PRIVACY POLICY

This Privacy Policy (the "Policy") outlines how we collect, use, store, disclose, and protect your personal data when you access or use our cross-border e-commerce independent website (the "Website"), place an order, or interact with our services. By accessing or using the Website, you acknowledge that you have read, understood, and agreed to the collection and processing of your personal data in accordance with this Policy. We are committed to complying with international data protection laws and regulations, including but not limited to the European Union’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and China’s Personal Information Protection Law (PIPL), to ensure the security and confidentiality of your personal data. This Policy may be updated periodically to reflect changes in data protection laws, our business operations, or industry best practices; any revisions will be posted on this page without prior notice, and your continued use of the Website constitutes acceptance of the updated Policy.

1. DEFINITIONS

To ensure clarity, the following terms have the meanings set out below when used in this Policy:

Personal Data: Any information relating to an identified or identifiable natural person (data subject), which can be used to identify, contact, or locate the person directly or indirectly. This includes but is not limited to names, email addresses, phone numbers, shipping addresses, payment details, IP addresses, browsing history, and other information as defined by applicable data protection laws.
Sensitive Personal Data: A subset of Personal Data that requires enhanced protection, including but not limited to financial information (e.g., credit card numbers), health information, biometric data, racial or ethnic origin, political opinions, religious beliefs, and sexual orientation. Sensitive Personal Data is subject to stricter processing requirements under applicable laws.
Processing: Any operation or set of operations performed on Personal Data, including collection, recording, organization, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, or combination, restriction, erasure, or destruction.
Data Controller: The entity that determines the purposes and means of the processing of Personal Data. We act as the Data Controller for the Personal Data collected through the Website.
Data Processor: A third party that processes Personal Data on behalf of the Data Controller (e.g., payment processors, logistics providers, data storage services).
Anonymization: The process of transforming Personal Data such that the data subject can no longer be identified, even when combined with other available information. Anonymized data is not considered Personal Data and is not subject to the requirements of this Policy.

2. COLLECTION OF PERSONAL DATA

We collect Personal Data from you in various ways when you interact with the Website and our services. We only collect Personal Data that is necessary for the purposes outlined in this Policy, and we do not collect more data than is required. The types of Personal Data we collect include:

2.1 Personal Data You Voluntarily Provide

When you use the Website to place an order, create an account, subscribe to our newsletter, or contact us, you may voluntarily provide the following Personal Data:

Account Information: Full name, email address, password (encrypted), phone number, and date of birth (if required for age verification).
Order & Shipping Information: Shipping address, billing address, recipient name, and phone number (to facilitate order processing and delivery).
Payment Information: Credit/debit card details, PayPal account information, or other payment method details. Please note that we do not store full payment card details; this information is processed directly by our third-party payment processors, who are bound by strict data protection obligations.
Communication Data: Content of emails, messages, or other communications you send to us (e.g., customer support inquiries, feedback).
Marketing Preferences: Your preferences for receiving marketing communications (e.g., newsletters, product updates, promotional offers).

2.2 Automatically Collected Personal Data

When you access or use the Website, we may automatically collect certain Personal Data through cookies, web beacons, and other tracking technologies. This data helps us improve the Website’s functionality, personalize your experience, and analyze user behavior. The types of automatically collected data include:

Device Information: Device type, operating system, browser type, screen resolution, and unique device identifiers (e.g., IMEI, MAC address).
Usage Data: Browsing history (e.g., pages visited, products viewed, time spent on each page), search queries, click-through rates, and order history.
Location Data: Approximate geographic location based on your IP address (we do not collect precise GPS location unless you explicitly consent).
Cookie Data: Information stored in cookies (small text files placed on your device) to remember your preferences, track your session, and improve the Website’s performance. For more details, see Section 8 (Cookies & Tracking Technologies).

2.3 Personal Data Collected from Third Parties

We may collect Personal Data about you from third parties in limited circumstances, including:

Payment Processors: Transaction details (e.g., payment amount, transaction status) to process your orders and refunds.
Logistics Providers: Delivery status, tracking information, and recipient confirmation to update you on your order’s progress.
Social Media Platforms: If you choose to log in to the Website using a social media account (e.g., Facebook, Google), we may collect basic profile information (e.g., name, email address) from the social media platform with your consent.
Data Verification Services: To verify your identity, address, or payment details and prevent fraud (e.g., anti-fraud services).

We only collect Personal Data from third parties if those parties have the right to disclose the data to us, and we will use such data only for the purposes outlined in this Policy.

3. PURPOSES OF PROCESSING PERSONAL DATA

We process your Personal Data for specific, legitimate purposes that are necessary for our business operations and to provide you with high-quality services. The main purposes of processing are as follows:

3.1 Order Processing & Delivery

To process your orders, including verifying your identity, processing payments, arranging shipping, and notifying you of order status (e.g., confirmation, shipping, delivery). This includes sharing your shipping information with logistics providers to ensure timely delivery of your products.

3.2 Account Management

To create and manage your account on the Website, including authenticating your login, storing your preferences, and allowing you to access your order history, track orders, and manage your account settings.

3.3 Customer Support

To respond to your inquiries, resolve complaints, and provide assistance (e.g., helping with order issues, product questions, or refund requests). This includes using your communication data to understand and address your needs.

3.4 Marketing & Promotions

To send you marketing communications (e.g., newsletters, product updates, promotional offers) that may be of interest to you, based on your preferences and browsing history. You can opt out of marketing communications at any time (see Section 7.3).

3.5 Website Improvement & Personalization

To analyze user behavior, identify trends, and improve the Website’s functionality, design, and user experience. This includes personalizing the Website content (e.g., product recommendations) based on your browsing and purchase history.

3.6 Fraud Prevention & Security

To detect and prevent fraudulent activities (e.g., unauthorized payments, fake orders), protect the Website and our users from security threats (e.g., hacking, data breaches), and comply with legal obligations related to fraud prevention.

3.7 Legal Compliance

To comply with applicable laws, regulations, and legal obligations (e.g., tax requirements, customs regulations, court orders). This includes retaining Personal Data for the period required by law and disclosing data when required by a competent authority.

3.8 Consent-Based Processing

For any other purposes for which we obtain your explicit consent (e.g., collecting sensitive personal data, sharing data with third parties for marketing purposes). You may withdraw your consent at any time (see Section 7.2).

4. LEGAL BASES FOR PROCESSING

Under applicable data protection laws (e.g., GDPR), we process your Personal Data only on one or more of the following legal bases:

Performance of a Contract: Processing is necessary to fulfill our obligations under a contract with you (e.g., processing your order, delivering products).
Legitimate Interest: Processing is necessary for our legitimate business interests, provided that your interests and fundamental rights do not override those interests. Our legitimate interests include improving our services, preventing fraud, and marketing our products (where applicable).
Consent: You have given your explicit consent to the processing of your Personal Data for a specific purpose (e.g., receiving marketing communications, collecting sensitive data).
Legal Obligation: Processing is necessary to comply with a legal obligation to which we are subject (e.g., tax, customs, or fraud prevention laws).

If we rely on your consent for processing, you have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. If we rely on legitimate interest, we have conducted a balancing test to ensure that our interests do not outweigh your rights and freedoms.

5. DISCLOSURE & SHARING OF PERSONAL DATA

We do not sell, rent, or share your Personal Data with third parties for their own marketing purposes without your explicit consent. We may disclose your Personal Data to the following categories of third parties for the purposes outlined in this Policy:

5.1 Data Processors

We engage third-party Data Processors to assist with our business operations, and we only disclose Personal Data to them that is necessary for them to perform their services. These Data Processors are bound by written contracts that require them to protect your Personal Data and comply with applicable data protection laws. Examples of Data Processors include:

Payment Processors: To process payments, verify payment details, and prevent fraud.
Logistics & Shipping Providers: To deliver your orders, track shipments, and confirm delivery.
Data Storage Providers: To securely store your Personal Data (e.g., cloud storage services).
Customer Support Providers: To assist with responding to your inquiries and resolving issues.
Marketing Service Providers: To send marketing communications (with your consent) and analyze marketing performance.

We regularly review our Data Processors to ensure they maintain appropriate data protection standards, and we reserve the right to terminate our relationship with any Processor that fails to comply with these standards.

5.2 Legal & Regulatory Authorities

We may disclose your Personal Data to competent legal or regulatory authorities (e.g., courts, tax authorities, customs agencies) if required by law, court order, or regulatory mandate. This includes disclosing data to prevent or investigate illegal activities, comply with tax obligations, or respond to a valid request from a government authority. If we receive such a request, we will verify its validity and disclose only the minimum amount of data necessary to comply with the request. Where applicable, we will consider the legal basis for the request and any potential impact on your rights before disclosing data.

5.3 Business Transfers

In the event of a merger, acquisition, sale of assets, or other business transfer, your Personal Data may be transferred to the new owner or operator of the business. We will ensure that the new owner or operator is bound by the terms of this Policy and applicable data protection laws, and we will notify you of such a transfer if required by law.

5.4 Other Disclosures with Consent

We may disclose your Personal Data to other third parties if you have given your explicit consent to such disclosure (e.g., sharing your data with a partner for a joint promotion).

6. DATA STORAGE & SECURITY

6.1 Storage Location & Duration

We store your Personal Data on secure servers located in countries that have adequate data protection laws, including the European Union, the United States, and China. If we transfer your Personal Data to a country outside the European Economic Area (EEA) or other jurisdictions with inadequate data protection standards, we will ensure that the transfer is compliant with applicable laws (e.g., using standard contractual clauses approved by the European Commission, or relying on an adequacy decision from the European Commission). We retain your Personal Data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. After this period, your Personal Data will be securely deleted or anonymized.

Order & Payment Data: Retained for 7 years from the date of the order (to comply with tax and legal obligations).
Account Data: Retained for as long as your account is active, plus 2 years after account closure (to resolve any outstanding issues).
Marketing Data: Retained until you opt out of marketing communications, plus 6 months (to ensure we do not send you unwanted communications).
Anonymized Data: May be retained indefinitely for analytical purposes, as it no longer identifies you.

6.2 Security Measures

We take reasonable and appropriate technical, administrative, and physical security measures to protect your Personal Data from unauthorized access, use, disclosure, modification, or destruction. These measures include:

Encryption: Personal Data (e.g., payment details, passwords) is encrypted in transit (using TLS/SSL) and at rest (using industry-standard encryption algorithms).
Access Control: Only authorized personnel have access to your Personal Data, and access is granted on a "need-to-know" basis. We implement strong authentication measures (e.g., two-factor authentication) for staff accessing sensitive data.
Regular Audits & Updates: We regularly audit our security systems and processes, and update our software and hardware to address potential vulnerabilities.
Data Protection Training: Our staff receive regular training on data protection laws and security best practices to ensure they handle your Personal Data responsibly.
Incident Response Plan: We have a data breach response plan in place to detect, contain, and mitigate the impact of any data breach. If a data breach is likely to result in a high risk to your rights and freedoms, we will notify you and the relevant data protection authority without undue delay, in accordance with applicable laws.

While we take all reasonable steps to protect your Personal Data, no security system is completely infallible. We cannot guarantee the absolute security of your data, and you acknowledge that you provide your Personal Data at your own risk.

7. YOUR DATA PROTECTION RIGHTS

Under applicable data protection laws, you have certain rights regarding your Personal Data. We aim to make it easy for you to exercise these rights, and you can do so by submitting a request through your account or via the designated request portal (details not provided herein). Your rights include:

7.1 Right to Access

You have the right to request access to the Personal Data we hold about you, including details of how we collect, use, and disclose your data. We will provide you with a copy of your Personal Data free of charge within 30 days of your request. If you request additional copies, we may charge a reasonable fee based on administrative costs.

7.2 Right to Rectification

If your Personal Data is inaccurate or incomplete, you have the right to request that we rectify it. We will update your data within 30 days of your request and notify you once the rectification is complete.

7.3 Right to Erasure ("Right to be Forgotten")

You have the right to request that we erase your Personal Data if: (i) it is no longer necessary for the purposes for which it was collected; (ii) you withdraw your consent (and there is no other legal basis for processing); (iii) you object to processing (and there are no overriding legitimate interests); (iv) the data was processed unlawfully; or (v) erasure is required by law. We will erase your data within 30 days of your request, unless we are required to retain it by law or for legitimate business purposes (e.g., fraud prevention).

7.4 Right to Restriction of Processing

You have the right to request that we restrict the processing of your Personal Data if: (i) you contest the accuracy of the data; (ii) processing is unlawful but you do not want the data erased; (iii) we no longer need the data but you need it for legal claims; or (iv) you have objected to processing and we are assessing whether our legitimate interests override your rights. During the restriction period, we will only process the data with your consent or for legal purposes.

7.5 Right to Data Portability

You have the right to receive your Personal Data in a structured, commonly used, and machine-readable format, and to transmit it to another Data Controller without hindrance from us. This right applies only to data that you provided to us based on consent or a contract, and that is processed automatically.

7.6 Right to Object

You have the right to object to the processing of your Personal Data for direct marketing purposes at any time. We will stop processing your data for marketing purposes immediately upon receiving your request. You also have the right to object to processing based on legitimate interests, and we will assess your objection and stop processing if your interests outweigh our legitimate interests.

7.7 Right to Withdraw Consent

If we process your Personal Data based on your consent, you have the right to withdraw your consent at any time. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal. You can withdraw consent by updating your account preferences or submitting a request to us.

7.8 Right to Lodge a Complaint

If you are dissatisfied with how we process your Personal Data, you have the right to lodge a complaint with the relevant data protection authority in your jurisdiction (e.g., the Information Commissioner’s Office (ICO) in the UK, the CNIL in France, or the California Attorney General in the US). We will cooperate with the data protection authority to resolve your complaint.

To exercise any of these rights, please submit a request with your full name, email address, and details of the right you wish to exercise. We may request additional information to verify your identity (to prevent unauthorized access to your data) and will respond to your request within the timeframe required by applicable law (typically 30 days, which may be extended by a further 2 months for complex requests).

8. COOKIES & TRACKING TECHNOLOGIES

We use cookies and other tracking technologies (e.g., web beacons, pixels) to improve the Website’s functionality, personalize your experience, and analyze user behavior. Cookies are small text files that are placed on your device when you access the Website. We use two types of cookies:

8.1 Necessary Cookies

These cookies are essential for the Website to function properly. They enable you to navigate the Website, place orders, and access your account. Necessary cookies do not require your consent, and we cannot disable them as they are required for basic functionality.

8.2 Non-Necessary Cookies

These cookies are not essential but help us improve the Website and your experience. They include:

Analytics Cookies: To track how you use the Website, identify trends, and measure the effectiveness of our content. This helps us improve the Website’s design and functionality.
Marketing Cookies: To track your browsing history and preferences, and to deliver personalized marketing communications (with your consent). These cookies may be set by third-party marketing providers.

You can manage your cookie preferences by adjusting your browser settings. Most browsers allow you to block or delete cookies, but please note that blocking necessary cookies may affect the Website’s functionality. You can also opt out of non-necessary cookies by clicking the "Cookie Settings" link on the Website.

9. CHILDREN’S PRIVACY

The Website is not intended for children under the age of 16 (or the minimum age required by applicable law), and we do not knowingly collect Personal Data from children under this age. If we become aware that we have collected Personal Data from a child without the consent of a parent or guardian, we will immediately delete the data and notify the parent or guardian (if possible). If you are a parent or guardian and believe your child has provided Personal Data to us, please contact us to request the deletion of the data.

10. THIRD-PARTY LINKS

The Website may contain links to third-party websites (e.g., social media platforms, payment processors). This Policy does not apply to third-party websites, and we are not responsible for the privacy practices or content of these websites. We recommend that you review the privacy policies of any third-party websites you visit.

11. CHANGES TO THIS POLICY

We may update this Policy from time to time to reflect changes in data protection laws, our business operations, or industry best practices. Any changes will be posted on this page, and the updated Policy will take effect immediately upon posting. We encourage you to review this Policy regularly to stay informed about how we protect your Personal Data. Your continued use of the Website after the updated Policy is posted constitutes your acceptance of the changes.

12. GENERAL PROVISIONS

By accessing or using the Website, you confirm that you have read, understood, and agreed to this Policy. If you do not agree with any part of this Policy, you should not use the Website. This Policy is governed by the laws of the country of origin, and any disputes arising from or related to this Policy will be resolved in accordance with those laws.

If you have any questions about this Policy or how we process your Personal Data, please refer to our FAQ section or contact our customer support team (contact information not provided herein).

${data.title}

TINYJOY TOYS TINYJOY TOYS