Privacy Policy

Collection: Privacy Policy

Last updated: [January 22, 2025]

This Privacy Policy describes how TORRAS INC (the "Site", "we", "us", or "our") collects, uses, and discloses your personal information when you visit, use our services, or make a purchase from https://torraslife.com/ (the "Site") or otherwise communicate with us (collectively, the "Services"). For purposes of this Privacy Policy, "you" and "your" means you as the user of the Services, whether you are a customer, website visitor, or another individual whose information we have collected pursuant to this Privacy Policy.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time, including to reflect changes to our practices or for other operational, legal, or regulatory reasons. We will post the revised Privacy Policy on the Site, update the "Last updated" date and take any other steps required by applicable law.

How We Collect and Use Your Personal Information

To provide the Services, we collect and have collected over the past 12 months personal information about you from a variety of sources, as set out below. The information that we collect and use varies depending on how you interact with us.

In addition to the specific uses set out below, we may use information we collect about you to communicate with you, provide the Services, comply with any applicable legal obligations, enforce any applicable terms of service, and to protect or defend the Services, our rights, and the rights of our users or others.

What Personal Information We Collect

The types of personal information we obtain about you depends on how you interact with our Site and use our Services. When we use the term "personal information", we are referring to information that identifies, relates to, describes or can be associated with you. The following sections describe the categories and specific types of personal information we collect.

Information We Collect Directly from You

Information that you directly submit to us through our Services may include:

- Basic contact details including your name, address, phone number, email.

- Order information including your name, billing address, shipping address, payment confirmation, email address, phone number. We also collect your country/region and language preference.

- Account information including your username, password, verification code. And you can provide Amazon orders on our website.

- Payment information: If you make a purchase, our third-party payment processors will process your payment information. We do not store or directly process your full credit card number or security code (CVV/CVC). We generally only receive partial payment information (such as the last four digits of your card number, expiration date, and card type) and a payment token necessary to verify and facilitate the transaction.

- Shopping information including the items you view, put in your cart or add to your wishlist.

-Advertisement subscriptions: When you agree to subscribe to our news and offer, we collect your email address, to send you updates, offers,news, and other information about our products and services. You may unsubscribe from our newsletter at any time by following the instructions included in our emails or by contacting us directly.

- Customer support information including the information you choose to include in communications with us, for example, when sending a message through the Services.

Some features of the Services may require you to directly provide us with certain information about yourself. You may elect not to provide this information, but doing so may prevent you from using or accessing these features.

Automatically Collected Information

In the course of your interaction with our Services, certain personal information is gathered through automated means to ensure operational functionality, enhance service performance, and improve user experience. This information is collected via technologies implemented on your device and through your engagement with our platform.

1.Device and Connection Data
We collect technical details related to your device and network connection, which may include:

Your IP address, browser type and version, and operating system.

Unique identifiers associated with your device or browser, such as:

A universally unique identifier (UUID)

Browser identifier (BID)

Google Analytics client identifier (CID)

Facebook browser identifier (FBP)

2.Usage and Interaction Data
We gather information regarding your engagement with our Services, such as:

Pages visited, links selected, search terms entered, and time spent on pages.

Diagnostic and performance-related data, including crash reports, system log files, and error information, utilized for service maintenance and optimization.

3.General Location Data
We may derive approximate geographic location from your IP address to deliver region-specific content and adhere to local legal or regulatory requirements.

4. Cookies and Tracking Technologies
Our Services employ cookies and similar technologies to collect and retain information related to your interactions. While certain cookies are essential for core site operations, others support usage analysis and content personalization.

5.Information We Collect through Cookies

We also automatically collect certain information about your interaction with the Services ("Usage Data"). To do this, we may use cookies, pixels and similar technologies ("Cookies"). Usage Data may include information about how you access and use our Site and your account, including device information, browser information, information about your network connection, your IP address and other information regarding your interaction with the Services.

6.Information We Obtain from Third Parties

Finally, we may obtain information about you from third parties, including from vendors and service providers who may collect information on our behalf, such as:

- Companies who support our Site and Services, such as Shopify.

- Our payment processors, who collect payment information (e.g., bank account, credit or debit card information, billing address) to process your payment in order to fulfill your orders and provide you with products or services you have requested, in order to perform our contract with you.

- When you visit our Site, open or click on emails we send you, or interact with our Services or advertisements, we, or third parties we work with, may automatically collect certain information using online tracking technologies such as pixels, web beacons, software developer kits, third-party libraries, and cookies.

- Social Media Login Data: If you choose to register or log in to our Services using a social media account (such as Facebook, Google, or Apple), we may collect personal information that is already associated with your social media account, such as your name, email address, profile picture, and friend list, subject to your privacy settings on that social media platform. We engage in this collection to authenticate your identity and simplify the checkout process.

Any information we obtain from third parties will be treated in accordance with this Privacy Policy. We are not responsible or liable for the accuracy of the information provided to us by third parties and are not responsible for any third party's policies or practices. For more information, see the section below, Third Party Websites and Links.

Legal Basis for Processing Your Personal Information

We process your personal information for clear and specific business purposes, in accordance with applicable data protection laws. Each processing activity is grounded in a recognized legal basis, which varies depending on the nature of the interaction and the type of data involved. The principal legal bases we rely on include: contractual necessity, legitimate interests, consent, and compliance with legal obligations.

We use your personal information for the following purposes and based on the corresponding legal grounds:

Purpose of Use	Legal Basis
Fulfilling Contracts: Processing payments, fulfilling orders, managing your account, providing customer support, and arranging shipping.	Necessary for the performance of a contract with you.
Legitimate Interests: Operating and improving our Services; fraud detection and security; data analytics; and communicating service-related messages.	For our legitimate business interests (assessed to not override your rights).
Consent: Sending marketing communications; using non-essential cookies; facilitating off-platform advertising.	Your consent (which you may withdraw at any time).
Legal Obligations: Complying with applicable laws and regulations.	Necessary for compliance with a legal obligation.

1. Performance of a Contract
We process personal information when it is necessary to fulfill our contractual obligations to you, or to take steps at your request prior to entering into a contract. This includes:

Account Establishment and Management: Creating and maintaining your user account, implementing security measures, and managing access settings.

Service Provision and Support: Processing transactions, delivering purchased products or services, and providing customer assistance and dispute resolution.

Essential Communications: Sending service-related announcements, administrative updates, and critical security notifications.

2. Legitimate Interests
We process personal information based on our legitimate business interests, or those of third parties, where such interests are not overridden by your data protection rights. We conduct a balanced assessment to ensure fair processing. This includes:

Security and Fraud Prevention: Protecting our Services, users, and business from security threats, fraudulent activities, and other illegal actions.

Service Enhancement: Analyzing usage trends, diagnosing technical issues, and optimizing the performance and user experience of our Services.

Relevant Marketing: Conducting marketing and advertising activities related to products and services similar to those you have previously obtained from us, in accordance with applicable marketing laws.

Legal Rights and Claims: Establishing, exercising, or defending legal claims and retaining information as required in the context of legal proceedings.

3. Consent
Where required by law, particularly for processing that is not based on another legal basis, we will seek and rely on your explicit consent. You have the right to withdraw your consent at any time. This includes:

Promotional Communications: Sending marketing materials, newsletters, and other promotional content via electronic means where opt-in consent is required.

Certain Advertising Activities: Conducting interest-based advertising through third-party platforms and networks, where such activities are subject to consent requirements.

How We Use Your Personal Information

We use your personal information for the following business and operational purposes, relying on appropriate legal bases as required by applicable data protection laws:

1. Service Provision and Fulfillment

We process your personal information to perform our contractual obligations and deliver the services you request. This includes:

- Processing payment transactions and completing your orders

- Creating, maintaining, and administering your user account

- Arranging product shipping and handling returns or exchanges

- Sending transaction-related communications (order confirmations, shipping notifications, account alerts)

- Enabling you to post product reviews and manage your content

Legal Basis: Performance of a contract; Legitimate interests in providing and improving our services

2. Marketing and Personalized Advertising

We use your personal information for marketing and promotional activities, including:

- Sending promotional communications via email, SMS, and direct mail

- Displaying personalized advertisements for our products and services

- Conducting targeted advertising campaigns across our Site and third-party platforms

- Analyzing user preferences to tailor marketing content and offers

Legal Basis: Consent (where required by law); Legitimate interests in promoting our business to existing customers

3. Security and Fraud Prevention

We utilize your personal information to maintain the security and integrity of our Services by:

- Detecting, investigating, and preventing fraudulent or unauthorized activities

- Monitoring for and addressing security threats, malicious activities, or illegal actions

- Implementing authentication and verification procedures

- Protecting our systems, users, and business operations from harm

Legal Basis: Legitimate interests in protecting our business and users; Compliance with legal obligations

4. Service Improvement and Customer Communications

We process personal information to enhance your experience and provide support through:

- Responding to your customer service inquiries and support requests

- Analyzing user behavior to improve our Services' functionality and performance

- Conducting research and development to introduce new features

- Maintaining ongoing communication regarding service updates and improvements

Legal Basis: Legitimate interests in business optimization and customer relationship management

Cookies and Tracking Technologies

Our use of cookies and similar technologies serves multiple functions essential to our Service delivery and business operations:

Essential Operations

- Maintaining website functionality and security features

- Preserving user session information and preferences

- Enabling core e-commerce capabilities (shopping cart, checkout processes)

Analytical and Performance Purposes

- Analyzing user interaction patterns and service usage

- Measuring website performance and identifying technical issues

- Understanding user preferences to enhance service design

Marketing and Personalization

- Delivering relevant advertising content based on user interests

- Measuring advertising campaign effectiveness

- Enabling cross-context behavioral advertising where permitted

We utilize Shopify's platform for our online store, and specific information about their cookie practices is available at: https://www.shopify.com/legal/cookies.

Managing Your Cookie Preferences

Most web browsers provide settings that allow you to control cookie acceptance. You may configure your browser to refuse all cookies or to indicate when a cookie is being sent. Please note that disabling cookies may impact your user experience and limit functionality of certain Service features. Additionally, cookie blocking may not prevent all data sharing with advertising partners through alternative technological means.

Social Media Features and Widgets: Our Site may include social media features, such as the Facebook “Like” button, and widgets, such as the “Share This” button. These features may collect your IP address, which page you are visiting on our Site, and may set a cookie to enable the feature to function properly. Your interactions with these features are governed by the privacy policy of the company providing them. Please note that even if you do not click on these buttons, certain information may still be transmitted to these social media platforms.

Categories of Third-Party Recipients and Disclosure Purposes

We disclose personal information to third-party recipients under specific circumstances and for legitimate business purposes, as detailed below:

1. Service Providers and Data Processors

We engage specialized vendors who process personal information on our behalf to support our business operations:

- Infrastructure Support: IT management, cloud storage, and hosting providers

- Payment Processing: Secure payment gateways and financial institutions. (When you complete a purchase using a third-party payment processor or digital wallet (such as PayPal, Apple Pay, Google Pay, or Shop Pay), your payment information is provided directly to that third-party. The processing of your financial data by these third parties is subject to their respective privacy policies and terms of service. We recommend reviewing their privacy notices to understand how they handle your financial information.)

- Order Fulfillment: Shipping carriers, logistics partners, and inventory management systems

- Analytics and Marketing: Data analytics providers, marketing automation tools, and advertising platforms

These service providers are contractually bound to handle personal information solely for specified business purposes and to implement appropriate security safeguards.

2. Business and Marketing Partners

We share limited personal information with strategic partners to enhance our services and marketing efforts:

- E-commerce Platforms: Including Shopify for store operations and personalized advertising

- Advertising Networks: For targeted marketing campaigns and promotional activities

- Analytics Providers: To measure campaign effectiveness and user engagement

These partners are required to provide transparency about their data practices through their respective privacy notices.

3. Legal and Business Necessity Disclosures

We disclose personal information when necessary for:

- Corporate Transactions: Mergers, acquisitions, asset sales, or bankruptcy proceedings

- Legal Compliance: Responses to subpoenas, court orders, regulatory requests, or other legal processes

- Protection of Rights: Enforcement of terms of service, protection of our operations, users, or the public

4. User-Directed Disclosures

We disclose information to third parties at your explicit direction or with your consent, such as:

- Social media platforms through integrated widgets or login features

- Shipping carriers for product delivery

- Other services you explicitly authorize to access your information

Disclosure Activities in the Preceding 12 Months

The following table summarizes our personal information disclosure practices over the past 12 months:

Category of Personal Information	Categories of Recipients	Primary Purposes
Identifiers (contact details, account information)	Service Providers; Business Partners	Service delivery; Marketing; Analytics
Commercial Information (purchase history, shopping data)	Service Providers; Business Partners	Order fulfillment; Personalization; Analytics
Internet/Network Activity (usage data, browsing history)	Service Providers; Business Partners	Service improvement; Marketing; Security

Targeted Advertising and Data Sharing

Certain disclosures of personal information to advertising partners may constitute "selling" or "sharing" as defined under applicable privacy laws. In the preceding 12 months, we have engaged in such activities for targeted advertising purposes involving identifiers, commercial information, and internet/network activity with business and marketing partners.

We do not use or disclose sensitive personal information to infer characteristics about consumers, nor do we have actual knowledge of selling or sharing personal information of individuals under 16 years of age.

User-Generated Content

Our Services may allow you to post content publicly, such as product reviews. Please be aware that any information you disclose in these public areas becomes publicly accessible and may be read, collected, and used by others. We cannot control how third parties handle information you choose to make public, and we are not responsible for the privacy, security, or accuracy of user-generated content or its subsequent use. You represent that you have all necessary rights and consents to post such content, including the consent of any individuals identifiable in your photos or videos. We reserve the right (but have no obligation) to monitor, review, and remove UGC that violates our policies or applicable laws. Please be aware that once posted, UGC may be indexed by search engines and may remain visible even after you delete your account.

Third-Party Websites and Services

Our Site may contain links to third-party websites, applications, or services. This Privacy Policy does not apply to such third-party offerings, and we encourage you to review the privacy policies of any third-party sites you visit. We do not endorse, control, or assume responsibility for the content, privacy practices, or security of third-party platforms.

Children’s Privacy And Parental Controls

While TORRAS products are designed for general audiences, we understand the importance of protecting children's privacy and safety online. Our Services are not directed to individuals under the age of 16 (or such higher age as required by local law). We do not knowingly collect, use, or disclose personal information from children under these age thresholds without verifiable parental consent. If you are above the age requirement but under 18 (or the age of majority in your jurisdiction), you represent that you have reviewed this Policy with your parent or legal guardian and that they agree to your use of our Services. Regardless of local laws, TORRAS adopts a global standard: We do not knowingly “sell” or “share” (for cross-context behavioral advertising) the personal information of users under 18 years of age. If you are under 18, we will treat your data with the highest degree of privacy protection by default.

Parental Rights and Accidental Collection: If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us immediately at mall@torraslife.com. Upon notification, we will take immediate steps to remove such information from our active databases and terminate the child‘s account. We encourage parents to supervise their children’s online activities. If you share your device with your child, please be aware that any personalized recommendations or ads may be based on the household‘s usage patterns. We recommend using separate profiles where possible to prevent inappropriate data collection.

Information Security and Data Retention

1.Security Measures

We implement and maintain comprehensive administrative, technical, and physical security measures designed to protect your personal information from unauthorized access, destruction, loss, alteration, or disclosure. These safeguards include, but are not limited to, encryption technologies, access controls, secure network architecture, regular security assessments, staff training, and strict internal organizational policies. Collectively, these measures are intended to prevent unauthorized use, access, or disclosure of your data.

While we employ industry-standard protections and take every reasonable step to secure your information, no electronic transmission or storage method is entirely immune to security risks, and we cannot guarantee absolute security. We are committed to continuously evaluating and improving our security practices to ensure an appropriate level of protection.

When transmitting sensitive information to us, please use the secure channels provided through our Services.

2.Data Retention Periods

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Our retention determinations consider multiple factors including:

- Ongoing business needs to provide and maintain services

- Legal and regulatory obligations under applicable law

- Statute of limitations for potential legal claims

- Documented business justification for processing

- Nature and sensitivity of the personal information

- Potential risk of harm from unauthorized use or disclosure

When personal information is no longer required for its original purpose and no legitimate business or legal need for retention exists, we securely delete or anonymize such information.

3.Your Privacy Rights

Depending on your geographic residence and applicable privacy laws, you may exercise the following rights regarding your personal information:

Fundamental Privacy Rights

- Right to Access/Know: Request confirmation of whether we process your personal information and obtain access to such data, including specific details about our collection and processing activities.

- Right to Deletion: Request erasure of your personal information, subject to certain legal exceptions.

- Right to Correction: Request rectification of inaccurate or incomplete personal information.

- Right to Data Portability: Receive your personal information in a structured, commonly used, and machine-readable format for transmission to another controller.

Control Rights for Targeted Advertising and Sensitive Data

- Right to Opt-Out of Sale/Sharing/Targeted Advertising: Direct us not to "sell" or "share" your personal information or use it for "targeted advertising" as defined under applicable laws. We honor the Global Privacy Control (GPC) signal as a valid opt-out request.

- Right to Limit Sensitive Data Use: Restrict the use and disclosure of sensitive personal information to purposes necessary for service provision.

Additional Processing Controls

- Right to Restrict Processing: Request limitation of processing under specific circumstances.

- Right to Withdraw Consent: Revoke previously provided consent for processing activities.But it will not affect the lawfulness of processing based on consent before its withdrawal.

- Right to Appeal: Challenge our decision regarding privacy rights requests.

- Communication Preferences: Manage marketing communications through unsubscribe mechanisms in our emails.

Exercising Your Rights

To submit a privacy rights request, please contact us at: mall@torraslife.com

Verification Process: We implement reasonable measures to verify your identity before processing requests, which may require confirming information against our records. Authorized agents must provide proof of authorization.

Non-Discrimination: We will not discriminate against you for exercising your privacy rights, though certain service features may be impacted where reasonably related to the value of your data.

Response Timeline: We endeavor to respond to verifiable requests within the timeframes required by applicable law, typically not exceeding 45 days.

Third-Party Advertising

We utilize advertising services, including Shopify Audiences, to personalize advertising on third-party platforms. To opt out of data use by Shopify for these purposes, visit: https://privacy.shopify.com/en

Complaints

If you have complaints about how we process your personal information, please contact us via mall@torraslife.com. If you are not satisfied with our response to your complaint, depending on where you live you may have the right to appeal our decision by contacting us using the contact details set out above, or lodge your complaint with your local data protection authority.

International Users

Please note that we may transfer, store and process your personal information outside the country you live in, including the United States. Your personal information is also processed by staff and third party service providers and partners in these countries.

If we transfer your personal information out of Europe, we will rely on recognized transfer mechanisms like the European Commission's Standard Contractual Clauses, or any equivalent contracts issued by the relevant competent authority of the UK, as relevant, unless the data transfer is to a country that has been determined to provide an adequate level of protection.

Contact

Should you have any questions about our privacy practices or this Privacy Policy, or if you would like to exercise any of the rights available to you, email us at mall@torraslife.com.

Country- and Region-Specific Privacy Notices

Notice to Data Subjects in the European Economic Area (EEA) and Switzerland

This supplemental notice applies exclusively to individuals located within the European Economic Area (EEA) and Switzerland, in accordance with the EU General Data Protection Regulation (GDPR) and the comparable Swiss data protection law. It provides additional information required under these legal frameworks.

Identity and Contact Details of the Controller

TORRAS INC, with its registered address at WeWork 200 Spectrum Suite 300, Irvine CA 92618, is the data controller responsible for the processing of your personal data collected through your use of our website and related online services.

To contact us regarding this privacy policy, to exercise your data subject rights under the GDPR, or for any questions concerning our data processing activities, please use the following details:

Email: mall@torraslife.com.

Address: 4/F,Plant 6,1F-6/F,Block 7, YuAn Zone

Room 1215, Tower C, Zhantao Technology Tower, Minzhi Avenue, Minzhi Street, Longhua District, Shenzhen, China

You can reach our Data Protection Office at: mall@torraslife.com

Legal Framework for Data Processing under the GDPR

We process your personal data strictly in accordance with the lawful bases established under the General Data Protection Regulation (GDPR). The specific legal grounds we rely upon for our processing activities include:

- Performance of a Contract: Processing is necessary for the fulfillment of our contractual obligations to you or to take pre-contractual steps at your request. This includes operations such as creating and administering your user account, processing transactions and delivering services, and providing customer support.

- Legitimate Interests: We process data where necessary for the purposes of our legitimate business interests, except where such interests are overridden by your fundamental rights and freedoms. This encompasses activities such as maintaining system and network security, detecting and preventing fraudulent activities, conducting analytics to improve our Services, and sending relevant service-related communications. We conduct thorough balancing tests to ensure our interests do not infringe upon your privacy rights.

- Consent: For specific processing activities, such as direct marketing communications, newsletters, or the deployment of non-essential cookies, we will obtain your prior, explicit consent. You retain the right to withdraw your consent at any time, which will not affect the lawfulness of processing based on consent before its withdrawal.

- Legal Obligation: We process personal data when necessary to comply with a legal obligation to which we are subject, such as fulfilling requirements under tax laws, consumer protection regulations, or responding to lawful requests from public authorities.

For a comprehensive understanding of the data we collect and the associated purposes, please refer to the sections titled "What Personal Information We Collect" and "Legal Basis for Processing Your Personal Information".

International Data Transfers

As part of our global operations, your personal information may be transferred to and processed in countries located outside the European Economic Area (EEA), which may not provide an equivalent level of data protection.

When such transfers occur, we implement and rely on appropriate safeguards as mandated by the GDPR to ensure the security and lawful handling of your data. These safeguards primarily include the European Commission's Standard Contractual Clauses (SCCs). We may also utilize other mechanisms recognized under applicable data protection law, such as Binding Corporate Rules or adherence to international certification frameworks. You may request further information about these transfer mechanisms and obtain a copy of the relevant safeguards by contacting us.

Your Data Subject Rights

In accordance with and subject to the provisions of the GDPR, you possess the following rights concerning your personal information:

- Right of Access: You have the right to obtain confirmation as to whether or not we are processing your personal data and to access that data, along with certain related information.

- Right to Rectification: You have the right to request the correction of any inaccurate personal data we hold about you, and to have incomplete data completed.

- Right to Erasure (Right to be Forgotten): You have the right to request the deletion of your personal data under specific circumstances, such as when the data is no longer necessary for the original purposes, or when you have withdrawn your consent. This right is not absolute and may not apply if processing remains necessary for compliance with a legal obligation or for the establishment, exercise, or defense of legal claims.

-Right to Restriction of Processing: You have the right to request the temporary suspension of data processing in certain scenarios, such as during the verification of data accuracy or when you have objected to processing based on legitimate interests.

- Right to Data Portability: Where processing is based on your consent or the performance of a contract and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller where technically feasible.

- Right to Object: You have the right to object, on grounds relating to your particular situation, to the processing of your personal data which is based on our legitimate interests. You also have an absolute right to object to the processing of your personal data for direct marketing purposes at any time.

- Right to Withdraw Consent: Where our processing is specifically based on your consent, you have the right to withdraw that consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Exercising Your Rights

You may submit a request to exercise any of these rights by using the contact details provided in the "Contact Us" section of this Policy. To protect your information, we will need to verify your identity before processing your request, which may require us to obtain specific information from you.

We endeavor to respond to all legitimate requests within one month of receipt. Should a request be particularly complex or if you have made multiple requests, this period may be extended by a further two months. In such cases, we will notify you of the extension and keep you informed of the progress.

Furthermore, you have the right to lodge a complaint with a competent data protection supervisory authority in the EEA member state of your habitual residence, place of work, or place of the alleged infringement. We would, however, appreciate the opportunity to address your concerns directly before you approach a supervisory authority.

UNITED STATES: STATE-SPECIFIC PRIVACY DISCLOSURES

The following disclosures supplement the information contained in our main Privacy Policy and provide additional information for residents of California, Colorado, Connecticut, Montana, Oregon, Texas, Utah, and Virginia, in accordance with applicable U.S. state privacy laws.

1. Collection and Use of Personal Data

1.1 Categories of Personal Data Collected

In the preceding 12 months, we have collected the following categories of personal data:

(a) Identifiers: Including name, alias, postal address, unique personal identifier, online identifier, Internet Protocol (IP) address, email address, account name, or other similar identifiers.

(b) Personal Records: Information such as name, signature, address, telephone number, or any other information that identifies, relates to, describes, or is capable of being associated with a particular individual.

(c) Commercial Information: Including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

(d) Internet/Network Activity: Browsing history, search history, and information regarding a consumer's interaction with our website, application, or advertisement.

(e) Geolocation Data: Physical location or movements, to the extent derived from device-based data.

(f) Sensory Data: Audio, electronic, visual, thermal, olfactory, or similar information.

(g) Professional or Employment Information: Current or past job history or performance evaluations.

(h) Inferences: Drawn from any of the information identified above to create a profile about a consumer reflecting the consumer's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

1.2 Sources of Personal Data

We collect these categories of personal data from the following sources:

- Directly from you when you provide it to us

- Automatically as you navigate through our website

- From third parties, including data analytics providers, advertising networks, and social media platforms

1.3 Business and Commercial Purposes for Collection

We collect and use personal data for the following business and commercial purposes:

- Providing and maintaining our Services

- Processing transactions and managing orders

- Customer service and support

- Marketing and advertising

- Research and development

- Quality assurance and security

- Legal compliance and regulatory requirements

2. Sensitive Personal Data

2.1 Categories of Sensitive Personal Data

We may process the following categories of sensitive personal data:

- Account access credentials (passwords)

- Payment card information

- Precise geolocation data

2.2 Use of Sensitive Personal Data

We only use or disclose sensitive personal data for the following purposes:

- Performing services or providing goods reasonably expected by an average consumer

- Preventing, detecting, and investigating security incidents

- Resisting malicious, deceptive, fraudulent, or illegal actions

- Ensuring the physical safety of natural persons

- Short-term, transient use

- Performing services on behalf of the business

- Verifying or maintaining the quality or safety of our services

- Improving, upgrading, or enhancing our services

We do not collect or process sensitive personal data for the purpose of inferring characteristics about consumers, nor do we sell sensitive personal data or use it for targeted advertising.

2.3 Consumer Control Over Sensitive Personal Data

Depending on your state of residence and subject to legal limitations, you may have the right to limit our use and disclosure of certain sensitive personal data.

3. Deidentified Information

We may create, use, and disclose deidentified information that cannot reasonably be used to infer information about, or otherwise be linked to, a particular consumer or household. When we maintain deidentified information, we:

- Implement technical safeguards that prohibit reidentification

- Implement business processes that specifically prohibit reidentification

- Implement operational processes that prohibit reidentification

- Will not attempt to reidentify the information except as required by law

4. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. Our retention periods are determined by considering:

- The amount, nature, and sensitivity of the personal data

- The potential risk of harm from unauthorized use or disclosure

- The purposes for which we process the data

- Applicable legal requirements

- Whether we can achieve the purposes through other means

5. Your State Privacy Rights

Depending on your state of residence, you may have some or all of the following rights:

- Right to Know / Access: You may request confirmation of whether we process your personal information and obtain access to such information, including specific details regarding the categories, sources, purposes, and disclosures of personal information collected.

- Right to Data Portability: You may request to receive your personal information in a structured, commonly used, and machine-readable format, and request that we transmit such data to another entity where technically feasible.

- Right to Correction: You may request the correction of inaccurate or incomplete personal information that we maintain about you.

- Right to Deletion: You may request the deletion of personal information we collected from you, subject to applicable legal exceptions.

- Right to Opt Out of Sales or Sharing: You may direct us not to ‘sell’ or ‘share’ your personal information (as defined under applicable law).

- Right to Opt Out of Targeted Advertising: You may direct us not to use your personal information for ‘targeted advertising’ or ‘cross-context behavioral advertising’.

- Right to Limit the Use and Disclosure of Sensitive Personal Information: You may request that we restrict the use and disclosure of your sensitive personal information to purposes permitted by law.

- Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights. However, where permitted by law, we may offer different pricing, discounts, or service levels that are reasonably related to the value of your personal information.

6. Opt-Out Preference Signals:

We honor the Global Privacy Control signal for opt-out preference purposes. When detected, we will automatically apply your opt-out preferences for the specific browser or device.

7.Financial Incentives and Loyalty Programs

We may offer financial incentives, including:

Discounts, coupons, and special offers for signing up for marketing communications;

Loyalty programs that reward customers based on purchase history;

Participation in these programs requires providing certain personal information. We calculate the value of these programs by assessing expenses related to data collection, storage, and program administration against the benefits provided.

8. How to Exercise Your Rights

To exercise your state privacy rights, you may:

- Email us at mall@torraslife.com

We will verify your identity before processing your request and will respond within the timeframes required by applicable law.

9. Appeals Process

If we decline to take action on your request, you may appeal our decision within a reasonable period by contacting us using the methods described above.

10. Personal Information Disclosures and Targeted Advertising

We may disclose personal information to the following categories of third parties: our affiliated entities, service providers that process data on our behalf, advertising and marketing partners, business partners offering integrated services, other users at your direction, and third parties where required by law or with your consent.

Certain disclosures of personal information to advertising partners may constitute "selling" or "sharing" under specific state privacy laws, or processing for "targeted advertising" or "cross-context behavioral advertising" - where advertisements are selected based on personal data obtained from a consumer's activities across different websites, applications, or services.

You may have the right to opt out of such activities depending on your state of residence, subject to applicable legal exceptions.

Important Limitations:

We do not sell personal information of consumers we know to be under 16 years of age

We do not sell sensitive personal information

We do not process or share sensitive personal information for targeted advertising purposes

11. Automated Decision-Making

We do not engage in automated processing of personal information that results in legal or similarly significant effects concerning consumers. Accordingly, we do not currently offer specific opt-out rights for automated decision-making activities.

AUSTRALIA: ADDITIONAL PRIVACY DISCLOSURES

The following information supplements our main Privacy Policy and applies specifically to residents of Australia, in accordance with the Privacy Act 1988 (Cth) including the Australian Privacy Principles, the Spam Act 2003, and other applicable Australian privacy legislation.

Our Commitment to Australian Privacy Standards

We are committed to handling your personal information in accordance with Australian privacy laws. This includes being transparent about how we collect, use, store, and disclose your personal information, and ensuring that reasonable steps are taken to protect it from misuse, interference, loss, unauthorized access, modification, or disclosure.

How We Protect Your Personal Information

In compliance with our obligations under Australian privacy law, we implement and maintain reasonable security safeguards to protect the personal information we hold. These measures include:

Administrative Safeguards: Implementing internal practices, procedures, and systems designed to ensure ongoing compliance with the Australian Privacy Principles, and to effectively handle privacy inquiries and complaints.

Data Quality Assurance: Taking reasonable steps to ensure the personal information we collect, use, and disclose is accurate, up-to-date, complete, and relevant.

Security Controls: Employing a combination of physical and technological security measures proportionate to the potential harm and sensitivity of the information, aimed at preventing unauthorized access and other privacy breaches.

Data Disposal: Securely destroying or permanently de-identifying personal information that is no longer needed for any lawful business purpose or legal requirement.

Data Breach Notification

We adhere to the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988. In the event that we have reasonable grounds to believe an eligible data breach has occurred, we will notify you and the Office of the Australian Information Commissioner (OAIC) as required by law. If you identify any potential security vulnerabilities or privacy breaches related to our services, please contact us immediately using the details provided in the "Contact Us" section of this policy.

Complaints Process

If you wish to make a complaint about how we have handled your personal information, please submit your complaint in writing to us via post or email using the contact details provided in this Policy. We will acknowledge your complaint and endeavour to provide a substantive response within 30 days of receipt.

If you are not satisfied with our response, or if you have not received a response from us within 30 days, you have the right to lodge your complaint with the Office of the Australian Information Commissioner (OAIC):

Online: www.oaic.gov.au

Phone: 1300 363 992 (Please note: call charges may apply for mobile calls)

Post: Director of Compliance, Office of the Australian Information Commissioner, GPO Box 5218, Sydney NSW 2001

We are committed to working with you to resolve any complaints fairly and promptly.

Annex I - DETAILS OF PROCESSING ACTIVITIES

Category	Examples of Personal Information	Source	Processing Purpose	Legal Basis
Identifiers	Name, email address, telephone number, physical address, IP address, account credentials (username/password), and unique online identifiers (e.g., UUID, BID, Google CID, Facebook FBP).	Provided directly by you during account registration, checkout, or customer support interactions; automatically collected via cookies, pixels, and similar tracking technologies.	Account creation and management, order processing and fulfillment, service-related communication, system security, authentication, and internal analytics.	Performance of a contract; Legitimate interests (security, service improvement); Consent (where required for marketing).
Internet or Network Activity Information	Browsing history on our site, search query data, pages viewed, links clicked, session duration and frequency, interaction data with site elements, and diagnostic data (e.g., crash reports, performance logs).	Automatically collected via server logs, cookies, SDKs, and other tracking technologies during your interaction with our website and services.	Website operation and optimization, user experience personalization, troubleshooting, service improvement, and traffic analysis.	Legitimate interests (service functionality, improvement, and security); Consent (for non-essential cookies and advanced analytics).
Geolocation Data (General)	Approximate geographic location at the country, regional, or city level, derived from technical data such as your IP address.	Automatically inferred from your IP address or device settings when you access our services.	To deliver region-specific content (e.g., language, promotional offers), calculate taxes and shipping, and ensure compliance with local laws and regulations.	Legitimate interests (localized user experience and operational compliance).
Inferences	Profiles reflecting predicted preferences, characteristics, behavior, and engagement tendencies, derived from analysis of your interactions and activities.	Generated internally through automated analysis and profiling of the data collected in the categories listed above.	To personalize website content and product recommendations, tailor marketing communications, and develop new services and features.	Legitimate interests (personalization and service development); Consent (where required by law for certain types of profiling).