Privacy Policy (GDPR Compliant)

At [Store Name], we are committed to protecting and respecting your privacy in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our website and services.

1. Information We Collect

When you visit or purchase from our store, we may collect the following personal data:

• Full name

• Email address and phone number

• Shipping and billing address

• Payment details (processed securely by authorized payment providers, not stored by our store)

• Technical data such as IP address, browser type, and cookies

2. Legal Basis for Processing

We process your personal data on the following legal grounds under GDPR:

• Contractual necessity: To process and deliver your orders

• Legal obligation: To comply with tax, accounting, and consumer laws

• Legitimate interests: To improve our services and prevent fraud

• Consent: For sending marketing communications (only with your explicit consent)

3. How We Use Your Information

Your personal data may be used for:

• Processing and fulfilling your orders

• Providing customer support

• Sending you promotions and offers (only if you have opted in)

• Complying with legal obligations

• Improving our website and services

4. Sharing of Information

We only share your personal data with trusted third parties when necessary, such as:

• Shipping and delivery partners

• Authorized payment service providers

• IT service providers who support our website

Your data will never be sold to third parties.

5. International Data Transfers

If we transfer your data outside the European Economic Area (EEA), we ensure that appropriate safeguards (such as Standard Contractual Clauses) are in place to protect your data.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law (e.g., tax and accounting obligations).

7. Your Rights Under GDPR

As a data subject, you have the right to:

• Access your personal data

• Request rectification of inaccurate or incomplete data

• Request erasure of your data (“right to be forgotten”)

• Restrict or object to processing

• Request data portability

• Withdraw your consent at any time (for marketing or optional services)

• Lodge a complaint with your local Data Protection Authority (DPA)

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

9. Contact Us

If you have questions about this Privacy Policy or wish to exercise your GDPR rights, please contact us:

[Store Name]
Email: [moonlightgarden.eu@gmail..com]