Privacy Policy (GDPR) | [Your Store Name]

This Privacy Policy explains how [Your Legal Entity/Store Name] ("we", "us", or "our") collects, uses, and protects your personal data when you use our website in compliance with the General Data Protection Regulation (GDPR).

1. Data Controller

For the purposes of the GDPR, [Your Store Name] is the Data Controller. This means we are responsible for deciding how we hold and use personal information about you.

2. Legal Basis for Processing

Under GDPR, we only process your personal data if we have a legal basis to do so. We rely on the following:

Contractual Necessity: To fulfill your orders and deliver products.
Legitimate Interests: To improve our services, prevent fraud, and conduct marketing (where permitted).
Consent: Where you have given us clear consent to process your data for a specific purpose (e.g., newsletter).
Legal Obligation: To comply with tax or regulatory requirements.

3. Data We Collect

Directly Provided Data

When you make a purchase, we collect: Name, email address, shipping address, billing address, phone number, and payment details.

Automatically Collected Data

We use cookies and similar technologies to collect your IP address, browser type, device information, and your interaction with our website to improve user experience.

4. Data Sharing & International Transfers

We share your data with service providers who help us operate (e.g., payment processors, shipping companies, and marketing tools like Google or Meta). If data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards (such as Standard Contractual Clauses) are in place.

5. Your Rights Under GDPR

As an EU resident, you have the following rights:

Right of Access: You can request a copy of the data we hold about you.
Right to Rectification: You can ask us to correct inaccurate data.
Right to Erasure ("Right to be Forgotten"): You can request that we delete your data.
Right to Data Portability: You can request your data in a structured, machine-readable format.
Right to Object: You can object to processing based on legitimate interests or for direct marketing.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements (typically 5-10 years for tax purposes in most EU jurisdictions).

7. Contact & Complaints

To exercise any of your rights, please contact us at:

Email: [Your Contact Email]
Address: [Your EU Business Address]

You also have the right to lodge a complaint with your local Data Protection Authority (DPA) within the EU if you believe we have violated your privacy rights.

Privacy Policy (GDPR Compliant)