At Toyra, we are deeply committed to protecting your personal data and maintaining full transparency about how we collect, process, and safeguard your information. This Privacy Policy outlines our data handling practices in strict accordance with the European Union General Data Protection Regulation (GDPR).

1. General Information & Data Controller
The data controller responsible for processing your information on this website is:

Company Name: Toyra

Representative: BA Immaculate Mugala

Address: Moosstraße 199a, 5020 Salzburg, Austria

Contact Email: info@toyra.eu

2. Comprehensive Cookie Policy
To ensure our store functions optimally and to provide a personalized shopping experience, we utilize cookies and similar tracking technologies.

What are Cookies?
Cookies are small text files placed on your device when you load our website. They help us recognize your browser, maintain items in your shopping cart, and evaluate user behavior.

Types of Cookies We Use
We categorize our cookies based on their specific utility. Except for essential cookies, we require your explicit prior consent before deploying them:

Essential / Strictly Necessary Cookies: These are vital for basic site infrastructure. They handle security protocols, keep you logged in, remember items added to your shopping cart, and ensure smooth checkout handling. These cannot be deactivated as the store cannot function without them.

Analytics & Performance Cookies: These anonymous cookies gather statistical insights regarding how visitors interact with our storefront, identifying top-performing pages and uncovering technical glitches.

Marketing & Target-Retargeting Cookies: These cookies profile user interests to display relevant, tailored advertisements across external third-party digital networks.

Cookie Consent Management
We deploy a Cookie Consent Banner upon your initial visit to our website. No non-essential analytical or marketing scripts will load until you have actively provided your affirmative consent. You retain the right to modify, adjust, or completely withdraw your tracking preferences at any time via the cookie settings panel on our website.

3. Sharing Data with Third-Party Services
To process your purchases, fulfill logistical obligations, and optimize store marketing, we securely transmit essential fragments of data to verified, GDPR-compliant third-party providers:

Payment Processors
When executing an order, your transaction data is processed via secure, encrypted payment pathways. We do not store raw credit card credentials on our servers.

Stripe: Processes credit/debit card credentials securely.

PayPal: Manages external wallet processing.

Apple Pay & Google Pay: Handles fast-checkout encrypted mobile token authentication.

Klarna: Provisions instant bank transfers and flexible consumer payment options.

Shipping & Logistics Providers
To deliver your purchases, your name, shipping address, and email are shared with our logistics partners:

DHL & National Postal Carriers: Facilitates package transport, physical routing, tracking dispatches, and doorstep delivery completion.

Marketing, Analytics, & Retargeting Infrastructure
We utilize advanced analytics and pixel scripts to monitor storefront conversion rates and curate promotional offers:

Google Analytics: Evaluates general user demographics, operational sessions, and interface traffic behavior.

Meta / Facebook Pixel: Measures social ad efficiency and handles retargeting campaigns for Facebook and Instagram users.

TikTok Pixel: Evaluates user interaction trends derived from TikTok promotional links.

Newsletter & Email Automation Tools: Manages subscription dispatches, customer follow-up notes, and abandoned cart alerts (only deployed if you explicitly opt-in).

4. Data Storage Location & Security Measures
Your data security is paramount to our operations.

Storage Framework: All core customer accounts, transactional history, and website files are securely stored on protected servers located physically within the European Union (EU) or managed by top-tier service providers fully certified under GDPR frameworks.

Encryption Measures: Our entire digital storefront is reinforced with standard Secure Sockets Layer (SSL) or Transport Layer Security (TLS) encryption protocols. This guarantees that your sensitive address inputs and payment transmissions remain fully encrypted and unreadable by unauthorized third parties.

5. Your Legal Rights Under the GDPR
As an EU resident, you possess comprehensive legal protections regarding your personal information. You can exercise these rights at any point by emailing info@toyra.eu:

Right to Access: You can request a complete digital copy of all personal data we currently hold about you.

Right to Rectification: You can request that we immediately correct inaccurate or incomplete personal contact files.

Right to Erasure (“Right to be Forgotten”): You can demand that we completely purge your personal files from our active systems, provided the data is no longer legally mandated for taxation, bookkeeping, or transaction audit compliance.

Right to Data Portability: You can request that we export your primary user data in a structured, commonly used, machine-readable format.

Right to Lodge a Complaint: You retain the legal right to file a formal complaint with an official data protection supervisory authority (such as the Austrian Data Protection Authority / Datenschutzbehörde) if you believe our data processing methods infringe upon standard EU regulations.

6. Contact Information
For any clarification, documentation queries, or to exercise your individual user rights outlined in this policy, please reach out directly to our dedicated compliance desk:

Email: info@toyra.eu