Privacy Policy

Effective Date: May 21, 2025

1. Introduction

Welcome to ToffuStore.com. We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, in accordance with the General Data Protection Regulation (GDPR) and applicable Spanish data protection laws.

2. Data Controller

The data controller responsible for your personal data is:

ToffuStore.com
Toffu, CO.
Email: hello@toffu.co

3. Information We Collect

We may collect and process the following categories of personal data:

  • Identification Data: Name, surname, username.

  • Contact Data: Email address, telephone number, billing and shipping address.

  • Payment Data: Credit/debit card information (processed securely via third-party payment processors; we do not store this data).

  • Technical Data: IP address, browser type, operating system, referring URLs, and other technical information.

  • Usage Data: Information about how you use our website, products, and services.

  • Marketing and Communications Data: Your preferences in receiving marketing from us and your communication preferences.

4. How We Collect Your Data

We collect data through:

  • Direct Interactions: When you fill in forms on our website, create an account, subscribe to our newsletter, or contact us.

  • Automated Technologies: As you interact with our website, we may automatically collect technical data about your equipment, browsing actions, and patterns.

  • Third Parties: Such as analytics providers, advertising networks, and payment processors.

5. Purpose and Legal Basis for Processing

We process your personal data for the following purposes:

  • To Fulfill Orders: Processing and delivering your purchases, including managing payments and communicating with you about your orders.

  • Account Management: Managing your account, providing customer support, and verifying your identity.

  • Marketing: Sending you promotional materials, newsletters, and information about products or services that may interest you.

  • Improving Our Services: Analyzing usage data to improve our website, products, and services.

  • Legal Obligations: Complying with legal and regulatory requirements.

The legal bases for processing your data include:

  • Contractual Necessity: Processing necessary for the performance of a contract with you.

  • Legal Obligation: Processing necessary for compliance with legal obligations.

  • Legitimate Interests: Processing necessary for our legitimate interests, provided your interests and fundamental rights do not override those interests.

  • Consent: Where you have given consent for specific processing activities.

6. Data Sharing and Disclosure

We may share your personal data with:

  • Service Providers: Third-party vendors who provide services such as payment processing, order fulfillment, IT services, and marketing assistance.

  • Legal Authorities: When required to comply with legal obligations or to protect our rights and property.

  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the new owner.

All third parties are required to respect the security of your personal data and to treat it in accordance with the law.

7. International Data Transfers

If we transfer your personal data outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place, such as:

  • Transferring to countries deemed to provide an adequate level of data protection by the European Commission.

  • Using standard contractual clauses approved by the European Commission.

  • Ensuring that the recipient is certified under the EU-U.S. Data Privacy Framework (if applicable).

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes we collected it for, including satisfying legal, accounting, or reporting requirements. The retention period may vary depending on the type of data and the purpose of processing.

9. Your Rights

Under the GDPR, you have the following rights:

  • Access: Request access to your personal data.

  • Rectification: Request correction of inaccurate or incomplete data.

  • Erasure: Request deletion of your personal data.

  • Restriction: Request restriction of processing your data.

  • Data Portability: Request transfer of your data to another party.

  • Objection: Object to processing based on legitimate interests or direct marketing.

  • Withdraw Consent: Withdraw consent at any time where we rely on consent to process your data.

To exercise any of these rights, please contact us at [Insert Contact Email].

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption, access controls, and secure servers.

11. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance user experience and analyze website usage. 

12. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of these external sites. We encourage you to read the privacy policies of any third-party websites you visit.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically to stay informed about how we are protecting your information.

14. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

ToffuStore.com
Email: hello@toffu.co