0) Scope

This Privacy Policy explains how TDN Leather processes personal data when you visit or purchase from our website and online store aimed at customers in the United States and the European Union.

1) Data Controller and Contact

TDN Leather is the data controller. Legal entity name: Tran Dinh Nhat . Registered address: Binh Son - Long Thanh - Dong Nai- Viet Nam Privacy contact: privacy@TDNLeather.com or use the Contact form on our site. If EU or UK data protection law applies and you appoint an Article 27 representative, please add: EU/UK representative: [Name, address, email].

2) What we collect and sources

We collect information you provide directly, including name, email, phone number, shipping and billing address, order notes, and messages sent via our contact form. We collect information automatically through cookies and similar technologies, including IP address, device and browser type, pages viewed, and general location derived from IP for security and performance purposes. We also receive limited information from service providers necessary to complete your order, such as payment status from payment processors and tracking details from carriers. We do not store full payment card numbers on our systems; card data is handled securely by our payment provider.

3) Purposes and legal bases (EU/UK)

We process your data to perform a contract with you, including processing and delivering orders and providing customer support and warranty service. We process data with your consent for marketing emails and optional analytics cookies; you can withdraw consent at any time. We process data to comply with legal obligations, including tax and accounting. We process data based on our legitimate interests in site security, fraud prevention, and service improvement, balanced against your rights.

4) Categories of personal information (CPRA, California)

For California residents, we may collect identifiers such as name, email, phone, and address; commercial information such as products purchased; internet or network activity such as browsing on our site; approximate geolocation derived from IP; and in limited cases customer service communications. We do not collect sensitive personal information intentionally. We do not sell personal information. If we ever engage in cross‑context behavioral advertising, we will provide a “Do Not Sell or Share My Personal Information” link and honor Global Privacy Control signals.

5) Sharing and international transfers

We share personal data only with service providers that help us run the business, such as payment processing, shipping and logistics, website hosting, analytics, and email infrastructure. These providers are bound by contracts to use the data only to provide services to us. We may disclose information to authorities if required by law. Data may be processed on servers outside your country of residence. Where EU or UK data protection law applies, we rely on appropriate safeguards such as Standard Contractual Clauses and complementary measures where necessary.

6) Retention

We keep personal data only as long as needed for the purposes above and to meet legal requirements. Order and invoice records are typically kept for up to 10 years to comply with tax and accounting laws. Customer support records are typically kept for up to 24 months after resolution. Marketing contact data is kept until you unsubscribe or after 24 months of inactivity. These periods may vary based on applicable law and operational needs.

7) Cookies and consent

We use strictly necessary cookies to provide core site functionality. We may use analytics and marketing cookies with your consent where required; you can manage preferences using your browser settings and, where available, our cookie banner. Withdrawing consent does not affect the lawfulness of processing before withdrawal.

8) Your rights and how to exercise them

Depending on where you live, you may have rights to access, rectify, erase, restrict or object to processing, data portability, and to withdraw consent. EU and UK residents may lodge a complaint with a supervisory authority. California residents may have rights to know, delete, correct, and opt out of certain sharing; we do not sell personal information, and we honor applicable Global Privacy Control signals. To make a request, email privacy@TDNLeather.com. We will verify your identity and respond within one month for EU/UK requests and within 45 days for California requests. You may use an authorized agent as allowed by law.

9) Security

We use HTTPS, access controls, and organizational safeguards such as role‑based access and least‑privilege practices. No method is perfectly secure, but we work to protect your information and have procedures to respond to incidents.

10) Children

Our site is not intended for children under 16 in the EU/UK and under 13 in the United States. We do not knowingly collect data from children.

11) Changes & contact

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. Updates will be posted on this page.

12) How to contact us

For privacy questions or requests, contact privacy@TDNLeather.com. If we cannot resolve your concern, you may have the right to contact your local data protection authority.

This policy is provided for general information and does not constitute legal advice.

Effective date: August 17, 2025