What Personal Data We Collect and Why We Collect It
We collect data to fulfill orders, improve your experience, and meet legal requirements.
Data we collect includes:
– Personal data: name, email address, phone number, shipping and billing address.
– Transactional data: order history, payment status.
– Technical data: IP address, browser type, cookies, device type.
– Account data: for registered users (if any).
We do not collect or process sensitive data such as health or biometric information.
Data may be collected through orders, contact forms, cookies, analytics tools, and embedded content (e.g. YouTube, Instagram).

Comments
If visitors leave comments, we collect the data shown in the comments form, along with the visitor’s IP address and browser user agent string to help spam detection.

Media
If you upload images to the website, avoid uploading images with embedded location data (EXIF GPS) as visitors can extract that data.

Contact Forms
If you contact us via a form, we collect your name, email, and message. We keep submissions for 6 months for customer service purposes, but do not use this information for marketing unless consent is given.

Cookies
Our website uses cookies to:
– Maintain your shopping cart
– Remember your preferences
– Enable analytics and performance tracking
– Serve personalized content and ads (if applicable)
You can manage cookies in your browser settings. For more information, visit https://www.allaboutcookies.org.

Analytics
We use Google Analytics to understand how users interact with our site. This data is anonymized and used to improve user experience.
– Google’s Privacy Policy: https://policies.google.com/privacy
– Opt-out: https://tools.google.com/dlpage/gaoptout

Who We Share Your Data With
We share your data only with trusted third parties necessary to operate our store:
– Payment processors: Stripe, PayPal
– Analytics tools: Google Analytics
Each partner receives only the data necessary to perform their function and must protect your data under applicable privacy laws.

How Long We Retain Your Data
Data Retention Schedule:
– Contact form entries: 6 months
– Analytics data: 12 months
– Order & customer data: 10 years (for legal compliance)

Your Rights Over Your Data
You may request to:
– Access your personal data
– Correct inaccurate information
– Delete your data (subject to legal constraints)
– Withdraw consent for marketing
To exercise these rights, contact us at: support@thorink.com

Where Your Data Is Sent
Your data may be processed outside the EU. We ensure any transfers are protected by standard contractual clauses or equivalent safeguards.

How We Protect Your Data
We implement security measures including:
– SSL encryption
– Restricted admin access
– Secure hosting infrastructure
– Staff awareness on data protection

Data Breach Procedures
We will notify affected users and authorities of any data breach as required by law. We have internal protocols to identify, contain, and report breaches within 72 hours.

Third-Party Data Sources
We may receive anonymized behavioral data from advertising or analytics platforms, but we do not purchase or sell personal data.

Automated Decision-Making and Profiling
We do not perform automated decision-making or user profiling based on your data.

Regulatory Disclosure Requirements
ThorInk complies with applicable international privacy laws including GDPR and CCPA. This policy will be updated as needed to maintain compliance.