Privacy Policy
of the online store tiarashop.eu
Last updated: 01.06.2026
1. INTRODUCTION
This Privacy Policy describes how the Data Controller (full details in Section 2 below), operator of the online store tiarashop.eu (hereinafter “we”, “us” or the “Controller”), collects, uses and protects the personal data of visitors and customers of the Site.
This Policy has been prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) and the applicable data protection legislation.
2. DATA CONTROLLER AND EU REPRESENTATIVE
The online store tiarashop.eu is operated by TG International Corporation (registered company, IBC No. 229622).
In accordance with Article 27 of the GDPR, the Controller has appointed a representative in the European Union to handle matters relating to the processing of personal data of EU data subjects. You may contact the Controller or its EU representative at any time at info@tiarashop.eu, and the representative’s details will be provided upon written request.
Country of registration of the Controller: Republic of Seychelles.
Website: tiarashop.eu
Email: info@tiarashop.eu
3. WHAT PERSONAL DATA WE COLLECT
3.1. When placing an order and registering
- First and last name
- Email address
- Telephone number
- Delivery address
- Billing address (when an invoice is requested)
- Password (stored in encrypted form)
3.2. When subscribing to the newsletter
- Email address
3.3. When communicating with us
- The content of the messages you send us
3.4. Automatically
- IP address (for security purposes)
- Technical data about your device and browser
- Strictly necessary cookies (see Cookie Policy)
3.5. Payment data
We do NOT store your bank card details. All payment processing is carried out by Stripe, Inc. (USA) – a licensed payment operator certified under the PCI-DSS standard.
Stripe, Inc. is certified under the EU-U.S. Data Privacy Framework, which ensures an adequate level of data protection for transfers to the USA pursuant to Article 45 of the GDPR.
4. PURPOSES AND LEGAL BASES FOR PROCESSING
| Purpose | Legal basis |
|---|---|
| Fulfilment of orders and delivery | Performance of a contract |
| Issuing purchase documents | Legal obligation |
| Registration and maintenance of a user account | Performance of a contract |
| Processing returns and complaints | Performance of a contract and legal obligation |
| Sending the newsletter | Explicit consent |
| Communication with the customer | Performance of a contract |
| Fraud prevention | Legitimate interest |
5. RETENTION PERIODS
| Data category | Period |
|---|---|
| Order data | Up to 5 years from the date of the order |
| Sales documents | 10 years (accounting legislation) |
| User account | Until deleted by the user |
| Newsletter email | Until consent is withdrawn |
| Correspondence | Up to 3 years after the last contact |
6. RECIPIENTS OF PERSONAL DATA
Your personal data may be provided to:
- Courier companies – name, address, telephone, email for delivery
- Stripe, Inc. (USA) – payment operator for processing card payments
- Hosting service provider – for storing the Site’s data
- Email service provider – for sending confirmations and communication
- Logistics partner – for processing shipments
- State authorities – where there is a legal obligation
We do not sell your personal data to third parties for marketing purposes.
7. INTERNATIONAL DATA TRANSFER
The payment operator Stripe, Inc. is based in the United States of America. The transfer of data to Stripe is carried out on the basis of the EU-U.S. Data Privacy Framework, under which Stripe, Inc. is a certified company.
In addition, Stripe applies the Standard Contractual Clauses of the European Commission as a safeguard mechanism for international data transfers.
Detailed information on privacy at Stripe: https://stripe.com/privacy
8. YOUR RIGHTS
You have the following rights under the GDPR:
- Right of access – to obtain a copy of your data being processed
- Right to rectification – of inaccurate or incomplete data
- Right to erasure (“right to be forgotten”)
- Right to restriction of processing
- Right to data portability
- Right to object to processing
- Right to withdraw consent at any time
To exercise your rights: info@tiarashop.eu
We will respond within 1 month of receiving the request.
Right to lodge a complaint
You also have the right to lodge a complaint with the competent data protection supervisory authority in your country of residence.
9. NEWSLETTER
Subscribing to the newsletter is voluntary and is carried out with your explicit consent. You can unsubscribe at any time via the link at the bottom of each email message or by writing to us at info@tiarashop.eu.
10. COOKIES
The Site uses only strictly necessary cookies for its operation. Detailed information is available in the Cookie Policy.
11. SECURITY
We apply appropriate technical and organizational measures to protect your personal data: SSL/TLS encryption, access control, backups, secure payment infrastructure.
12. CHILDREN
The online store is not intended for persons under 16 years of age. We do not knowingly collect personal data from children under 16.
13. CHANGES TO THIS POLICY
We reserve the right to update this Privacy Policy. The current version is always available on the Site.
14. CONTACT
Email: info@tiarashop.eu
Website: tiarashop.eu

