Last Updated: February 21, 2026
This GDPR Compliance Statement explains how DropRoyal (“DropRoyal”, “we”, “our”, “us”) processes personal data in accordance with Regulation (EU) 2016/679, known as the General Data Protection Regulation (“GDPR”), when you access or use the DropRoyal platform and website located at https://droproyal.com (the “Service”).
This document is intended to supplement our Privacy Policy and Terms of Service and applies to users located in the European Economic Area (“EEA”) and the United Kingdom.
For personal data relating to DropRoyal account holders and authorized users, DropRoyal acts as a Data Controller. For personal data processed on behalf of merchants through connected ecommerce stores, DropRoyal acts as a Data Processor, while the merchant remains the Data Controller.
Merchants are responsible for ensuring they have appropriate legal grounds to collect and provide customer data to DropRoyal and for complying with applicable GDPR obligations toward their own customers.
DropRoyal may process personal data including, but not limited to, account information (such as name, email address, and business details), technical data (such as IP address, device identifiers, and usage logs), and store-related data (such as product information, order details, customer names, email addresses, shipping addresses, and transaction metadata) to the extent required to provide the Service.
Personal data is processed solely for legitimate business purposes, including operating and maintaining the Service, enabling store integrations, providing customer support, processing payments, improving platform performance, ensuring security, preventing fraud, and complying with legal obligations.
DropRoyal does not use customer data for advertising to end consumers and does not sell personal data.
DropRoyal processes personal data under one or more lawful bases as defined by GDPR, including performance of a contract, compliance with legal obligations, legitimate interests in operating and securing the Service, and user consent where required by applicable law.
DropRoyal implements appropriate technical and organizational measures to protect personal data against unauthorized or unlawful processing and against accidental loss, destruction, or damage. These measures include encryption in transit where applicable, restricted access controls, secure hosting environments, internal policies, and staff confidentiality obligations.
Despite these measures, no system can guarantee absolute security. Users acknowledge that they provide data at their own risk.
DropRoyal may engage trusted third-party service providers (“Subprocessors”) to assist with hosting, analytics, customer support, and payment processing. Subprocessors are contractually bound to process personal data only on documented instructions from DropRoyal and in compliance with GDPR requirements.
A current list of Subprocessors may be provided upon reasonable written request.
Personal data may be transferred to countries outside the EEA. Where such transfers occur, DropRoyal ensures appropriate safeguards are in place, including standard contractual clauses or equivalent legal mechanisms, to maintain GDPR-level protection.
Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected, provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. Upon account termination, data may be deleted or anonymized unless retention is legally required.
Under GDPR, individuals have rights including the right to access personal data, rectify inaccurate data, request erasure, restrict processing, obtain data portability, and object to certain processing activities.
Requests to exercise these rights may be submitted to info@droproyal.com. DropRoyal may require verification of identity before responding. Requests will be handled within thirty (30) days unless a lawful extension applies.
Merchants using DropRoyal are solely responsible for providing appropriate privacy notices to their customers, obtaining valid consent where required, responding to data subject requests, and ensuring compliance with GDPR and other applicable data protection laws.
DropRoyal is not responsible for merchants’ privacy practices or for the content of merchants’ customer communications.
Where required by law, merchants may request a Data Processing Agreement (“DPA”) governing DropRoyal’s processing of personal data on their behalf. DPA requests should be sent to info@droproyal.com.
If you believe your GDPR rights have been infringed, you have the right to lodge a complaint with your local supervisory authority within the EEA or the United Kingdom.
DropRoyal may update this GDPR Compliance Statement from time to time. Any changes will be posted on this page with an updated “Last Updated” date. Continued use of the Service constitutes acceptance of the revised version.
For GDPR-related inquiries or data protection requests, please contact:
DropRoyal
Email: info@droproyal.com
