At Tongkat Ali Shop, we are committed to safeguarding your privacy and ensuring the protection of your personal data. This policy outlines our data processing practices and your rights concerning your personal data.
Data Collection and Purpose
Direct Information for E-Commerce
We collect data such as your name, email address, shipping and billing addresses, and payment details for the purpose of processing and shipping your orders. This processing is necessary for the performance of a contract to which you are a party.
For processing payments on our website, we use third-party payment providers: Klarna, PayPal, and WooCommerce Payment. When you make a purchase, some of your personal data will be passed to these providers, including information required to process or support the payment, such as the purchase total and your billing information.
Order Processing & Fulfillment
We use your data to fulfill your orders, communicate with you about your purchases, and provide customer service. We share your address data with our fulfillment partner.
When you create a user account on our website, we collect and store information that you provide, such as your name, email address, and password. This data is used to personalize your experience, track your orders, and manage your preferences. Your account information is protected by the password you use to access your online account. It is important that you keep this password confidential. We recommend using a unique password for our website and regularly updating it. If you suspect any unauthorized access to or use of your account, please contact us immediately.
With your explicit consent, we may send you emails about new products, special offers, and other updates using Klaviyo.
We gather information about your visit using Google Analytics 4 in order to understand website traffic and user interactions. This processing is based on our legitimate interest in monitoring and improving our website and services. This data is anonymized and does not personally identify individual users.
Cookies and Consent
What Are Cookies?
Cookies are small text files that are stored on your computer or mobile device when you visit a website. They are used to remember your preferences, track information about your visit, and make your browsing experience more seamless. Cookies can be “persistent” or “session” based. Persistent cookies remain on your device when you go offline, while session cookies are deleted as soon as you close your web browser. Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
Klaviyo: We utilize Klaviyo for email marketing. When you subscribe to our newsletter, your email address is stored in Klaviyo.
Google Analytics: As mentioned above, we use Google Analytics 4 in order to
Data Protection and Retention
We employ robust security measures to protect your personal data. We retain your data only for as long as necessary for the purposes set out in this policy, after which it is securely deleted.
International Data Transfers
If we transfer personal data outside the EU, we ensure that adequate safeguards, such as Standard Contractual Clauses, are in place as per GDPR requirements.
You have several rights under the GDPR:
- Access: Request a copy of your personal data.
- Rectification: Correct any inaccurate data.
- Erasure: Request deletion of your data.
- Restriction: Limit the processing of your data.
- Portability: Obtain your data in a machine-readable format.
- Objection: Object to certain types of processing, such as marketing.
To exercise any of these rights, contact us at email@example.com.
How Do We Protect Your Data
We have taken appropriate security measures to protect your personal data against loss, misuse and unauthorized access. The number of people who have access to your personal data is limited. Only people with us who need to process your personal data have access to them. We use industry standards to store, process and communicate sensitive information in a secure manner, e.g. SSL/TLS and other encryption solutions.
Data Breach Notification
In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours.
Our website is not intended for children, and we do not knowingly collect data from individuals under 16 without parental consent.
Links to Other Websites
Right to Lodge a Complaint
If you believe your data is being processed unlawfully, you have the right to lodge a complaint with your local supervisory authority.
Changes to This Policy
For questions or concerns about this policy or your data, reach out to us at firstname.lastname@example.org.