1. Introduction
Welcome to Pikabox (www.pikabox.shop, “we”, “us”, “our”). Your privacy is critically important to us. This Privacy Policy outlines how we collect, use, protect, and disclose your personal information when you visit or make a purchase from our website.
We are committed to protecting your personal data and complying with the EU General Data Protection Regulation (GDPR) and other applicable European data protection laws. By using our website, you agree to the practices described in this policy.

2. Data Controller
The data controller responsible for your personal data collected through www.pikabox.shop is:
Pikabox (the legal entity operating the website)
You can contact us regarding any privacy-related matters using the contact information provided on our website (typically found in the “Contact Us” or “Customer Service” section).

3. Personal Data We Collect
We collect various types of personal information about you, which may include:

  • Identity Data: First name, last name, username or similar identifier.

  • Contact Data: Billing address, delivery address, email address, and telephone numbers.

  • Financial Data: Payment card details (usually processed securely by our third-party payment providers; we do not store full card details).

  • Transaction Data: Details about payments to and from you and other details of products and services you have purchased from us.

  • Technical Data: Internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.

  • Usage Data: Information about how you use our website, products, and services.

  • Marketing and Communications Data: Your preferences in receiving marketing from us and our third parties and your communication preferences.

We collect this data through:

  • Direct interactions: You provide data by filling in forms, creating an account, placing an order, subscribing to our newsletter, or contacting us.

  • Automated technologies: As you interact with our website, we may automatically collect Technical Data and Usage Data about your equipment, browse actions, and patterns. We collect this personal data by using cookies and similar technologies (please see our Cookie Policy for details).

4. Legal Basis for Processing Your Personal Data
We process your personal data based on the following GDPR lawful bases:

  • Performance of a contract: To process and deliver your orders, manage your account, and provide you with the services you requested.

  • Legal obligation: To comply with our legal and regulatory obligations (e.g., tax and accounting).

  • Legitimate interests: To manage our business, improve our website and services, prevent fraud, conduct analytics, and for direct marketing purposes (provided your interests and fundamental rights do not override our interests). You can object to this processing at any time.

  • Consent: Where you have given us explicit consent to process your data for a specific purpose, such as sending you email marketing communications or using certain types of cookies. You can withdraw your consent at any time.

5. How We Use Your Personal Data
We use your personal data for the following purposes:

  • To process and manage your orders, payments, and deliveries.

  • To manage our relationship with you, including managing your account and providing customer support.

  • To improve our website, products, services, marketing, and customer experiences.

  • To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting, and hosting of data).

  • To send you relevant marketing communications, if you have opted-in to receive them.

  • To prevent and detect fraud.

  • To comply with legal and regulatory requirements.

6. Data Sharing and Disclosure (Third Parties)
We may share your personal data with the following categories of third parties for the purposes outlined in this policy:

  • Service Providers: Companies that help us operate our business, such as payment processors (e.g., Stripe, PayPal), logistics and shipping companies, IT and web hosting providers, email marketing platforms, and analytics providers.

  • Professional Advisers: Including lawyers, bankers, auditors, and insurers.

  • Authorities: Regulators and other authorities who require reporting of processing activities in certain circumstances or to comply with legal obligations.

  • Marketing Partners: If you have provided consent, we may share data with advertising partners to show you relevant ads.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
International Transfers: Some of our external third-party providers may be based outside the European Economic Area (EEA). Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring appropriate safeguards are implemented, such as using Standard Contractual Clauses approved by the European Commission.

7. Data Security
We have implemented appropriate technical and organisational security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered, or disclosed. We limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know.
While we strive to protect your data, no internet transmission or electronic storage method is 100% secure.

8. Data Retention
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements.
To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process your data and whether we can achieve those purposes through other means, and the applicable legal requirements.

9. Your Data Protection Rights (GDPR)
Under the GDPR, you have the following rights regarding your personal data:

  • Right of Access: Request access to your personal data.

  • Right to Rectification: Request correction of inaccurate or incomplete data.

  • Right to Erasure (‘Right to be Forgotten’): Request deletion of your personal data where it’s no longer needed or if you withdraw consent, among other cases.

  • Right to Restriction of Processing: Request the restriction of processing your data in certain circumstances.

  • Right to Data Portability: Request to receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.

  • Right to Object: Object to the processing of your data based on our legitimate interests or for direct marketing purposes.

  • Right to Withdraw Consent: Withdraw your consent at any time where processing is based on consent.

  • Right to Lodge a Complaint: Lodge a complaint with a competent data protection supervisory authority (e.g., the authority in your EU country of residence).

To exercise any of these rights, please contact us using the contact information provided on our website. We may need to request specific information from you to help us confirm your identity.

10. Cookies
We use cookies and similar technologies. For detailed information on the cookies we use and the purposes for which we use them, please see our [Cookie Policy]([Link to Your Cookie Policy]).
<– Note: You MUST insert the actual link to your Cookie Policy here.

11. Children’s Privacy
Our website is not intended for children under the age of 16, and we do not knowingly collect personal data from children under 16 without verifiable parental consent. If you believe we might have collected information from a child under 16, please contact us.

12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will post any changes on this page and update the “Effective Date” at the top. We encourage you to review this policy periodically.

13. Contact Information
If you have any questions about this Privacy Policy or our privacy practices, please contact us through the channels provided in the “Contact Us” or “Customer Service” section of our website, www.pikabox.shop.