Privacy Policy
Privacy Policy
Last updated: November 7, 2025
1. Introduction
Welcome to Colorswood.com (the "Site"). We understand the importance of personal information and are committed to handling it responsibly and in accordance with applicable data protection regulations, particularly the EU's General Data Protection Regulation (GDPR) and Digital Services Act (DSA).
This Privacy Policy aims to provide a clear and transparent explanation of how we collect, use, store, and share your personal information when you visit, use our services, or make a purchase, and to inform you of your rights under the law.
2. Data Controller and Shopify's Role
Data Controller: We are the data controller for information you provide directly to us (such as order and account information).
Data Processor: Shopify, our e-commerce platform, processes your data on our behalf to provide our services. This means Shopify processes your personal data based on our instructions and in accordance with its Data Processing Addendum (DPA).
Joint Controller: In some cases, such as when you use services provided directly by Shopify, such as Shop Pay, Shopify may process your data as an independent data controller. We recommend that you also read Shopify's Privacy Policy for a full understanding of its data processing practices.
3. Personal Information We Collect
We only collect information necessary to provide our services and improve your experience.
Information Categories Specific Content and Description
Information You Provide Directly • Contact and Order Information: Name, shipping address, billing address, email address, phone number, details of items purchased.
• Account Information: Username, password (encrypted).
• Communication History: Information you actively provide to us through contact forms, emails, or customer service channels.
Information Collected Automatically When you browse this website, we automatically collect the following using cookies and similar technologies:
• Device and Log Information: IP address, browser type, operating system, referring URL.
• Usage Behavior: Items you view, items added to your shopping cart, browsing history.
Information obtained from third parties • Payment processors (e.g. PayPal, Stripe): We only receive the information necessary to confirm payment and complete an order; we do not store any complete payment card information.
• Shopify: Order and customer management data provided by the platform.
4. How we use your personal information and legal basis
Each of the information we process about you has a specific purpose and legal basis. The table below details these situations:
Processing Purpose Legal Basis (GDPR) Description and Notes
Order and contract fulfillment (processing payments, arranging delivery, providing order confirmation) Contract fulfillment (GDPR Art. 6(1)(b)) Necessary to complete the transaction.
Customer service communications (responding to inquiries, sending important service notifications) Contract fulfillment and Legitimate interests (GDPR Art. 6(1)(f)) Necessary to provide services and improve customer relationships.
Improving the website and services (analyzing website usage, optimizing product offerings) Legitimate interests (GDPR Art. 6(1)(f)) We will assess and balance the privacy risks and you have the right to object to this processing.
Direct marketing (sending you information about new products and promotions, with your consent) Consent (GDPR Art. 6(1)(a)) You can withdraw your consent at any time, free of charge and easily, for example through the "unsubscribe" link in each marketing email. Security and anti-fraud (detecting and preventing fraudulent activities) Legitimate interests and legal obligations (GDPR Art. 6(1)(f)) Necessary to protect our business and your safety. Special note: In accordance with the latest EU guidance, we do not and are prohibited from using profiles based on special categories of data (such as race, health, political opinions, etc.) to target you with advertising - even if you have given us your consent. 5. How we share your personal information We will never sell your personal information. We only share information with third parties in the following circumstances: Service providers: Shopify, payment processors, logistics companies, etc., as described above. They can only access data based on our instructions and are subject to strict contractual confidentiality obligations. Legal requirements: We may disclose information to comply with laws, regulations, court orders, or government requests. International transfers: Our service providers are located around the world. When data is transferred outside the EU (e.g., to the US and Canada), we ensure appropriate safeguards approved by the European Commission are in place, such as Standard Contractual Clauses (SCCs), or that our service providers are certified under the EU-US Data Privacy Framework.
6. Cookies and Tracking Technologies
Necessary cookies: These are required for basic website functionality, such as the shopping cart and checkout, and do not require consent.
Analytical and marketing cookies: These are used to analyze website traffic and personalize advertising. With the exception of essential cookies, we only use these cookies with your explicit consent.
Your Controls: You can revisit and modify your preferences at any time through the cookie consent banner on our website, or manage cookies through your browser settings. Please note that disabling certain cookies may affect website functionality.
7. Your Data Protection Rights (GDPR Rights)
If you are located in the European Economic Area (EEA), you have the following rights. To exercise these rights, please contact us using the contact details at the end of this document.
Right of Access: Obtain a copy of the personal data we hold about you.
Right of Correction: Request correction of inaccurate or incomplete data.
Right to erasure (right to be forgotten): Request the deletion of your data under certain conditions (e.g., when the data is no longer necessary for its original purpose).
Right to restriction of processing: Request that we suspend the processing of your data under certain circumstances.
Right to data portability: Receive the data you have provided to us in a structured, commonly used, machine-readable format and transmit it to another controller.
Right to object: Object to processing based on legitimate interests, including profiling for direct marketing.
Right to withdraw consent: Withdraw your consent for marketing at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
We will respond to your request within one month. If the request is complex or numerous, we may take longer, but we will notify you promptly.
8. Data Retention
We will only retain your personal information for as long as necessary to fulfill the purposes outlined in this Policy. For example, we may retain order information for at least seven years to comply with legal obligations (such as tax and accounting regulations). After the necessary retention period, we will securely delete or anonymize your data.
9. Children's Privacy
Our services are not intended for children under the age of 16. We do not knowingly collect personal information from children. If you are a parent or guardian and believe we have collected your child's information, please contact us immediately to request its deletion.
10. Data Security
We implement industry-standard technical and organizational measures (such as encryption and access controls) to protect your data. All payment transactions are processed through a payment gateway that complies with the highest PCI DSS security standards, and we do not store sensitive payment information ourselves.
11. Contact Us
If you have any questions, comments, or concerns about this Privacy Policy, your personal information, or your data rights, or wish to exercise any of your rights, please contact us at:
Email: customer@colorswood.com
If you are not satisfied with our response to your rights request, you have the right to lodge a complaint with the data protection authority in your country.
12. Policy Changes
We may update this Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any significant changes by posting the updated Policy on this page and updating the "Last Updated" date at the top.