G

Privacy Policy (GDPR Compliance)

GIORA COLLECTIVE INC | Last Updated: 2025

GDPR Compliant | European Economic Area (EEA)

GIORA COLLECTIVE INC (hereinafter referred to as "we", website: gioracollective.com, business email: sale@gioracollective.com) understands the importance of personal data protection. This Privacy Policy is formulated in accordance with the EU General Data Protection Regulation (GDPR) and related laws and regulations, aiming to clarify our collection, use, storage, transmission, and protection of personal data of data subjects within the European Economic Area (EEA), and to safeguard your legitimate data rights.

Please carefully read this Privacy Policy before visiting our website, purchasing our products, using our services, or establishing a cooperative relationship with us, and fully understand our data processing rules. Your continued actions indicate your consent to our processing of your personal data in accordance with this policy.

I Scope of Application

This Privacy Policy applies to all our processing activities in the course of our business, including the collection, recording, storage, use, processing, transmission, provision, and disclosure of personal data of all individuals (including consumers, partner contacts, website visitors, etc., hereinafter referred to as "you") located within the European Economic Area (EEA).

II Types of Personal Data We Collect and the Methods of Collection

(I) Types of Personal Data We Collect

  • Basic Identity Information: Including but not limited to your name, email address (such as your personal email or partner email), phone number, mailing address, etc., used for order delivery, business coordination, and communication.
  • Transaction-Related Information: Including but not limited to your order number, purchased clothing product information, payment amount, payment method, etc., used for transaction settlement, order fulfillment, and after-sales service.
  • Website Access and Usage Information: Including but not limited to your IP address, browser type, access time, accessed pages, device information, etc., collected through website backend statistical tools and cookies, etc., used to optimize website experience, analyze access data, and improve service quality.
  • Sensitive Personal Data: Unless you explicitly consent and it meets legal requirements, we will not proactively collect your sensitive personal data such as race or ethnicity, political opinion, religious or philosophical beliefs, or health status. If collection is necessary due to special business needs, we will take additional security measures.

(II) Data Collection Methods

  • Data Provided by You: This includes, but is not limited to, personal data you voluntarily fill in or provide when registering an account on our official website, submitting orders, contacting customer service, or sending cooperation emails.
  • Data Generated During Business Operations: This includes, but not limited to, personal data related to you that we automatically record or generate during the completion of apparel sales, order delivery, after-sales service, and cooperation coordination.
  • Data Collected Through Technical Means: We collect information related to your access to and use of our official website through our official website backend system, cookies, web beacons, and other legal technical means. You can manage or delete cookies through your browser settings, but this may affect the normal use of some website functions.
  • Data Legitimately Provided by Third Parties: With your consent or in compliance with laws and regulations, we will verify the legality of the source of your relevant personal data obtained from legitimate third parties (such as payment institutions, logistics service providers, etc.).

III Legal Basis and Purpose of Data Processing

In accordance with GDPR requirements, our personal data processing activities are based on the following legal basis:

  • Contractual Needs: To facilitate the signing and performance of contracts related to clothing sales and other related business, and to ensure the smooth operation of order delivery, after-sales service, and other related services, we need to process your identity information, transaction information, and other relevant data.
  • Your Explicit Consent: For the collection and use of certain non-essential data (such as contact information used for marketing), we will clearly inform you before collection and process the data only after obtaining your explicit consent. You may withdraw your consent at any time, and the process of withdrawing consent is no more complicated than giving consent.
  • Pursuit of Legitimate Interests: Without infringing upon your fundamental rights and freedoms, we will process relevant personal data (such as website access data, transaction risk control data, etc.) for legitimate commercial interests such as optimizing our product design, improving service quality, ensuring website and transaction security, and preventing fraud risks.
  • Fulfillment of Legal Obligations: To comply with the laws, regulations, administrative orders, or judicial rulings of the EU and relevant member states (such as tax reporting, data retention requirements, etc.), we need to process relevant personal data.

IV. Storage and Retention Period

  • Storage Method: Servers complying with GDPR security requirements with encryption, access control, firewalls
  • Cross-border Storage: Compliance with GDPR Article 46, EU Standard Contractual Clauses (SCCs)
  • Retention Period: Shortest necessary period, secure destruction after expiration (12 months max for website data)

V. Sharing and Cross-border Transfer

  • Data Sharing: Only with logistics/payment providers, authorized third parties, or legal requirements
  • Cross-border Transfer: Priority to adequacy-assessed countries, SCCs for other regions
  • Protection Level: Substantially equivalent to EEA standards

VI. Your Rights (Based on GDPR)

• Right to Know
• Right to Access
• Right to Correction
• Right to Erasure ("Right to Be Forgotten")
• Right to Restrict Processing
• Right to Data Portability
• Right to Object
• Right to Withdraw Consent

To exercise these rights, contact us at sale@gioracollective.com

Additional Provisions

VII. Data Security Measures

Technical measures (encryption, access control), organizational measures (employee training, role-based access), and emergency response plan (72-hour breach reporting).

VIII. Data Protection Impact Assessment

DPIA conducted for high-risk processing activities (large-scale monitoring, special category data processing) to identify and mitigate risks.

IX. Third-Party Links and Services

Website may contain third-party links; we are not responsible for their privacy practices. Review third-party policies before use.

X. Updates to the Privacy Policy

Policy revised based on legal changes; updated version posted on website with effective date. Core changes notified via email/pop-ups.

XI. Contact Information and Regulatory Authorities

If dissatisfied with our response, you have the right to file a complaint with the data protection regulatory authority of your Member State.

Free shipping

Free Shipping & Returns

Money

100% Money refund

Delivery

Fast send and delivery

Company Info

Customer Service

My Account

PAYMENT & SHIPPING

Need Help? Call Our Award-Warning
©2025, GIORA COLLECTIVE INC. All Rights Reserved.