Effective Date: 09/06/2025

Company: Tiny Stories

 

We value your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, and safeguard your information when you use our online store: www.tinystories.pt, in accordance with the General Data Protection Regulation (GDPR).

 

1. Data Controller

 

The controller of your personal data is:

Tiny Stories - linen baby clothes

Porto, Portugal

Email: info@tinystories.pt

Phone: 923579652

 

2. Personal Data We Collect

 

When you use our online store, we may collect the following data:

 

a) During Order Placement:

    •    Full name

    •    Email address

    •    Shipping and billing address

    •    Phone number

    •    Payment information (processed securely via third-party payment processors)

b) Automatically Collected (via cookies and analytics):

    •    IP address

    •    Browser and device type

    •    Session duration, pages visited, cart behavior

 

3. Purposes of Data Use

 

We use your data to:

    •    Process and fulfill your orders

    •    Manage payments and invoices

    •    Provide customer support

    •    Send order confirmations and delivery updates

    •    Improve our website and shopping experience

    •    (If consented) send promotional offers and updates

 

4. Legal Basis for Processing

 

Your data is processed based on:

    •    Contractual necessity (to process orders)

    •    Legal obligations (e.g., tax recordkeeping)

    •    Legitimate interest (site security, service improvement)

    •    Consent (for marketing and cookies)

 

5. Data Sharing

 

We may share your data with:

    •    Payment providers (e.g., Stripe, PayPal)

    •    Delivery services (e.g., Ctt, DHL, UPS)

    •    IT service providers (e.g., website hosting, email platforms)

    •    Government authorities if legally required

 

6. Cookies and Tracking

 

We use cookies to:

    •    Enable cart and checkout functionality

    •    Analyze website usage (e.g., Google Analytics)

    •    Improve performance and offer personalized content

 

Non-essential cookies require your prior consent. You can manage or withdraw cookie consent at any time via our Cookie Settings.

 

All third parties are bound by data processing agreements (DPAs) to ensure GDPR compliance.

 

7. Data Retention

 

We retain personal data:

    •    As long as necessary for fulfilling your order and after-sales service

    •    As required by tax and accounting laws (typically 5–10 years)

    •    For marketing, only with your consent and until you unsubscribe

 

8. Your Rights Under GDPR

 

You have the right to:

    •    Access your data

    •    Correct or delete your data

    •    Restrict or object to processing

    •    Withdraw consent at any time

    •    Receive your data in portable format

    •    File a complaint with your local Data Protection Authority

 

To exercise your rights, email us at info@tinystories.pt

 

9. Data Security

 

We implement technical and organizational measures to protect your data, including:

    •    SSL encryption

    •    Secure payment processing

    •    Access control for internal systems

 

10. Changes to This Policy

 

We may update this policy from time to time. Updates will be posted on this page with a new effective date.

 

11. Contact Us

 

If you have questions about this policy or how your data is handled, contact us at:

 

Tiny Stories

Email: info@tinystories

Address: R Santos Pousada 357 - V13

Bonfim

4000-486 Porto