Privacy Policy
Last reviewed
1. Who is responsible for your data
The data controller is [[ TODO: registered legal entity name ]], trading as Trendora, registered at:
[[ TODO: registered office address ]]
For anything in this policy, write to tendora@gmail.com. We reply to data requests within 3 working days and resolve them within 30 calendar days.
2. What we collect
Three categories, and nothing outside them.
Data you give us
- To place an order: your name, email address, phone number, delivery address and PIN code. All of it is required to get a parcel to you; none of it is optional decoration.
- To contact support: whatever you choose to put in your message, plus the email address or phone number you used.
Data we collect automatically
- Cart contents, stored in your browser’s local storage on your own device. This never reaches our servers unless you complete checkout.
- Standard server logs from our hosting provider: IP address, user agent, the page requested and the time. These are used to keep the site up and to investigate abuse.
- Advertising and analytics identifiers set by Google — see section 4.
Data we do not collect
We do not collect or store your card number, CVV, UPI PIN or bank credentials. Payment is handled by our payment processor; the card details you enter never pass through, and are never stored on, a Trendora server. We do not buy personal data from data brokers, and we do not track you across other websites for our own purposes.
3. Why we collect it
| What | Why | Lawful basis |
|---|---|---|
| Name, address, phone | To pack, dispatch and deliver your order, and to let the courier reach you | Performance of a contract |
| Email address | Order confirmation, dispatch notice, refund confirmation | Performance of a contract |
| Order history | Handling returns, refunds and warranty claims; tax records | Legal obligation |
| Server logs | Site reliability, fraud and abuse investigation | Legitimate interest |
| Advertising cookies | Serving ads that fund the site’s free content | Consent |
We do not send marketing email unless you ask us to, and we do not treat placing an order as asking us to.
4. Cookies and advertising
Short answer: our own cookies keep your cart working. Google’s cookies pay for the site. You can turn the second kind off without breaking the first.
Some pages on this site — the homepage, category pages, collection pages and product pages — display advertising served by Google AdSense. Ads never appear on the cart, checkout, order confirmation, search, or on any policy page including this one.
Specifically, in relation to Google’s advertising:
- Third-party vendors, including Google, use cookies to serve ads based on your prior visits to this website or other websites.
- Google’s use of advertising cookies enables it and its partners to serve ads to you based on your visit to this site and/or other sites on the internet.
- You may opt out of personalised advertising by visiting Google Ads Settings. Opting out does not remove ads; it makes them less relevant.
- You can opt out of a third-party vendor’s use of cookies for personalised advertising at aboutads.info/choices.
Our Cookie Policy lists each cookie individually, what it does, and how long it lasts.
5. Who we share data with
We share the minimum necessary, with these categories of recipient:
- Delivery couriers — your name, address and phone number, so they can deliver the parcel and call you if they cannot find the address.
- Our payment processor — the payment details you enter go directly to them, along with the order amount.
- Google — advertising and analytics identifiers, as described in section 4.
- Our hosting provider — which necessarily processes server logs on our behalf.
- Law enforcement or a court — where we are legally compelled. We will tell you unless we are legally forbidden from doing so.
We do not sell your personal data. Not to advertisers, not to data brokers, not to anyone, and there is no version of this policy under which we would.
6. How long we keep it
| Data | Kept for | Then |
|---|---|---|
| Order and invoice records | 8 years from the end of the financial year | Deleted. This period is set by tax law, not by us. |
| Support correspondence | 2 years from the last message in the thread | Deleted |
| Server logs | 90 days | Deleted |
| Cart contents | Until you clear them, or your browser does | Never leaves your device |
7. Your rights
You can require us to do all of the following, free of charge. Email tendora@gmail.com.
- Access — get a copy of the personal data we hold about you.
- Correction — have inaccurate data fixed.
- Erasure — have your data deleted, except records we are legally required to retain (see section 6).
- Portability — receive your data in a machine-readable format.
- Objection — object to processing based on legitimate interest.
- Withdraw consent — for anything based on consent, including advertising cookies, at any time and without penalty.
We will ask you to verify your identity before acting on a request. This is not obstruction: releasing your order history to somebody who has merely learned your email address would be a worse breach than any this policy is designed to prevent.
If you believe we have mishandled your data, you may complain to the relevant data protection authority in [[ TODO: governing jurisdiction ]]. We would rather you told us first, but you are not required to.
8. How we protect it
The site is served over HTTPS. Card data never touches our systems. Access to order data is limited to the people who need it to fulfil orders and answer support requests, and it is logged.
No system is perfectly secure, and any company claiming otherwise is either mistaken or lying. If we suffer a data breach that is likely to result in a risk to your rights, we will notify the supervisory authority within 72 hours and tell you directly without undue delay.
9. Children
This site is not directed at children under 13, and we do not knowingly collect their personal data. If you believe a child has provided us with personal data, email tendora@gmail.com and we will delete it.
10. Changes to this policy
When we change this policy we update the “last reviewed” date at the top of the page. For changes that materially affect your rights — a new category of data, a new recipient, a longer retention period — we will say so prominently on the site rather than relying on you to re-read this page.
Continuing to use the site after a change means you accept the updated policy. If you do not, you can exercise the erasure right in section 7 and stop.
Something here unclear or out of date? Tell us — we correct policy pages on the same working day.