment Security: All payment transactions are processed by Stripe, which is a PCI-DSS compliant payment processor. Stripe uses its own robust security measures to handle your payment information. We do not store full credit card numbers or sensitive payment details on our servers.
Monitoring and Testing: We regularly monitor our systems for potential vulnerabilities and attacks, and we update our security practices in line with technological advancements. In the event of any data breach that affects your personal data, we will notify you and the relevant authorities as required by law.

Please note that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee its absolute security. You also play a role in keeping your information safe by maintaining the confidentiality of your account password and notifying us immediately of any unauthorized use of your account.

6. Your Rights

As a user of our Platform and as a data subject, especially if you are located in the European Union (under the General Data Protection Regulation - GDPR), you have certain rights regarding your personal data. We are committed to facilitating the exercise of these rights:

Right of Access: You have the right to request information about the personal data we hold about you and to obtain a copy of that data. We will provide you with relevant information, such as the categories of data we have, the purposes of processing, and the recipients with whom the data has been shared.
Right of Rectification: If any of your personal information is inaccurate or incomplete, you have the right to ask us to correct or update it. You can also update certain information directly by logging into your account settings.
Right to Erasure: You have the right to request the deletion of your personal data (“right to be forgotten”). Upon your request, we will delete your information unless we are legally required to retain it. (For example, we might need to keep certain transaction records for financial reporting.) Account deletion (as noted above) is available upon request.
Right to Withdraw Consent: If we are processing your personal data based on your consent (for example, for marketing emails or featuring your store in promotions), you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of processing done prior to withdrawal.
Right to Object and Restrict Processing: You may object to the processing of your personal data or ask us to restrict processing under certain circumstances – for instance, you can object to use of your data for direct marketing, or request a pause on processing if you contest the accuracy of your data.
Right to Data Portability: Where applicable, you have the right to request a copy of certain personal data in a structured, commonly used, and machine-readable format, and to have that information transmitted to another service provider (this generally applies to data you provided to us directly and that we process by automated means based on your consent or a contract).

To exercise any of these rights, please contact us at info@shopitboxit.com. We may need to verify your identity before fulfilling your request for security purposes. We will respond to legitimate requests within the time frame required by law (generally within one month under GDPR, extendable by an additional two months for complex requests).

Complaints: If you believe your data protection rights have been violated, you have the right to lodge a complaint with the supervisory data protection authority in your country. For Cyprus, this is the Office of the Commissioner for Personal Data Protection. We would, however, appreciate the chance to address your concerns directly before you contact the authorities, so we encourage you to reach out to us first with any complaint or issue.

7. Changes to This Privacy Policy

We may update or modify this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. When we make changes, we will post the updated policy on our website with a new effective date. If the changes are significant, we will notify you of the updates via email or through your account dashboard (for example, via a notification in the vendor dashboard). We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

Your continued use of the Platform after any modifications to the Privacy Policy will constitute your acknowledgment of the changes and your consent to abide by the updated policy. If you do not agree with the changes, you should discontinue use of the Platform and may request the deletion of your data as outlined above.

8. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal data, please contact us at:

DPAC Products & Services Ltd. (SHOP IT BOX IT) Email: info@shopitboxit.com Phone: (+357) 25 254994 Mailing Address: Souliou, 3016, Limassol, Cyprus

We will be happy to assist you and address any issues to the best of our ability.

Subscribe to the newsletter

Subscribe to our news and get a 10% discount coupon!

Buyer's Account

Sign in
Create account
Orders
Wish list
Comparison list

Shop

About us
Blog
Reviews
Reward points
Gift certificates
Sitemap

Making an order

Delivery and payment
Returns

Contacts

SHOP IT BOX IT

Limassol Souliou, Ayios Ioannis

+357 25 25 4994 info@shopitboxit.com