No products in the cart.
Privacy Policy
Tokavo highly values the protection of customers' personal data and is committed to strictly complying with current personal data protection regulations. This policy is designed to transparently and thoroughly explain how we collect, use, store, and protect the personal data you provide when accessing our website or making purchases at our store. Additionally, this policy ensures compliance with the European Union’s General Data Protection Regulation (GDPR) as well as equivalent regulations in the United Kingdom (UK GDPR).
1. Data Controller
The entity responsible for managing and protecting your personal data is Tokavo, headquartered at: 1 West St, Danbury, CT 06810, USA. When you visit our website or make a purchase, all personal information you provide will be processed under strict privacy regulations. For any inquiries or requests related to your personal data, please contact our customer support team at [email protected] for timely assistance.
2. Legal Basis for Processing Personal Data
Our collection and processing of your personal data are always based on solid legal grounds to ensure transparency, legality, and proper purpose. Primarily, we need to process personal data to fulfill contractual obligations with you, including order receipt, processing, payment, and timely, accurate product delivery. This basis corresponds to Article 6(1)(b) of the GDPR.
Additionally, we have legitimate interests protected under Article 6(1)(f) of the GDPR to improve customer experience by developing and enhancing website functionality, as well as preventing fraud and protecting our assets and systems from illegal acts or abuse.
We also comply with legal obligations stipulated by U.S. law and international standards, particularly for storing invoices and accounting documents, based on Article 6(1)(c) of the GDPR.
Finally, if you consent, we may use your personal data for marketing communications, advertising, or user behavior analysis to optimize our services. The legal basis here is your consent under Article 6(1)(a) of the GDPR. You have the right to withdraw your consent at any time without affecting the lawfulness of prior data processing.
3. Your Rights under GDPR and UK GDPR
As a customer residing in the European Union (EU), European Economic Area (EEA), or the United Kingdom (UK), you are entitled to a comprehensive set of data protection rights. First, you have the right to be fully informed about what personal data we hold and how it is used. If the stored information is inaccurate or outdated, you may request correction or updating to ensure accuracy.
In certain circumstances, you may request us to erase your personal data if it is no longer necessary or lawful to retain it; however, deletion may be restricted if we have legal obligations to retain the data (e.g., for tax or accounting purposes).
You have the right to request restrictions on data processing in specific cases, such as when disputing data accuracy or objecting to processing based on our legitimate interests.
The right to data portability allows you to receive your personal data in a machine-readable format and transfer it to another service provider or organization, enhancing your control over your information.
You also have the right to object to the use of your data for direct marketing or processing based on legitimate interests.
Furthermore, if you previously consented to our data processing, you may withdraw that consent at any time without affecting the legality of prior processing activities.
To exercise any of these rights, please contact us at [email protected]. We commit to respond promptly and comply within the 30-day timeframe required by law.
4. Data Transfers Outside the EU and EEA
Because our servers and order processing services are located in the United States, transferring your personal data outside the EU and EEA is necessary to complete processing and transactions. All such data transfers strictly comply with GDPR requirements.
Specifically, we apply the European Commission-approved Standard Contractual Clauses (SCCs) to protect your data during international transfers, ensuring your rights are fully maintained. Additionally, where applicable, we implement equivalent safeguards or legally recognized mechanisms. If necessary, we will obtain your explicit consent at the time of purchase before transferring your data.
We are committed to protecting your personal data comprehensively, even when transmitted across national borders.
5. Data Retention Period
We retain your personal data only as long as necessary to fulfill the stated purposes or to comply with legal requirements. Order, payment, and delivery data will be stored for up to 6 years to meet U.S. accounting and tax obligations and international standards.
Marketing-related data via email will be kept for a maximum of 12 months from your last interaction with promotional content. If you cease interaction or withdraw consent, we will delete or anonymize this data to protect your privacy.
For cookies and tracking data, retention periods vary depending on the cookie type, ranging from session-based to 30 or 365 days, to optimize user experience without compromising privacy.
6. Recipients of Personal Data
We never sell or transfer your personal data to unrelated third parties. However, to process orders, deliveries, and improve services, we may share your data with carefully selected partners who strictly comply with data protection regulations.
Specifically, payment processors like PayPal receive necessary data to securely complete transactions. Delivery partners such as DHL, USPS, or other couriers receive address and related information to ensure correct and timely shipment.
We also use analytics tools such as Google Analytics and Hotjar to collect anonymized data to improve our website and customer experience. These tools are only activated with your consent via cookie settings on our site.
All third parties mentioned must adhere to data protection regulations and have signed Data Processing Agreements (DPAs) with us to ensure the utmost security of your personal data.
7. Personal Data Security Measures
We apply a range of technical and organizational measures to protect your personal data from unauthorized access, disclosure, loss, or unauthorized alteration. All data transmitted through our website is encrypted using modern SSL/TLS technology to secure information during transmission.
Access to data is strictly limited to authorized personnel trained in information security. We regularly back up data and conduct security audits to identify and mitigate risks promptly.
Furthermore, we enforce stringent internal policies aligned with international standards to ensure that all personal data processing activities are transparent, secure, and responsible.
8. Cookies and Analytics Policy
Our website uses cookies to enhance user experience, including essential cookies necessary for basic site functions and analytical cookies to understand customer behavior and improve services.
Analytical tools such as Google Analytics and Hotjar are activated only after you consent via cookie settings on our website. You can customize, accept, or reject cookies anytime through your browser settings or our cookie management system.
9. Complaints and Supervisory Authorities
If you believe we have violated your privacy rights or improperly processed your personal data, you have the right to file a complaint with the data protection authority in your country of residence. Common supervisory authorities include:
French National Data Protection Commission (CNIL): www.cnil.fr
German Federal Commissioner for Data Protection and Freedom of Information (BfDI): www.bfdi.bund.de
UK Information Commissioner’s Office (ICO): www.ico.org.uk
We pledge to cooperate closely and transparently with these authorities to ensure the highest protection of your rights.
10. Contact Information
For any questions, concerns, or requests related to this privacy policy or your personal data, please contact us at:
(203) 646-0110
1 West St, Danbury, CT 06810