Menu
Search Wishlist
0
Cart

Privacy policy

This Privacy policy (the "Policy") describes how Minor Things ApS ("Minor Things", "we" or "us") collects, processes and shares your personal data when you visit minorthings.com (the "Website") or place an order with us.

Our processing of your personal data is governed by the EU General Data Protection Regulation 2016/679 ("GDPR") and Danish data protection legislation, including the Danish Act on Data Protection (Databeskyttelsesloven).

1. Data controller and contact information

The data controller for the processing of your personal data is:

Minor Things ApS Nansensgade 32, 3. 1366 Copenhagen K Denmark

CVR No. DK42433047 Email: info@minorthings.com

For any questions regarding this Policy or our processing of your personal data, please contact us at the email address above.

2. Personal data we collect and process

Personal data means any information that can directly or indirectly identify you, such as your name, address, email address, phone number and IP address.

When you subscribe to our newsletter

If you have given your consent to receive our newsletter, we process your name and email address. The legal basis for this processing is your consent, cf. GDPR article 6(1)(a). Your consent may be withdrawn at any time by clicking the unsubscribe link in any newsletter or by writing to info@minorthings.com.

Our newsletter is sent through Klaviyo Inc., located in the United States. By giving consent to subscribe to the newsletter, you also expressly consent to the transfer of your name and email address to Klaviyo Inc. in the United States, despite the absence of an adequacy decision and appropriate safeguards covering Klaviyo. Klaviyo's privacy policy is available at klaviyo.com/legal/privacy.

When you place an order

When you place an order through the Website, we process the data you provide to us, including your name, address, email address, telephone number, country, the products ordered, the order value and a confirmation of payment. The processing is carried out for the following purposes:

  • Fulfilment of your order, including shipping, customer care and returns. The legal basis is performance of a contract, cf. GDPR article 6(1)(b).
  • Compliance with legal obligations, including bookkeeping and consumer law obligations. The legal basis is GDPR article 6(1)(c), cf. the Danish Bookkeeping Act (Bogføringsloven).

When you contact customer care

When you contact our customer care, we process your name, contact details and the content of your enquiry, together with any order reference you provide. The legal basis is performance of a contract, cf. GDPR article 6(1)(b), where the enquiry relates to an order, and otherwise our legitimate interest in providing customer care, cf. GDPR article 6(1)(f).

When you visit the Website

When you visit the Website we collect information about your device and your interaction with the Website, including IP address, browser type, device type, pages visited and basic interaction data. This information is collected through strictly necessary cookies and, subject to your consent, through statistical and marketing cookies and similar technologies. For further information, see our Cookie policy.

Marketing measurement and advertising

If you give your consent through our cookie banner, the Website transmits event data (such as page views, view content, add to cart and purchase) together with a hashed identifier to our advertising platforms for the purpose of measuring the effectiveness of our marketing and reaching relevant audiences. We currently use:

  • the Meta Pixel and the Meta Conversions API, operated by Meta Platforms Ireland Limited (Facebook and Instagram);
  • Google Ads tags (including the Google Ads conversion tag and remarketing tag), operated by Google Ireland Limited; and
  • the Pinterest Tag, operated by Pinterest Europe Limited.

The legal basis for this processing is your consent, cf. GDPR article 6(1)(a). If we activate additional advertising platforms in the future, this Policy and the Cookie policy will be updated before the relevant tags are activated.

3. Sharing of your personal data

We only share your personal data to the extent required for the purposes described in this Policy.

Data processors

We use a limited number of trusted data processors who act on our instructions under written data processing agreements:

  • Shopify International Limited (Ireland), which provides our e-commerce platform, order processing and basic analytics.
  • Klaviyo Inc. (United States), which provides our email marketing platform and processes data for the sending of transactional emails and newsletters. See the dedicated note on transfer of newsletter data to Klaviyo in section 2.
  • The accounting and bookkeeping service provider used to meet our statutory bookkeeping obligations.

A current list of sub-processors is available upon request.

Independent data controllers

Certain third parties receive personal data in their capacity as independent data controllers:

  • Payment service providers, which process payment data for the purposes of completing the payment and preventing fraud. The payment providers currently offered at checkout include card schemes (Visa, Mastercard, American Express), Apple Pay, Google Pay, MobilePay, Klarna Bank AB (Sweden) and PayPal (Europe) S.à r.l. et Cie, S.C.A. (Luxembourg). When you select Klarna as your payment method, Klarna acts as an independent controller for the purposes of completing the payment, performing any credit assessment that the chosen payment option may require, and preventing fraud. Klarna's terms and privacy policy are presented to you in the Klarna checkout flow.
  • Shipping partners, which receive your name, address, email and telephone number for the purpose of delivering your order. The carriers used depend on the destination and currently include PostNord, GLS, UPS, FedEx and DPD.
  • Meta Platforms Ireland Limited, which receives event data and a hashed identifier through the Meta Pixel and the Meta Conversions API when you have consented to marketing cookies. Meta's privacy policy is available at facebook.com/about/privacy.
  • Google Ireland Limited, which receives event data through Google Ads tags when you have consented to marketing cookies. Google's privacy policy is available at policies.google.com/privacy.
  • Pinterest Europe Limited, which receives event data through the Pinterest Tag when you have consented to marketing cookies. Pinterest's privacy policy is available at policy.pinterest.com/privacy-policy.
  • Public authorities, where we are required by law to disclose information.

Transfers to third countries

Where personal data is transferred to recipients outside the European Economic Area, the transfer takes place on the basis of:

  • An adequacy decision adopted by the European Commission,
  • The EU–US Data Privacy Framework, or
  • The European Commission's Standard Contractual Clauses, supplemented by appropriate technical and organisational measures.

4. Relationship with the Shopify platform

The Website is hosted on and powered by the Shopify e-commerce platform, operated by Shopify Inc. and its affiliates. In order to provide the Website and the Services to you, information you submit through the Website is transmitted to, and processed by, Shopify, including transfers to recipients located in countries other than the country in which you reside.

In addition, Shopify uses certain "enhanced features" that combine personal data collected about your interactions with the Website with personal data collected from your interactions with other merchants and with Shopify itself, in order to protect, grow and improve Shopify's services and ours. To the extent Shopify processes your personal data for these purposes, Shopify acts as an independent data controller and is responsible for that processing, including for responding to any requests you make to exercise your rights.

For more information about how Shopify processes your personal data and the rights available to you, please refer to:

  • the Shopify Consumer Privacy Policy at shopify.com/legal/privacy/app-users; and
  • the Shopify Privacy Portal at privacy.shopify.com.

5. No sale of personal data

We do not sell or rent your personal data. Personal data is only disclosed to third parties in accordance with this Policy or where required by applicable law.

6. Security

We have implemented appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access.

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify the Danish Data Protection Agency without undue delay and, where required, inform you of the breach.

7. Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected and to comply with legal obligations:

  • Newsletter subscribers: data is held in Klaviyo for the duration of the subscription and for up to two years after the last newsletter is sent, after which it is deleted.
  • Customers: order data and related transactional information are retained for the current financial year plus five additional financial years, in accordance with the Danish Bookkeeping Act (Bogføringsloven §12), after which it is deleted or anonymised.
  • Customer care enquiries: data is retained for up to 24 months after the matter is closed.
  • Marketing measurement data shared with advertising platforms is retained by those platforms in accordance with their own retention policies, typically for up to 13 months.

8. Your rights

Under the GDPR you have the following rights, which may be exercised at any time by contacting info@minorthings.com:

  • The right of access to your personal data.
  • The right to rectification of inaccurate or incomplete personal data.
  • The right to erasure of your personal data, subject to our statutory retention obligations.
  • The right to restriction of processing, in certain circumstances.
  • The right to data portability.
  • The right to object to processing based on our legitimate interests.
  • The right to withdraw any consent previously given, without affecting the lawfulness of processing carried out prior to withdrawal.

We will respond to your request within one month of receipt.

Authorised agents

You may designate an authorised agent to make a request on your behalf. Before we act on such a request, we may require the agent to provide evidence of your authorisation and may require you to verify your identity directly with us.

Global Privacy Control

Where applicable, we honour the Global Privacy Control (GPC) opt-out preference signal sent by your browser. If you visit the Website with GPC enabled, we will treat the signal as a request to opt out of the sale or sharing of personal information for the device and browser concerned, to the extent such rights apply to you. More information about GPC is available at globalprivacycontrol.org. We do not currently recognise other "Do Not Track" signals.

Opt-out for residents of US states with comprehensive privacy laws

If you are a resident of a US state with a comprehensive consumer privacy law (such as California, Virginia, Colorado, Connecticut or Utah), you may have additional rights under that law, including the right to opt out of the "sale" or "share" of your personal information for targeted advertising. You may exercise that right at minorthings.com/pages/data-sharing-opt-out.

9. Complaints

If you wish to lodge a complaint about our processing of your personal data, you may contact us at info@minorthings.com or the Danish Data Protection Agency:

Datatilsynet Carl Jacobsens Vej 35 2500 Valby Denmark Email: dt@datatilsynet.dk Website: datatilsynet.dk

10. Changes to this Policy

This Policy may be updated from time to time to reflect changes in our processing activities, the technologies we use or applicable legislation. The current version is always available on the Website. Material changes will be communicated where required by law.

Last updated: 16 May 2026.

×