Last Updated: [Date]

1. Data Controller
The data controller responsible for your personal data is:
[Your Company Name]
[Your Physical Address/Registered Address]
[Your Email Address for Privacy Inquiries, e.g., privacy@yourwebsite.com]

If you have any questions about this policy or how we use your data, please contact us using the details above.

2. What Data We Collect and Why (The Legal Basis)
We only collect and process your personal data when we have a legal basis to do so under the GDPR. The table below outlines what we collect, why we process it, and the corresponding legal basis.

 
 
Purpose of Processing Categories of Personal Data Legal Basis for Processing
To Fulfill Your Contract (Processing and delivering your order) Name, billing/shipping address, email, phone number, payment information. Necessity for the performance of a contract (GDPR Art. 6(1)(b)).
Customer Support & Communications (Responding to your inquiries) Name, email address, order history, content of your messages. Necessity for our legitimate interests in providing customer service (GDPR Art. 6(1)(f)).
Marketing Communications (Sending promotional emails) Email address, name. Your explicit consent (GDPR Art. 6(1)(a)), which you can withdraw at any time.
Website Security & Fraud Prevention IP address, device information, browsing data. Necessity for our legitimate interests in protecting our website and business (GDPR Art. 6(1)(f)).
Website Analytics & Improvement (Analyzing site usage) IP address (anonymized where possible), browser type, pages viewed, usage data via cookies. Your consent for non-essential cookies (GDPR Art. 6(1)(a)). Legitimate interests for essential analytics (GDPR Art. 6(1)(f)).

3. How We Share Your Data (International Transfers)
We share your data with trusted third-party service providers who act as “data processors” on our instructions. These include:

  • Payment Processors: (e.g., Stripe, PayPal) to securely handle payments. We do not store your full payment card details.

  • Shipping and Fulfillment Partners: (e.g., UPS, DHL, national postal services) to deliver your order. We provide them with your name and shipping address.

  • IT and Cloud Service Providers: (e.g., our web hosting provider, email marketing platform, analytics providers).

Some of these partners may be located outside the European Economic Area (EEA) in countries that the European Commission has not deemed to provide an adequate level of data protection. In these cases, we ensure your data is protected by using one of the following safeguards:

  • The recipient is located in a country covered by an EU “adequacy decision.”

  • We use the European Commission’s Standard Contractual Clauses (SCCs) to ensure the recipient provides an adequate level of protection.

You can request details of these mechanisms by contacting us.

4. Data Retention
We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including to satisfy any legal, accounting, or reporting requirements.

  • Order Data: We retain the data associated with your order (name, address, products purchased) for a period of [e.g., 6 years] from the end of the financial year in which you placed the order, to comply with tax and consumer law obligations.

  • Marketing Data: We retain your contact details for marketing purposes until you withdraw your consent or unsubscribe from our communications, which you can do at any time by clicking the “unsubscribe” link in every email.

  • Customer Service Inquiries: We retain communications for [e.g., 3 years] after your inquiry is resolved to ensure we can reference previous interactions if needed.

5. Your Data Subject Rights under GDPR
As a data subject under the GDPR, you have the following rights:

  • Right of Access: You can request a copy of the personal data we hold about you.

  • Right to Rectification: You can request that we correct inaccurate or incomplete data about you.

  • Right to Erasure (‘Right to be Forgotten’): You can ask us to delete your personal data in certain circumstances.

  • Right to Restriction of Processing: You can request that we temporarily or permanently stop processing all or some of your personal data.

  • Right to Data Portability: You can request a structured, machine-readable copy of your data to transfer it to another service.

  • Right to Object: You can object to processing based on our legitimate interests. We will stop unless we have compelling legitimate grounds to continue.

  • Right to Withdraw Consent: Where we rely on your consent (e.g., for marketing), you can withdraw it at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

To exercise any of these rights, please contact us at [Your Privacy Email Address]. We will respond to your request within one month. We may need to verify your identity before processing your request.

6. Cookies and Similar Technologies
We use cookies and similar tracking technologies. When you first visit our site, we will ask for your consent to use non-essential cookies (e.g., for analytics and marketing). Essential cookies, required for the website to function (like keeping items in your shopping cart), do not require consent.

You can manage your cookie preferences at any time by adjusting your browser settings or through our cookie consent banner.

7. Complaints
If you have any concerns about how we handle your data, we encourage you to contact us first. However, you also have the right to lodge a complaint with your local Supervisory Authority. A list of EU Data Protection Authorities can be found here: [Link to https://edpb.europa.eu/about-edpb/about-edpb/members_en]

Our policies

Shipping & Delivery

Terms & Conditions

Privacy Policy

About my order

Help Center

Track My Order

Return or Cancel My Order

Home
Shopping
Account