Privacy Policy

Version: March 10, 2020

You may contact us for previous versions of the Privacy Policy.

In a nutshell:

  • E-commerce retailers worldwide trust Donde with improving their shopping experience online. It’s our privilege and duty to protect our customers’ data and yours.
  • Donde technology is integrated in retailers’ websites and apps, and provides visual navigation and intuitive search based on products’ visual features. While we aim to minimize the personal information we process on behalf of our retailer customers, personally identifiable information might be processed by Donde. Donde processes such information according to its retailer customers’ directions and does not use any such personal data for its own purposes.
  • If you’ve used Donde technology on a retailer’s website or app, and have any question regarding your personal data processed by Donde - please approach the retailer, who can assist you with any question and right you might have with respect to such data.
  • Like most businesses, we also collect and process personal information of our website visitors, business contacts, and customers.
  • We respect your rights regarding your personal information.
  • Have a question and can't find an answer? Contact us, we're here to help:

Now in more detail:

1. Introduction and Definitions

We are Donde Fashion Inc. - simply referenced here as “Donde”. You can find our contact details below.

Donde is transforming the online shopping experience. Donde’s cloud Platform is used by e-commerce companies and global retailers - our Customers - to provide their End-Users visual navigation and intuitive search based on the product visual features.

Our Customers decide the purposes for which they use Donde, as well as the means for collecting data. Our Customers control the data processed on their behalf on Donde and they are responsible under our mutual agreements, for handling any data rights and data requests of their End-Users as Data Controllers.

To make things clear with an example: if you’ve shopped online on and used Donde technology on that website, then you are an End-User, Revolve is our Customer and has full control over your personal data, and we process your personal data on R’s behalf and according to its instructions. If you’re an End-User and have any issue regarding your personal information, please contact the retailer you shopped with first!

In addition, we also operate several Websites - such as and - and collect personal data of Visitors. Some Visitors and other people who communicate with us, become our business Contacts or Customers. We collect and process various personal information regarding our Visitors, Contacts, and Customers, and we are the Data Controllers for such personal data.

If you are a Visitor, Contact or Customer of ours and have any issue regarding your personal information that we control, please contact us (details below).

2. How Do We Collect Personal Data?

If you’re a Contact or Customer of ours, there might be several ways in which we receive your personal data:

  1. When you share it with us directly, through your communication with us on the Websites’ contact forms, by email, phone, or facsimile, in conferences, meetings, or via any other communication channel.
  2. When other Customers, Contacts, business partners, or third parties, share your information with us, based on their interaction with you, their purposes, their legal bases, and their privacy policy. In such cases, we take responsibility for controlling only the personal data that we have received.
  3. We might augment the personal data we have about you with information you provided us directly, information others have provided us about you, and data we’ve collected about you from your use of our Websites (see below).

If you’re a retailer’s End-User, we probably DO NOT have your personal information, but we might have certain personally identifiable information about you that, together with other information sources that are not in our possession and are difficult to attain, might identify you. Donde makes no attempt whatsoever to personally identify End-Users. There are two ways in which we receive such data about you:

  1. Our Customer provides us with your personal data.
  2. You provide us personal data directly through your use of Donde search technology or your interaction with Donde-powered interactions on the retailer’s website or app.

If you’re a Visitor to our Websites, we might receive some personal data through your device, operating system, and browser, and various hosting, tracking, analytics and advertising technologies used on our Websites, such as cookies (see below), Amazon Web Services, Content Management Systems by Webflow and others, Analytics and Advertising technologies by Google, Facebook, LinkedIn, and others, HR services by Comeet, Customer support services, and other technologies. Our Websites do not currently respond to “Do Not Track” signals sent by your browser or device.

3. What Personal Data Do We Process?

If you’re a Contact or Customer of ours, we may collect and process these types/categories of personal data about you:

  • Identification and Account information, such as full name, identification number, gender, profile photo, username and password.
  • Contact details, such as country/time zone, work and home addresses, phone numbers, and email address.
  • Social networking information you’ve shared with us
  • Work-related information, such as company, division, department, role, and title information
  • Payment information, such as bank account number, or other billing information
  • Any personal data contained in any photos, media, and other files sent to us
  • Any other personal data you provide us on any communication channel, such as email correspondence, customer support, and product feedback.

On the Donde Platform, various types of personally identifiable information might be collected. Our Customers decide what data to collect, by what means, and what data to send Donde in order to improve the End-User shopping experience.

These are the types/categories of personally identifiable information and other personal data about End-Users that we may process on Customers’ behalf:

  • Identification numbers, such as the retailer’s ID for the End-User and the End-User’s Google Advertising ID (we DO NOT process End-Users’ names or contact details)
  • Shopping interests, as reflected in the search queries on the Customer’s website (e.g. “red dress” or “golden high heel shoes”)
  • Style preferences, as reflected in the search queries (above) or visual navigation, such as interest in, or affinity for, colors, shapes, textures, clothes, etc.
  • Shopping history, provided to us by the Customer or by your interaction with Donde technology, such as items viewed, items added to the shopping cart, or items purchased (we DO NOT process any payment or billing data).
  • Any other personal data our Customers share with Donde.

We also collect and process these types/categories of non-identifiable personal data about anyone using our Websites and Donde experiences on Customers’ websites and apps:

  • Usage, logs, analytics, and other device and technical data collected when you use our Websites or Donde, including device information and identification numbers, operating system information, IP address, browser and session information, browsing history and referrals, cookies information, web beacons, advertising identification numbers, language information, connectivity information, configuration information, metadata of files, and usage information (such as screen views, clicks, and usage time).

4. What About Personal Data of Children?

Donde is a technology platform for retailers and is not intended for children. We do not knowingly collect or process information about children. Donde makes no attempt whatsoever to personally identify End-Users using Donde technology.

Please contact us (contact details below) if you have any concern with respect to Children’s personal data on the Donde Platform.

5. What About Cookies?

A cookie is a small data file that your browser saves on your computer or mobile device. We use cookies to collect information and provide our services. We may use cookies to enable certain features, understand how you interact with us, monitor your usage of our Websites, products and services, and personalize your experience and advertising displayed to you. You can set your browser to prevent the use of cookies. If you don’t accept cookies, our Websites and Donde technology might not function properly.

6. What Are The Purposes for Processing Personal Data? How Is Your Personal Data Used?

Donde Platform:

The purposes for the processing of personal data on the Donde Platform are determined by our Customers, the e-commerce retailers. Each Customer might use Donde for different purposes. Such purposes might include improving the online shopping experience; generating sales; shortening time to purchase; personalizing content, offers, communications and advertising; gathering customer preferences; reducing operational overhead; and more.

If you’re an End-User, we collect and use your personal data to provide our services to our Customers, according to their instructions and settings, so they can achieve their respective purposes. We do not sell personal information of our Customers’ End-Users to third parties.

Our purpose in processing aggregated, non-identifiable data on Donde is to provide our services to the Customers according to our agreements with them and applicable law. We also use of the data collected on Donde to ensure our products and services are working as intended; to analyze, measure and understand how our services are used; to improve our products and services; to develop new features, products, and services; to protect our company, staff, and Customers; and to comply with any applicable law and assist law enforcement agencies under any applicable law.

We may use anonymous, statistical or aggregated information collected on the Platform, in a form that does not enable the identification of a specific user, by posting, disseminating, transmitting or otherwise communicating or making available such information to customers, vendors, partners and any other third party. For example, affinity for a certain color or type of fabric by many End Users in a certain geography might help a retailer Customer of ours to tailor its homepage to customer demand.

We also process usage and analytics information, as well as some statistical and aggregate data derived from personal data, for the improvement and further development of Donde technology or for research purposes.

Websites, Customers, Contacts and Visitors:

If you’re a Customer, Contact, or Visitor on our Websites, we may process your personal data for our own business purposes, including:

  1. Delivering our products and services, improving them, and developing new features, products, and services
  2. Providing information about our company, products, and services
  3. Providing customer support, billing and invoicing
  4. Contacting you via any communication channel, including email, phone, SMS, and other messaging platforms
  5. Analyzing and optimizing Websites and Donde Platform traffic and usage
  6. Protecting our company, staff, Customers, and systems
  7. Online advertising in all forms and channels, including targeting you and others who share similar characteristics as you (lookalikes) online on search engines, websites, apps, messaging platforms, social networking platforms, and offline
  8. Direct Marketing in all forms and channels, including email, SMS, messaging, postal service, and more; you can always opt-out from Direct Marketing by unsubscribing yourself through links on any communication or by contacting us and notifying us accordingly.

7. What Is The Legal Basis For The Processing of Data?

Donde Platform:

As Data Controllers, our Customers usually process personal data on Donde (and we process such data as data processor on behalf of our Customers and according to their instructions) based on any or some of the following legal bases:

  1. Processing is necessary for the performance of a contract to which the data subject is party (for example, delivering a purchased item) or in order to take steps at the request of the data subject prior to entering into a contract;
  2. Processing is necessary for the purposes of the legitimate interests pursued by our Customer or by a third party, for example: conducting their business as online retailers; providing their products and services; etc.
  3. The data subject (End-User) has given consent (for example, upon registration to the retailer’s website) to the processing of his or her personal data for specific purposes communicated by the Customer in its respective Privacy Policy.

As Data Processors, we process personal data on Donde based on the following legal bases:

  1. Processing is necessary for the performance of our contracts with our Customers or our partners;
  2. Processing is necessary for compliance with a legal obligation to which we are subject as data processors, for example data protection and privacy regulation;
  3. Processing is necessary for the purposes of the legitimate interests pursued by us, such as the conduct of our business and the purposes for which we process personal data as detailed in this Privacy Policy;
  4. The data subject (End-User) has given us consent, through the Customer website or otherwise, to the processing of his or her personal data for the specific purposes communicated in this policy.

Websites, Customers, Contacts, and Visitors:

As Data Controllers for our Customers, Contacts and Visitors’ personal data, we process personal data based on any or some of the following legal bases:

  1. The data subject has given us consent to the processing of his or her personal data for specific purposes communicated in this policy;
  2. Processing is necessary for the performance of a contract to which the data subject is party - for example, an agreement with us or the Terms of Service of the Websites - or in order to take steps at the request of the data subject prior to entering into a contract;
  3. Processing is necessary in order to protect the vital interests of the data subject or of another natural person, for example protecting our Customers’ management and our staff; or for the establishment, exercise, or defence of legal claims;
  4. Processing is necessary for compliance with a legal obligation to which we are subject, for example the need to maintain billing records for transactions;
  5. Processing is necessary for the purposes of the legitimate interests pursued by us, or our Customers, for example the conduct of our business, the development and delivery of our products and services, and the promotion and sales of such products and services.

8. Who Is Your Information Shared With?

Donde Platform:

For the delivery of our services, we share all End-User and Platform data on Donde with the Customer who is the Data Controller with respect to such data. This means that the retailer you shop with has access and control over all the information we collect about you. Our Customers may select to share the information with others, as stated in their respective Privacy Policies.

Customers, Contacts, and Visitors:

We process your details on our servers and computers, cloud hosting services (such as Google and Amazon), support systems and services (such as Slack), billing systems (such as Intuit QuickBooks), SMS gateways, Email and SMS communication services, and backup systems. We may share some of your details with our staff, subsidiaries, affiliates, contractors, consultants, resellers, and other third-party business partners for research and analysis, cooperation opportunities, joint promotions, sales, and events.


We may share data with our staff, subsidiaries, affiliates, and contractors for the provision of our services and our operations.

We use additional processors around the world for various processing activities needed for the performance of our Websites, Donde technology, our products and services, our operations, and our business, and share information with such processors on a need basis. Such processors include hosting and backup providers (such as Amazon and Google), analytics providers (such as Google and Fastly), website technology (such as AWS and Webflow), advertising technology (such as Google, Facebook, LinkedIn), telecommunication services, security technology, Business Intelligence (BI) and analysis contractors, and more. We limit the information we share with each processor based on the business need in using such a processor, to protect your information while still effectively benefiting from the services of such processor.

We may also share non-personally identifiable information and aggregate information for any purpose. Such data is not personal data, and its sharing cannot be used to identify you.

We may need to share your information with law enforcement agencies, courts of law, and other governmental organizations, if ordered to do so by competent bodies and according to applicable law.

Mergers and Acquisitions:

If we are involved with a merger, asset sale, financing, liquidation, bankruptcy, or the acquisition of all or part of our business to another company, we may share your information with that company and its advisors before and after the transaction date.

9. How Do We Safeguard Your Personal Data?

We take information security very seriously. To begin with, Donde Platform and technology implement Privacy by Design by encouraging data minimization - we do not collect personal information, and limit personal data collection to the minimum required to provide the optimal value to both retailer Customers and End-Users.

We implement the state of the art security standards to prevent unauthorized or excessive access, maintain data accuracy, and ensure the correct use of information. We encrypt all major data communication transmissions to avoid interception and securely backup the information on the Platform to avoid data loss. We also implement appropriate organizational measures to protect your information.

We apply our security standards also when working with business and technology partners. We only select and contract with processors and third parties who use appropriate security measures and provide sufficient guarantees, including technical and organizational measures, to ensure the appropriate protection of the data we entrust with them. Unfortunately, although we make every effort to keep your data safe, we cannot fully ensure or warrant the security of your personal information.

10. Do We Transfer Personal Data Internationally?

Most of our information is stored over the cloud on Google Cloud and Amazon Web Services in the U.S. and Europe. Google and Amazon take extreme measures with respect to privacy and data security. Read more about Amazon’s measures here and Google’s measures here. Our R&D and customer support center are located in Israel.

At the same time, our business is international - we serve Customers that operate global retail and e-commerce businesses and make use of Donde technology worldwide, and we utilize additional processors and service providers in various countries. Therefore, we transfer, store or otherwise process your personal information in other countries. We take appropriate safeguards in the selection of our processing vendors around the world to require that your personal information is well protected. Despite our efforts, it may be the case that a country where your personal information is processed has different, or less protective, data protection and privacy regulation than the country you live in.

Privacy Shield Framework:

Donde Fashion Inc. complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework, as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and/or Switzerland to the United States. Donde Fashion Inc. has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit

Donde Fashion Inc. is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

In compliance with the Privacy Shield Principles, Donde Fashion commits to resolve complaints about our collection or use of your personal information. European Union and/or Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Donde Fashion at

Donde Fashion Inc. commits to cooperate with the panel established by the EU data protection authorities (DPAs) and/or the Swiss Federal Data Protection and Information Commissioner, as applicable, and comply with the advice given by the panel and/or Commissioner, as applicable, with regard to data transferred from the EU and/or Switzerland. You may have the option, under certain circumstances, to select binding arbitration for the resolution of your complaint. For further information, please see the Privacy Shield website.

Contact details for the EU data protection authorities can be found at

Accountability for Onward Transfers – as described above, we may transfer personal information to third parties, including transfers from one country to another, according to this Privacy Policy. We maintain written contracts with such third parties and require that they provide at least the same level of privacy protection and security as required by the Privacy Shield Principles. To the extent provided by the Privacy Shield Principles, we remain responsible and liable under the Privacy Shield Principles if a third party that we engage to process personal information on our behalf does so in a manner inconsistent with the Privacy Shield Principles, unless we prove that we are not responsible for the matter giving rise to the damage.

11. For How Long Do We Keep Personal Data?

We keep personal information we collect for different periods, depending on the type of information, for example: the period of our contract with our Customers (including a post-termination period as agreed with our Customers), legal requirements regarding certain types of data, and other factors. Generally speaking, we will retain your personal information for a period reasonably needed to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. We will also retain your personal information for as long as necessary to resolve disputes, enforce our rights and agreements, and protect our staff and Customers.

If we no longer need your information for the purposes mentioned in this Privacy Policy, we will delete or anonymize it. On certain occasions we might not be able to fully delete or anonymize your personal information due to technical or operational reasons, for example deleting from backup storage and archives. In such cases, we shall take reasonable measures to secure any information still maintained by us according to our standard data security practices.

Please be aware, that our Customers may also retain on their own systems and computers copies of personal data collected through Donde, even after we completed the provision of our services, ended our contractual relationships, and deleted or anonymized any data related to Customers’ accounts on the Platform. Such data retention by Customers is subject to their Privacy Policy, purposes, legal bases, agreements with data subjects, and any applicable law. We take no responsibility over Customers’ use of personal data outside of the Donde Platform.

12. What Are Your Rights With Respect to Your Personal Data?

If you’re an End-User using Donde technology on a retailer’s shopping experience, please approach such retailer to exercise any rights you may have, as they are the Data Controllers of your personal information. Otherwise, please contact us (details below).

According to the data protection and privacy regulation where you live, you may have certain rights with respect to your personal information.

Your rights may include, under certain terms and conditions set in the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), or other applicable law:

  • Right of Access to your personal data processed by us;
  • Right to Rectification of inaccurate or incomplete personal data;
  • Right to Erasure of your personal data (“Right to be Forgotten”);
  • Right to Restriction of Processing for a certain period or under certain conditions;
  • Right to Data Portability of your personal data to another data controller in a structured format;
  • Right to Object the processing of your personal data. Specifically, you have the right to object further processing of your personal data for direct marketing purposes;
  • Right to Opt-Out from the Sale of your personal data - to opt-out, please contact us or click Do Not Sell My Personal Information;
  • Right Not To Be Subject to a Decision Based Solely on Automated Decision-Making. We do not make any decisions with legal effect based solely on automated decision-making;
  • Right Not To Be Discriminated Against for exercising Privacy rights;
  • Right to File a Complaint with the applicable data protection authority in your country.

After deletion or anonymization of your personal data following its retention period, the rights to access, erasure, rectification, and data portability cannot be enforced.

Your personal information is processed based on several legal bases, sometimes including your consent. You can withdraw your consent at any time. Other legal bases, including statutory or contractual requirements that apply to you or our Customer might remain intact even following the withdrawal of your consent.

13. Do We Ever Change Our Privacy Policy?

Occasionally, we change this Privacy Policy to accommodate product and service development, industry standards, or new regulation. If we have your contact details, we will let you know personally if such changes are material, and seek consent for the updated Privacy Policy where required and as needed.

Please read the latest Privacy Policy available here from time to time. Note that we may require your consent to our up-to-date Terms of Service and Privacy Policy whenever you use our Websites or the Donde Platform. If you do not agree to these terms and policy, please do not use our services.

14. Who Can You Contact Regarding Your Personal Data?

If you’re an End-User using Donde on a retailer’s shopping experience, please contact such retailer first with any issue, as they are the Data Controllers of your personal information.

When you contact us to exercise your rights, we will verify your request and identity. Depending on your residence, you might be able to designate an authorized agent to exercise these rights on your behalf, but we will require proof that the agent is authorized to act on your behalf and may also still ask you to verify your identity with us directly.

You can contact us with any question or concern you have at:

Donde Fashion Inc.
7 World Trade Center, 250 Greenwich Street, New York, NY 10007, USA
Tel: +1 650-687-7747