DonCapi™ Data Protection Rights Request Policy

Effective date: 2026
Website: DonCapi.com
Brand: DonCapi™
Email: Ciao@DonCapi.com

This Data Protection Rights Request Policy explains how customers, account holders, subscribers and website users can exercise their data protection rights in relation to personal information handled by DonCapi.com.

This policy should be read together with our Privacy Policy, Cookie Policy, Newsletter & Marketing Preferences Policy, Account & Customer Account Policy, Customer Reviews & User Content Policy, Terms and Conditions, and Complaints Policy.

Nothing in this policy removes or reduces your rights under applicable UK data protection law.

1. Who We Are

DonCapi™
41 Norman Avenue
London
N22 5ES
United Kingdom

Email: Ciao@DonCapi.com
Website: DonCapi.com

In this policy, “DonCapi™”, “we”, “us” and “our” refer to DonCapi™. “You” and “your” refer to customers, subscribers, account holders, website users and people whose personal information may be processed by DonCapi™.

2. Purpose of This Policy

This policy explains:

  • what data protection rights you may have;
  • how to make a rights request;
  • what information to include;
  • when we may ask for identity verification;
  • how long we aim to take;
  • when a request may be refused or limited;
  • how marketing opt-outs are handled;
  • how to complain if you are unhappy.

3. Data Protection Laws

This policy is intended to reflect relevant UK data protection rules, including where applicable:

  • UK General Data Protection Regulation, known as UK GDPR;
  • Data Protection Act 2018;
  • Privacy and Electronic Communications Regulations 2003, known as PECR;
  • guidance from the UK Information Commissioner’s Office, known as the ICO.

4. Your Data Protection Rights

Depending on the circumstances, you may have the following rights:

  • right to be informed;
  • right of access;
  • right to rectification;
  • right to erasure;
  • right to restrict processing;
  • right to data portability;
  • right to object;
  • rights relating to automated decision-making and profiling;
  • right to withdraw consent where consent is used;
  • right to complain to the ICO.

These rights do not always apply in every situation. Some rights are subject to exemptions, legal obligations, business records, fraud prevention, tax records, consumer rights records, product safety records or other lawful reasons.

5. Right to Be Informed

You have the right to be told how your personal information is collected and used.

DonCapi™ provides this information mainly through our:

  • Privacy Policy;
  • Cookie Policy;
  • Newsletter & Marketing Preferences Policy;
  • account notices;
  • checkout notices;
  • cookie banner;
  • marketing signup wording;
  • customer support communications.

We aim to make privacy information clear, accessible and easy to understand.

6. Right of Access

You may ask for a copy of the personal information DonCapi™ holds about you.

This is commonly known as a subject access request or SAR.

A subject access request may include information such as:

  • account details;
  • order records;
  • delivery details;
  • customer support messages;
  • marketing preferences;
  • review submissions;
  • refund records;
  • return records;
  • security logs where relevant;
  • cookie or consent records where available.

Some information may be excluded where the law allows, such as information about other people, confidential business information, fraud prevention information, legal privilege, or information that cannot be disclosed for legal reasons.

7. Right to Rectification

You may ask us to correct inaccurate personal information.

Examples include:

  • incorrect name;
  • wrong email address;
  • old delivery address;
  • incorrect phone number;
  • wrong account details;
  • incomplete customer profile information.

We may ask for evidence where needed.

The ICO explains that UK GDPR gives individuals the right to have inaccurate personal data rectified and incomplete personal data completed in certain circumstances.

8. Right to Erasure

You may ask us to delete your personal information in certain circumstances.

This is sometimes called the right to be forgotten.

The right to erasure may apply where:

  • the data is no longer needed;
  • consent was withdrawn and no other lawful basis applies;
  • you object and there is no overriding reason to continue;
  • the data was processed unlawfully;
  • deletion is required by law.

However, deletion may not always be possible immediately.

DonCapi™ may need to keep some information for reasons such as:

  • order records;
  • tax and accounting records;
  • fraud prevention;
  • chargeback evidence;
  • legal claims;
  • product safety records;
  • recall records;
  • returns and refunds;
  • complaint handling;
  • compliance with legal obligations.

The ICO describes erasure as a UK GDPR Article 17 right, also known as the right to be forgotten.

9. Right to Restrict Processing

You may ask us to restrict how we use your personal information in certain circumstances.

This may apply where:

  • you dispute accuracy of the data;
  • processing is unlawful but you do not want deletion;
  • DonCapi™ no longer needs the data but you need it for legal claims;
  • you have objected and we are considering whether we have overriding grounds.

Restriction may mean we store the data but limit how we use it.

The ICO explains that restriction lets an individual limit the way an organisation uses their data in certain circumstances.

10. Right to Data Portability

You may ask to receive certain personal information in a structured, commonly used and machine-readable format.

This right usually applies where:

  • the data was provided by you;
  • processing is based on consent or contract;
  • processing is carried out by automated means.

This right may apply to certain account, order or profile information, but it will not apply to all DonCapi™ records.

11. Right to Object

You may object to certain uses of your personal information.

This may include processing based on legitimate interests, direct marketing, or certain types of profiling.

If you object to direct marketing, DonCapi™ must stop using your personal information for direct marketing.

The ICO says individuals have an absolute right to stop their data being used for direct marketing.

12. Right to Withdraw Consent

Where DonCapi™ relies on consent, you may withdraw consent at any time.

This may apply to:

  • marketing emails;
  • non-essential cookies;
  • certain personalised advertising;
  • certain optional communications;
  • certain user content permissions where applicable.

Withdrawing consent does not affect processing that happened before consent was withdrawn.

13. Automated Decision-Making and Profiling

DonCapi™ does not intend to make decisions based solely on automated processing that have legal or similarly significant effects on customers.

However, some automated tools may be used for:

  • fraud prevention;
  • payment checks;
  • marketing preferences;
  • product recommendations;
  • abandoned basket reminders;
  • website analytics;
  • account security.

If this changes, our Privacy Policy should be updated.

14. Marketing Opt-Out Requests

You can opt out of DonCapi™ marketing at any time.

You may opt out by:

  • clicking unsubscribe in a marketing email;
  • changing account preferences where available;
  • contacting Ciao@DonCapi.com.

If you opt out, we may keep your email address on a suppression list so we do not send marketing to you again by mistake.

Opting out of marketing does not stop service emails such as:

  • order confirmations;
  • delivery updates;
  • refund updates;
  • account security emails;
  • product safety notices;
  • legal notices;
  • customer support replies.

15. Cookie Consent Requests

You may manage non-essential cookies through the cookie banner or cookie settings tool on DonCapi.com where available.

You may also adjust cookie settings in your browser.

Cookies necessary for basket, checkout, security, account login or cookie preference storage may still be used where legally allowed.

Please read our Cookie Policy.

16. How to Make a Data Protection Request

To make a data protection rights request, email:

Ciao@DonCapi.com

Use a clear subject line, such as:

Data Protection Request – [Your Name]

Or:

Subject Access Request – [Your Name]

Please include:

  • full name;
  • email address linked to your DonCapi™ account or order;
  • order number, if relevant;
  • the right you want to exercise;
  • clear description of your request;
  • any relevant dates;
  • whether you have a DonCapi™ account;
  • any other information that helps us locate your data.

17. Example Request Wording

You may write:

“I would like a copy of the personal information DonCapi™ holds about me.”

Or:

“Please delete my DonCapi™ customer account, subject to any records you must keep by law.”

Or:

“Please correct my delivery address in my DonCapi™ account.”

Or:

“Please stop using my personal information for direct marketing.”

You do not need to use legal wording. The request only needs to be clear.

18. Identity Verification

We may need to verify your identity before responding to certain requests.

This helps protect your personal information from being disclosed to the wrong person.

We may ask for information such as:

  • order number;
  • billing postcode;
  • delivery postcode;
  • account email address;
  • recent order details;
  • confirmation from the email address linked to the account;
  • limited identity evidence where necessary.

We will not ask for unnecessary information.

Please do not send full payment card numbers, card security codes or passwords.

19. Requests Made by Someone Else

You may ask someone else to make a request on your behalf.

If a request is made by a third party, we may need proof that they are authorised to act for you.

This may include written permission or other appropriate evidence.

We may also need to verify your identity before responding.

20. Response Time

We aim to respond to valid data protection rights requests without undue delay and within the time required by law.

In many cases, this means within one calendar month.

If a request is complex or multiple requests are made, the ICO says the response time may be extended to a maximum of three calendar months, starting from the day of receipt.

If we need identity verification, the response period may depend on receiving the information needed to confirm identity.

21. Fees

Data protection rights requests are usually free.

However, where a request is manifestly unfounded, excessive or repetitive, we may be allowed to charge a reasonable fee or refuse the request where the law allows.

If this applies, we will explain our position.

22. When We May Refuse or Limit a Request

Some requests may be refused or limited where the law allows.

Reasons may include:

  • inability to verify identity;
  • request is manifestly unfounded;
  • request is excessive;
  • request is repetitive;
  • legal obligation to keep records;
  • tax or accounting record requirements;
  • fraud prevention;
  • chargeback or dispute evidence;
  • product safety or recall records;
  • legal claims;
  • rights and freedoms of others;
  • confidential business information;
  • information about another person;
  • legal privilege;
  • security or crime prevention reasons.

If we refuse or limit a request, we will explain why where required.

23. Order Records and Deletion Limits

If you ask for deletion, some order records may need to be retained.

This may include records connected to:

  • completed orders;
  • delivery;
  • invoices or receipts;
  • returns;
  • refunds;
  • chargebacks;
  • complaints;
  • fraud checks;
  • tax and accounting;
  • legal claims;
  • product safety recalls.

We may be able to close your account while retaining limited records required for lawful purposes.

24. Reviews and User Content

If you submitted reviews, photos, testimonials or other content, you may ask us to remove or anonymise certain personal information.

However, some published content may remain where lawful, especially if it has been anonymised or if DonCapi™ has a lawful reason to retain it.

Please read our Customer Reviews & User Content Policy.

25. Account Closure and Data Rights

Closing your DonCapi™ account is not always the same as deleting all personal information.

Account closure may remove or disable:

  • login access;
  • saved addresses;
  • wishlist information;
  • account preferences;
  • profile details.

However, DonCapi™ may still retain certain records where legally required or otherwise lawful.

Please read our Account & Customer Account Policy.

26. Security of Rights Requests

Because rights requests may involve personal information, we may take steps to protect your data.

This may include:

  • verifying identity;
  • using secure email where practical;
  • limiting disclosure of third-party information;
  • redacting sensitive information;
  • sending data to the verified email address;
  • refusing to send information to unverified addresses.

We aim to protect customer privacy while responding to valid requests.

27. Data Breach Concerns

If you believe your DonCapi™ account or personal information may have been affected by a security issue, contact us immediately:

Ciao@DonCapi.com

Please include:

  • account email address;
  • description of concern;
  • date noticed;
  • screenshots if useful;
  • any suspicious messages received.

We will review the issue and take appropriate action.

28. Complaints About Data Handling

If you are unhappy with how DonCapi™ handles your personal information, contact us first:

Ciao@DonCapi.com

Please explain the issue and what outcome you are seeking.

We will review your complaint and respond where appropriate.

29. Complaining to the ICO

You also have the right to complain to the UK Information Commissioner’s Office.

ICO website: ico.org.uk
ICO telephone: 0303 123 1113

The ICO usually expects you to contact the organisation first and give it a chance to respond.

30. Records of Requests

DonCapi™ may keep records of data protection requests.

These records may include:

  • request date;
  • requester name;
  • contact details;
  • nature of request;
  • identity verification steps;
  • response given;
  • action taken;
  • reason for refusal or limitation, if any;
  • complaint history.

These records help us show that requests were handled properly.

31. Changes to This Policy

We may update this Data Protection Rights Request Policy from time to time.

Changes may be made because of:

  • legal updates;
  • ICO guidance updates;
  • website changes;
  • account feature changes;
  • marketing changes;
  • cookie changes;
  • security changes;
  • business changes.

The latest version will be posted on DonCapi.com.

32. Related Pages

You may also wish to read:

  • Privacy Policy;
  • Cookie Policy;
  • Newsletter & Marketing Preferences Policy;
  • Account & Customer Account Policy;
  • Customer Reviews & User Content Policy;
  • Secure Shopping;
  • Complaints Policy;
  • Terms and Conditions.

33. Contact DonCapi™

For data protection rights requests, contact:

DonCapi™
41 Norman Avenue
London
N22 5ES
United Kingdom

Email: Ciao@DonCapi.com
Website: DonCapi.com

Use a clear subject line such as:

Data Protection Request – [Your Name]

34. Brand Notice

DonCapi™ is a premium clothing and lifestyle brand. Any Italian-inspired, cinematic, luxury, old-world or characterful brand theme used on DonCapi.com is for lawful fashion branding and creative style only.

DonCapi™ does not promote unlawful activity, violence, intimidation, organised crime, harassment, exploitation or illegal conduct.

35. Copyright Notice

© 2026 – DonCapi™ – All rights reserved.

Scroll To Top
Close
Add your navigation menu here
Close
shop
0 Wishlist
0 Cart
Close

My Cart

Shopping cart is empty!

Continue Shopping