Privacy Policy

Effective Date: September 27, 2024

TinyShi.com (“we,” “us,” or “our”) is operated by TinyShimu LTD, located at Siraj Tower, Holding number 2820, South Donia Dhaka-1236. We are committed to protecting your privacy and handling your data in a transparent and secure manner. This Privacy Policy explains how we collect, use, share, and protect your personal data when you visit our website or make a purchase. It also outlines your rights under the General Data Protection Regulation (GDPR).

1. Data Controller

The data controller for TinyShi.com is TinyShimu LTD.

  • Business Name: TinyShimu LTD
  • Address: Siraj Tower, Holding number 2820, South Donia Dhaka-1236
  • Email: shimurigid@gmail.com

2. Data Collection

We collect and process the following categories of personal data:

  • Contact Information: Name, email address, phone number, billing, and shipping addresses.
  • Payment Information: Credit/debit card details and other payment details (handled securely by our third-party payment processors).
  • Account Information: Username, password, and other login credentials.
  • Purchase History: Details of products purchased, order history, and preferences.
  • Browsing Information: IP address, browser type, pages visited, time spent, and other website interaction details.
  • Communication Data: Any data you provide when you contact us via email or other channels.

3. Purpose of Data Collection

We collect and use your personal data for the following purposes:

  • To process orders: Handling payments, shipping products, and providing order updates.
  • To communicate with you: Sending order confirmations, marketing emails (with your consent), and responding to inquiries.
  • To improve our website: Analyzing user behavior to enhance the shopping experience.
  • To comply with legal obligations: Keeping records and responding to law enforcement requests.
  • For marketing purposes: Sending promotional offers and newsletters if you have opted in.

4. Legal Basis for Processing Data

Under the GDPR, we process your personal data based on the following legal grounds:

  • Consent: When you subscribe to newsletters or marketing communications.
  • Contractual Necessity: When processing your orders and payments.
  • Legal Obligation: For record-keeping and compliance with laws.
  • Legitimate Interests: For improving our website and ensuring security.

5. Data Storage and Retention

We store your data securely and retain it for as long as necessary to fulfill the purposes outlined in this policy or as required by law. The retention periods are:

  • Order Data: 7 years (for tax and accounting purposes).
  • Marketing Data: Until you unsubscribe or withdraw consent.
  • Browsing Data: 2 years for analytical purposes.

6. Data Sharing and Disclosure

We do not sell or rent your personal data. However, we may share your information with:

  • Service Providers: Payment processors, shipping companies, and email marketing services.
  • Legal Authorities: If required by law or to protect our rights and interests.
  • Analytics Providers: To analyze website traffic and user behavior.

All third parties are contractually obligated to handle your data securely and in compliance with GDPR.

7. International Data Transfers

As part of our service, your personal data may be transferred outside the European Economic Area (EEA). In such cases, we ensure appropriate safeguards, such as standard contractual clauses, to protect your data.

8. Security Measures

We employ appropriate technical and organizational security measures to protect your data, including:

  • Encryption: Data is encrypted during transmission and storage.
  • Access Control: Restricted access to personal data.
  • Regular Security Audits: Monitoring and testing our systems for vulnerabilities.

9. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience on our website. For more details, please refer to our Cookie Policy.

10. Your Rights Under GDPR

You have the following rights regarding your personal data:

  • Right to Access: Request a copy of your data.
  • Right to Rectification: Correct any inaccuracies.
  • Right to Erasure: Request deletion of your data.
  • Right to Restrict Processing: Limit how your data is used.
  • Right to Data Portability: Transfer your data to another service.
  • Right to Object: Opt-out of data processing for marketing purposes.
  • Right to Withdraw Consent: Revoke consent at any time.

To exercise these rights, contact us at shimurigid@gmail.com.

11. Marketing Communications

You will only receive marketing communications if you have opted in. You can opt out at any time by clicking the “unsubscribe” link in our emails or contacting us directly.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with the updated effective date.

13. Contact Information

If you have any questions or concerns about this Privacy Policy or wish to exercise your rights, please contact us at:

By using our website, you agree to the collection and use of your personal data in accordance with this Privacy Policy.