GDPR Compliance

Effective Date: 22.11.2024

Introduction

We are committed to protecting your personal data and ensuring compliance with the General Data Protection Regulation (GDPR). This page outlines your rights under GDPR and provides detailed information about how we handle and protect your data.

For questions about GDPR compliance or to exercise your rights, please contact us at info@tcrstore.com.

Legal Basis for Processing Personal Data

We process personal data under the following legal bases as outlined in the GDPR:

  • Consent: For marketing communications, non-essential cookies, and other specified purposes.

  • Contractual Necessity: To fulfill orders, process payments, and provide customer service.

  • Legal Obligation: To comply with laws and regulations (e.g., tax laws).

  • Legitimate Interests: For fraud prevention, website functionality, and improving user experience.

Your Rights Under GDPR

If you are a resident of the European Economic Area (EEA), you have the following rights regarding your personal data:

  1. Right to Access: Request access to the personal data we hold about you.

  2. Right to Rectification: Correct inaccuracies in your data or complete incomplete information.

  3. Right to Erasure ("Right to Be Forgotten"): Request deletion of your data in specific situations.

  4. Right to Restrict Processing: Limit how your data is processed under certain conditions.

  5. Right to Data Portability: Receive your data in a structured, commonly used format and transmit it to another controller.

  6. Right to Object: Object to data processing based on legitimate interests or for direct marketing purposes.

  7. Right to Withdraw Consent: Withdraw your consent for data processing at any time.

How to Exercise Your Rights:

Contact us at info@tcrstore.com. We will process your request within 30 days in compliance with GDPR regulations.

International Data Transfers

Your personal data may be transferred outside the European Economic Area (EEA), including to countries with different data protection laws. For example:

  • Squarespace, Printful, and Stripe are based in the United States.

We safeguard such transfers through:

  • Standard Contractual Clauses approved by the European Commission.

  • Adequacy Decisions for certain countries.

For more details, contact us at info@tcrstore.com.

Data Security

We implement appropriate technical and organizational measures to protect your data against unauthorized access, disclosure, alteration, or destruction. Examples include:

  • Encrypted payment transactions via Stripe.

  • Secure data storage on Squarespace's hosting platform.

Data Retention

We retain personal data for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Retention periods include:

  • Order details: Retained for tax and accounting purposes for 7 years.

  • Marketing data: Retained until consent is withdrawn.

Data Breach Notification

In the event of a data breach that poses a risk to your rights, we will:

  • Notify affected individuals within 72 hours of becoming aware of the breach.

  • Report the incident to the appropriate data protection authority.

Data Protection Officer (DPO)

Data protection requests are handled by our internal privacy officer. While we have not formally appointed a Data Protection Officer (DPO), our team is trained to ensure compliance with GDPR regulations. For any questions or requests regarding your personal data, please contact us at info@tcrstore.com

Cookie Preferences and Consent

We use cookies to enhance your experience and comply with GDPR.

  • Manage your cookie preferences through our Cookie Settings page.

  • Adjust browser settings to block cookies (note: this may affect website functionality).

Standard Contractual Clauses for Transfers Outside the EU

In compliance with GDPR, when personal data is transferred to countries outside the European Economic Area (EEA), we ensure such transfers are safeguarded through appropriate measures, including:

  • Standard Contractual Clauses (SCCs): We utilize contracts approved by the European Commission to ensure that the rights and freedoms of users are protected even outside the EEA.

  • Adequacy Decisions: For countries recognized by the European Commission as having an adequate level of data protection, transfers are conducted without additional safeguards.

  • Technical and Organizational Measures: We implement additional measures, such as encryption, to secure the transferred data.
    For more information about the applied safeguards, please contact us at info@tcrstore.com.

Contact Information

If you have questions about this GDPR statement or wish to exercise your rights, please contact us at info@tcrstore.com