Privacy policy

. Data Controller

For consumer personal data generated from orders placed within the EU, Cherrycom Worldwide SL (VAT No.: B01965813, registered address: 3 Rua do Al-Ferrari, Getafe, Madrid, 28091, Spain) acts as the designated data controller, complying with GDPR requirements. A Hong Kong-registered store operator maintains the website's technical operations and data storage services through a contractual partnership with the Spanish entity. We do not collect or publish any consumer contact information in the course of our business operations.

2. Categories of Data We Collect

Basic checkout information: name, delivery address, email address, telephone number; transaction payment metadata; website browsing behavior analysis data collected through authorized cookies. Unless otherwise required by law, we will never request sensitive personal data, including identity card numbers or passport information.

3. Legal Basis for Data Processing

Data processing is based on contractual obligations to fulfill orders, legitimate business operating interests, and legal obligations under EU GDPR regulations.

4. User GDPR Legal Rights

EU consumers have enforceable rights, including access to personal data, correction of content, permanent deletion of data, restriction of processing, export of portable data, and formal objection to non-essential data marketing uses. You can submit all privacy-related inquiries through the contact details listed on the "Contact Us" page.

5. Data Storage Period

Consumer order records will be retained for 3 years to resolve after-sales disputes and fulfill tax regulatory obligations. Non-mandatory marketing cookies will be automatically deleted 12 months after your last visit to the website.