Privacy policy
. Data Controller
For consumer personal data generated from orders placed within the EU, Cherrycom Worldwide SL (VAT No.: B01965813, registered address: 3 Rua do Al-Ferrari, Getafe, Madrid, 28091, Spain) acts as the designated data controller, complying with GDPR requirements. A Hong Kong-registered store operator maintains the website's technical operations and data storage services through a contractual partnership with the Spanish entity. We do not collect or publish any consumer contact information in the course of our business operations.
2. Categories of Data We Collect
Basic checkout information: name, delivery address, email address, telephone number; transaction payment metadata; website browsing behavior analysis data collected through authorized cookies. Unless otherwise required by law, we will never request sensitive personal data, including identity card numbers or passport information.
3. Legal Basis for Data Processing
Data processing is based on contractual obligations to fulfill orders, legitimate business operating interests, and legal obligations under EU GDPR regulations.
4. User GDPR Legal Rights
EU consumers have enforceable rights, including access to personal data, correction of content, permanent deletion of data, restriction of processing, export of portable data, and formal objection to non-essential data marketing uses. You can submit all privacy-related inquiries through the contact details listed on the "Contact Us" page.
5. Data Storage Period
Consumer order records will be retained for 3 years to resolve after-sales disputes and fulfill tax regulatory obligations. Non-mandatory marketing cookies will be automatically deleted 12 months after your last visit to the website.