Privacy policy

Privacy Policy

1. Introduction

This Privacy Policy explains how ROHO Apparel (“ROHO”, “we”, “us”, “our”) collects, uses, and protects personal data when you visit our website or interact with us in a business context.

We process personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable Danish data protection law.

2. Data Controller

ROHO Apparel
[Legal entity name]
[Registered address]
Denmark

Email: [contact@roho-apparel.com]

ROHO is the data controller responsible for the processing of personal data described in this policy.

3. Scope

This Privacy Policy applies to:
• visitors to our website
• business contacts, including wholesale partners, agencies, suppliers, and service providers
• individuals contacting us via forms, email, or other direct communication

ROHO does not intentionally collect personal data from children.

4. Categories of Personal Data

We may collect and process the following categories of personal data:

• name
• company name and job title
• business email address
• business phone number
• country or region
• enquiry content and correspondence
• order, quotation, or sample request details
• technical data such as IP address, browser type, device information, and access logs

We do not collect sensitive personal data (special categories under GDPR).

5. Purposes of Processing

Personal data is processed for the following purposes:

• responding to enquiries and communications
• providing quotations, samples, or product information
• managing business relationships and contracts
• fulfilling legal and accounting obligations
• improving website functionality and security

We do not use personal data for automated decision-making or profiling.

6. Legal Basis for Processing

We process personal data on one or more of the following legal bases under Article 6 GDPR:

• performance of a contract or pre-contractual steps
• legitimate business interests (e.g. communication, relationship management, website security)
• consent, where explicitly obtained
• compliance with legal obligations

Where processing is based on consent, consent may be withdrawn at any time.

7. Data Retention

Personal data is retained only for as long as necessary to fulfil the purposes for which it was collected or to comply with legal obligations.

Business correspondence and enquiry data may be retained for a reasonable period for commercial reference and audit purposes.

8. Data Sharing and Processors

Personal data may be shared with trusted third-party service providers where necessary, including:

• website hosting providers
• IT and security providers
• email and communication services
• logistics or fulfilment partners

All processors act under written data processing agreements and process data only on our instructions.

We do not sell personal data.

9. International Data Transfers

Personal data is processed primarily within the EU/EEA.

Where data is transferred outside the EU/EEA, appropriate safeguards are in place, such as EU Standard Contractual Clauses or equivalent mechanisms.

10. Data Security

We implement appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access.

Access to personal data is limited to authorised personnel only.

11. Your Rights

Under GDPR, you have the right to:

• access your personal data
• request correction of inaccurate data
• request deletion, where applicable
• restrict or object to processing
• data portability
• withdraw consent at any time

Requests can be made by contacting us using the details above.

You also have the right to lodge a complaint with the Danish Data Protection Agency (Datatilsynet).