Privacy Policy

Last updated: May 2026

At CillMarillion, we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal information when you visit cillmarillion.com or make a purchase with us.

1. Who We Are

CillMarillion is an online boutique specialising in authenticated pre-owned luxury designer shoes, based in Sweden. We ship worldwide.

Contact: info@cillmarillion.com

2. Information We Collect

Information you provide to us:

  • Account information – name, email address, password
  • Order information – billing address, shipping address, phone number
  • Payment information – processed securely by Stripe; we never store card details
  • Communications – emails or messages you send to us

Information collected automatically:

  • Usage data – pages visited, time on site, referring URLs
  • Device data – browser type, operating system, IP address
  • Cookies – see our Cookie Policy for details

3. How We Use Your Information

  • To process and fulfil your orders
  • To send order confirmations and shipping updates
  • To respond to your enquiries and provide customer support
  • To improve our website and product offerings
  • To send marketing emails (only with your consent — you can unsubscribe at any time)
  • To comply with legal obligations

4. Legal Basis for Processing (GDPR)

We process your personal data on the following legal grounds:

  • Contract – processing is necessary to fulfil your order
  • Legitimate interests – improving our services and preventing fraud
  • Consent – for marketing communications
  • Legal obligation – where required by law

5. Sharing Your Information

We do not sell your personal data. We may share it with trusted third parties only as necessary:

  • Stripe – secure payment processing (Stripe Privacy Policy)
  • Shipping carriers – to deliver your order (name and address shared)
  • Google Analytics – anonymised website analytics (Google Privacy Policy)
  • Legal authorities – if required by law or to protect our rights

6. International Transfers

As we ship worldwide, your data may be transferred to and processed in countries outside the European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place in accordance with GDPR requirements.

7. How Long We Keep Your Data

  • Order data – retained for 7 years to comply with tax and accounting obligations
  • Account data – retained as long as your account is active
  • Marketing consent – until you unsubscribe
  • Analytics data – anonymised after 26 months

8. Your Rights

Under GDPR (and UK GDPR), you have the following rights:

  • Right of access – request a copy of your personal data
  • Right to rectification – correct inaccurate data
  • Right to erasure – request deletion of your data (“right to be forgotten”)
  • Right to restrict processing – limit how we use your data
  • Right to data portability – receive your data in a portable format
  • Right to object – object to processing based on legitimate interests or for direct marketing
  • Right to withdraw consent – at any time, for consent-based processing

To exercise any of these rights, please contact us at info@cillmarillion.com. We will respond within 30 days.

9. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse. All payment transactions are encrypted via SSL and processed by Stripe.

10. Cookies

For detailed information about the cookies we use, please see our Cookie Policy.

11. Children’s Privacy

Our website is not directed at children under the age of 16. We do not knowingly collect personal data from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be published on this page with an updated date. We encourage you to review this policy periodically.

13. Contact & Complaints

If you have any questions or concerns about this Privacy Policy, please contact us:

Email: info@cillmarillion.com

If you are unhappy with how we handle your data, you have the right to lodge a complaint with your local data protection authority. In Sweden, this is the Integritetsskyddsmyndigheten (IMY). In the UK, this is the Information Commissioner’s Office (ICO).