Privacy policy

Last updated: [April, 12, 2026]

This Privacy Policy explains how Gioude (CNPJ: 57.293.964/0001-92), trading as Gioude ("we", "us", "our"), collects, uses, stores, and shares personal data when you visit gioude.com or place an order.

We serve customers globally and are committed to handling personal data responsibly and in compliance with applicable privacy laws.

1. Data Controller

Gioude

CNPJ: 57.293.964/0001-92

Rua Setenta e Oito, Casa 1732 — Quadra 97, Lote 32

Engenho do Mato — Niterói, RJ — CEP 24344-578 — Brazil

Contact: gioudecenter@gmail.com

2. Data We Collect

a) Information you provide:

Full name

Email address

Shipping and billing address

Payment information (processed by Stripe or PayPal — we do not store card details)

Support communications

b) Information collected automatically:

IP address and approximate geographic location

Browser type, version, and language

Device type and operating system

Pages visited, navigation paths, and session duration

Referring URL

Cookie identifiers and session data

c) Marketing data (opt-in only):

Email engagement data (opens, clicks, unsubscribes)

3. How We Use Your Data

Purpose

Legal Basis (GDPR / UK GDPR)

Processing and fulfilling your order

Performance of a contract

Order confirmations and shipping notifications

Performance of a contract

Handling returns, refunds, and support

Contract performance / Legitimate interests

Sending marketing emails

Consent

Website analytics and improvement

Legitimate interests

Fraud prevention and security

Legitimate interests / Legal obligation

Legal and tax compliance

Legal obligation

Advertising & retargeting

Consent (EU/UK/Switzerland/Norway); Legitimate interests elsewhere where permitted

Equivalent legal bases apply under Brazil's LGPD, Australia's Privacy Act 1988, Canada's PIPEDA and Quebec Law 25, South Korea's PIPA, Japan's APPI, India's DPDPA 2023, South Africa's POPIA, Singapore's PDPA, and other applicable national laws.

4. Marketing Communications

If you opt in, we may send promotional emails about our products, offers, and updates. You may unsubscribe at any time via the link in any marketing email or by emailing gioudecenter@gmail.com with "Unsubscribe" as the subject.

Opting out does not affect transactional order communications.

5. How We Share Your Data

We do not sell your personal data. We share it only with the following trusted service providers:

Third Party

Purpose

Location

Shopify Inc.

E-commerce platform & infrastructure

Canada / Global

Stripe

Payment processing

United States

PayPal

Payment processing

United States

Fulfillment suppliers & 3PL providers

Order fulfillment

China, United States, EU

Meta Platforms

Advertising (after consent where required)

United States

Google LLC

Analytics & advertising (after consent where required)

United States

[EMAIL MARKETING PROVIDER]

Marketing email delivery

[Location]

All third parties are contractually required to process data only for specified purposes and to maintain appropriate technical and organisational security measures.

6. Cookies & Tracking Technologies

Category

Purpose

Activation

Strictly necessary

Cart, checkout, session authentication

Always active

Functional / preferences

Language, currency, settings

Always active

Analytics

Website usage analysis (e.g., Google Analytics)

Consent required — EU/UK/Norway/Switzerland; active elsewhere

Marketing & advertising

Targeting & retargeting (Meta Pixel, Google Ads)

Explicit opt-in consent required — EU/EEA/UK/Norway/Switzerland. Opt-in recommended globally.

For EU, EEA, UK, Norwegian, and Swiss visitors: Marketing and analytics tracking technologies, including the Meta Pixel and Google Analytics, are not activated until you give explicit informed consent through our cookie consent banner, in compliance with the EU ePrivacy Directive (2002/58/EC), GDPR, UK PECR, and equivalent national laws.

You may withdraw consent or change preferences at any time through our cookie preference centre.

For all other visitors: You may manage or disable cookies at any time through your browser settings.

7. International Data Transfers

We are based in Brazil and serve customers globally. Your data may be processed in countries outside your own.

EU/EEA & UK: Transfers rely on Standard Contractual Clauses (SCCs) and, for UK transfers, the International Data Transfer Agreement (IDTA), or adequacy decisions where applicable.

Australia: Transfers are made under contractual obligations consistent with the Australian Privacy Principles (APPs), or where the recipient country has comparable protections.

Canada (Quebec): Transfers outside Quebec are subject to privacy impact assessments and contractual protections consistent with Quebec Law 25.

Brazil: International transfers comply with Arts. 33–36 of the LGPD.

South Africa: International transfers comply with Section 72 of POPIA and are made to jurisdictions with adequate protection or under binding contractual obligations.

Singapore: Transfers comply with the transfer limitation obligation under the PDPA and binding contractual arrangements.

8. Data Retention

Data Category

Retention Period

Order and transaction data

Up to 10 years (legal / tax obligations)

Customer account data

Duration of relationship + 3 years

Marketing data

Until unsubscribe or deletion request

Analytics data

Up to 26 months

Support communications

Up to 3 years

Upon expiry, data is securely deleted or irreversibly anonymised.

9. Your Rights by Jurisdiction

To exercise any right, contact us at gioudecenter@gmail.com. We respond within 30 days (or sooner where required by local law). Identity verification may be required.

EU / EEA — GDPR

Access · Rectification · Erasure · Restriction · Portability · Object to processing · Withdraw consent · Lodge complaint with your national data protection authority.

EU DPA directory: edpb.europa.eu/about-edpb/about-edpb/members_en

United Kingdom — UK GDPR

All GDPR rights above apply.

Complaints: Information Commissioner's Office (ICO) — ico.org.uk

Germany

All GDPR rights apply. You may also contact your federal state (Land) data protection authority (Landesbeauftragter für Datenschutz).

France

All GDPR rights apply.

Complaints: Commission Nationale de l'Informatique et des Libertés (CNIL) — cnil.fr

Brazil — LGPD (Arts. 17–22)

Confirm processing · Access · Correct data · Anonymise / block / delete unnecessary data · Portability · Information on third parties · Revoke consent · Lodge complaint with the ANPD — gov.br/anpd

Australia — Privacy Act 1988 (APPs)

Access · Correct personal information · Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) — oaic.gov.au

Canada — PIPEDA / Quebec Law 25

Access · Correct inaccuracies · Withdraw consent · Complaint to the Office of the Privacy Commissioner of Canada — priv.gc.ca

Quebec residents may also contact the Commission d'accès à l'information (CAI) — cai.quebec.ca

New Zealand — Privacy Act 2020

Access · Correct personal information · Lodge complaint with the New Zealand Privacy Commissioner — privacy.org.nz

Singapore — PDPA

Access · Correction · Withdraw consent · Lodge complaint with the Personal Data Protection Commission (PDPC) — pdpc.gov.sg

South Africa — POPIA

Access · Correct / delete · Object to processing · Lodge complaint with the Information Regulator — inforegulator.org.za

South Korea — PIPA (Personal Information Protection Act)

Access · Correct / delete · Withdraw consent · Object to processing · Lodge complaint with the Personal Information Protection Commission (PIPC) — pipc.go.kr

Japan — APPI (Act on the Protection of Personal Information)

Access · Correct / delete · Suspend use · Lodge complaint with the Personal Information Protection Commission (PPC) — ppc.go.jp

India — DPDPA 2023 (Digital Personal Data Protection Act)

Access · Correct · Erase · Grievance redressal · Nominate a representative · Lodge complaint with the Data Protection Board of India (when operational)

Israel — Privacy Protection Law

Access · Correct / delete your data · Lodge complaint with the Privacy Protection Authority — gov.il/he/departments/the_privacy_protection_authority

United States — California CCPA / CPRA

Know · Delete · Correct · Opt out of sale or sharing of personal data (we do not sell personal data) · Non-discrimination for exercising rights.

Other US states with active privacy laws (Virginia CDPA, Colorado CPA, Connecticut CTDPA, Texas TDPSA, etc.): equivalent rights apply where mandated.

Mexico — LFPDPPP

Access · Rectification · Cancellation · Object (ARCO rights) · Lodge complaint with the INAI — inai.org.mx

Chile — Law 19.628

Access · Correct / delete · Lodge complaint with the Consejo para la Transparencia — cplt.cl

UAE

Privacy rights under Federal Decree-Law No. 45 of 2021 on Personal Data Protection apply. Contact us at gioudecenter@gmail.com to exercise your rights.

10. Children's Privacy

This Website is intended for individuals aged 18 and over. We do not knowingly collect data from anyone under 18. If we become aware a minor has submitted data, it will be promptly deleted. Contact us at gioudecenter@gmail.com if you believe this has occurred.

11. Security

We implement appropriate technical and organisational measures, including HTTPS/SSL encryption, PCI-DSS-compliant payment processing, and internal access controls. No method of electronic transmission is 100% secure.

12. Third-Party Links

We are not responsible for the privacy practices of any linked third-party site. We encourage you to review their privacy policies independently.

13. Changes to This Policy

Material changes will be communicated by email (where held) or via a prominent Website notice before they take effect. The updated date will always be reflected at the top of this page.

14. Contact & Supervisory Authorities

gioudecenter@gmail.com

Authority

Jurisdiction

National DPAs (via edpb.europa.eu)

EU / EEA

ICO (ico.org.uk)

United Kingdom

ANPD (gov.br/anpd)

Brazil

OAIC (oaic.gov.au)

Australia

OPC (priv.gc.ca)

Canada

Privacy Commissioner (privacy.org.nz)

New Zealand

PDPC (pdpc.gov.sg)

Singapore

Information Regulator (inforegulator.org.za)

South Africa

PIPC (pipc.go.kr)

South Korea

PPC (ppc.go.jp)

Japan

Privacy Protection Authority (gov.il)

Israel

INAI (inai.org.mx)

Mexico

Consejo para la Transparencia (cplt.cl)

Chile