4. Data Sharing

We share only the minimum data necessary for each purpose:

•       Courier and delivery partners: name, phone, delivery address, and COD amount for delivery and payment collection

•       Shopify Inc. (our platform provider, US-based, covered by the EU–US Data Privacy Framework): order and store data for platform operation

•       Accounting and legal advisors: transaction records as required by law

We do not sell your personal data to any third party.

5. International Data Transfers

Some of our service providers are based outside the European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place, such as:

•       EU–US Data Privacy Framework (Shopify Inc.)

•       Standard Contractual Clauses (SCCs) approved by the European Commission

6. Data Retention

•       Order and transaction data: 7 years (legal/tax requirement)

•       Delivery interaction data: 12 months from the date of the last order

•       Analytics data: as per cookie consent settings (typically 13 months)

•       Support communications: 2 years from resolution

After the applicable retention period, your data is securely deleted or anonymised.

7. Your Rights Under GDPR

As a data subject in the EU/EEA, you have the following rights:

•       Right of access: request a copy of the data we hold about you

•       Right to rectification: correct inaccurate or incomplete data

•       Right to erasure ("right to be forgotten"): request deletion of your data, subject to legal retention requirements

•       Right to restriction: limit how we process your data

•       Right to data portability: receive your data in a machine-readable format

•       Right to object: object to processing based on legitimate interests or for direct marketing

•       Right to withdraw consent: at any time, without affecting prior processing

To exercise any of these rights, please contact us at: support@terralox.eu

We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

8. Cookies

We use cookies to ensure the store functions correctly and, with your consent, to analyse traffic and personalise your experience.

Essential cookies

Required for the store to operate (cart, checkout, security). These cannot be disabled.

Analytics cookies

Used to understand how visitors interact with our store (e.g. Google Analytics). Only enabled with your consent.

Marketing cookies

Used to deliver relevant advertisements. Only enabled with your consent.

You can manage your cookie preferences at any time via the cookie banner on our website or your browser settings.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse. These include SSL encryption, access controls, and secure payment processing via Shopify.

10. Children's Privacy

Our store is not directed at children under the age of 16. We do not knowingly collect personal data from minors. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For significant changes, we will notify you by email or a prominent notice on our website.

12. Contact Us

If you have any questions, concerns, or requests regarding your personal data, please contact us:

•       Email: support@terralox.eu

•       Website: terralox.eu