Privacy Policy
Privacy Policy — Tsuki Box
Tsuki Box is committed to protecting your personal data, in accordance with the General Data Protection Regulation (GDPR — Regulation (EU) 2016/679) and applicable Portuguese legislation.
Data Controller:
Nádia Perpétua Soares | NIF: 237183331
Rua da Cruz Vermelha Portuguesa, 15, 3.º Dto, 2640-583 Mafra, Portugal
Email: hello@tsukigiftbox.com
1. Data collected
We collect the following personal data when you make a purchase or contact us: name, delivery and billing address, email address, telephone number and payment data (securely processed by Shopify Payments — we do not store card data). We also automatically collect technical data such as IP address, browser type and pages visited, through cookies.
2. Purpose and legal basis for processing
Your data is processed for the following purposes:
- Contract performance (Art. 6(1)(b) GDPR): processing and delivery of orders, communication regarding order status
- Legal obligation (Art. 6(1)(c) GDPR): invoicing, compliance with tax and accounting obligations
- Legitimate interest (Art. 6(1)(f) GDPR): fraud prevention, website security
- Consent (Art. 6(1)(a) GDPR): sending newsletters and marketing communications, when expressly authorized
3. Retention period
Order data is retained for a minimum period of 10 years, as per tax and accounting obligations. Marketing data is retained until consent is revoked. Technical data (session cookies) is deleted at the end of the session.
4. Data sharing
Your data may be shared with: delivery services and carriers for order fulfillment; Shopify Inc. (payment processor and platform), based in the USA — the transfer is carried out under the Standard Contractual Clauses approved by the European Commission; tax and judicial authorities, when legally required. We do not sell or transfer your data to third parties for marketing purposes.
5. Data transfer outside the EU
Shopify Inc. stores data on servers in the USA and Canada. This transfer is safeguarded by appropriate legal mechanisms (Standard Contractual Clauses). More information in Shopify's Privacy Policy: www.shopify.com/legal/privacy
6. Your rights
Under the GDPR, you have the following rights:
- Right of access: to know what data we hold about you
- Right to rectification: to correct incorrect data
- Right to erasure: to request the deletion of your data
- Right to restriction: to restrict processing in certain circumstances
- Right to data portability: to receive your data in a structured format
- Right to object: to object to processing based on legitimate interest
- Right to withdraw consent: at any time, without affecting the lawfulness of previous processing
To exercise any right, please contact us at hello@tsukigiftbox.com. We will respond within 30 days. You also have the right to lodge a complaint with the CNPD — National Data Protection Commission: www.cnpd.pt
7. Cookies
We use essential cookies (necessary for the website to function), analytical cookies (to understand how you use the website) and marketing cookies (if consented). You can manage your cookie preferences at any time via the cookie banner or in your browser settings.
8. Security
We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss or disclosure. Transactions are encrypted via SSL/TLS.
9. Contact
For any questions regarding the protection of your data, please contact us at: hello@tsukigiftbox.com
Last updated: June 2026