Privacy Policy





Privacy Policy – Cravetoy


Privacy Policy for Cravetoy

Effective Date: December 25, 2025

This Privacy Policy describes how Cravetoy (“we,” “us,” or “our”) collects, uses, and shares your personal information when you use our website, mobile application, or services (collectively, the “Services”). It also explains your rights under the General Data Protection Regulation (GDPR).

1. Data Controller

The data controller responsible for your personal data is Cravetoy. Our contact details are:

Cravetoy
Mailing Address: 7180 Pharr Mill Road, Harrisburg, North Carolina 28075, United States
Customer Service Email: cravetoy.com

2. Information We Collect

We collect information you provide directly to us, such as when you create an account, make a purchase, or contact customer support. This may include:

  • Identity and Contact Data: Name, email address, shipping/billing address, phone number.
  • Financial and Transaction Data: Payment information (processed by secure third-party payment processors), order history, and product details.
  • Technical and Usage Data: IP address, browser type, device information, pages visited, and how you interact with our Services.
  • Marketing and Communications Data: Your preferences in receiving marketing from us.

3. How We Use Your Information (Legal Basis)

We process your personal data on the following legal bases:

  • Contract: To fulfill orders, process payments, and provide the Services you request.
  • Legitimate Interests: To improve our Services, prevent fraud, ensure security, and for direct marketing (where allowed).
  • Consent: Where you have given clear consent, e.g., for specific marketing communications.
  • Legal Obligation: To comply with accounting, tax, or other legal requirements.

4. Data Sharing and Transfers

We may share your data with:

  • Service Providers: Payment processors, shipping carriers, IT and analytics providers.
  • Professional Advisors: Lawyers, accountants, auditors.
  • Legal Authorities: When required by law or to protect our rights.

If we transfer data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses.

5. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy, or as required by law (e.g., for tax, accounting, or legal claims).

6. Your GDPR Rights

You have the following rights regarding your personal data:

  • Right of Access: Request a copy of your data.
  • Right to Rectification: Request correction of inaccurate data.
  • Right to Erasure (“Right to be Forgotten”): Request deletion of your data under certain conditions.
  • Right to Restrict Processing: Request limitation of how we use your data.
  • Right to Data Portability: Request transfer of your data to another controller.
  • Right to Object: Object to processing based on legitimate interests or for direct marketing.
  • Right to Withdraw Consent: Withdraw consent at any time, without affecting prior lawful processing.

To exercise these rights, please contact us using the details in Section 1. You also have the right to lodge a complaint with your local supervisory authority.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

8. Changes to This Policy

We may update this Privacy Policy periodically. The updated version will be posted on our website with a revised effective date.

© 2025 Cravetoy. All rights reserved.

This Privacy Policy is governed by and construed in accordance with the GDPR.