eomini Ltd 128 City Road, London, EC1V 2NX, United Kingdom Company Number: 15847293 Email: support@eomini.com EU/EEA Representative (GDPR Art. 27): TPE Europe GmbH Friedrichstraße 123, 10117 Berlin, Deutschland

For any privacy question, email support@eomini.com. We aim to respond within 30 days.

• Contact: name, email, phone • Account/Auth: login email, password hashes, tokens • Shipping/Billing: address details • Orders/Payments: order history, amounts; payment data handled by Stripe (no full card storage) • Support: messages from forms, email, chat • Technical: IP, browser/device info, error/performance logs • Usage/Analytics: page views, clicks (only with consent) • Marketing preferences: newsletter opt-in/opt-out

• Contract (Art. 6(1)(b) GDPR): orders, delivery, account, support • Consent (Art. 6(1)(a)): cookies/analytics, marketing emails • Legitimate interest (Art. 6(1)(f)): fraud prevention, IT security, service improvement • Legal obligation (Art. 6(1)(c)): tax, accounting, retention duties

We share data only when necessary with safeguards/SCCs: • Payments: Stripe Payments Europe Ltd. (IE) • Hosting/CDN/platform: EU/UK data centers • Email delivery: transactional/support mail provider (e.g., Resend) • Analytics (consent-based): e.g., Google Analytics • Logistics: carriers/fulfillment partners to ship orders • Support tools: ticketing/CRM if used

Some providers (e.g., Stripe, analytics, email) are in the US or other third countries. Transfers rely on EU Standard Contractual Clauses and, where applicable, the EU-U.S. Data Privacy Framework plus additional safeguards (encryption, minimization).

• Orders/invoices: 10 years • Account data: until deletion or 24 months of inactivity with notice • Support tickets: 24 months after closure • Server logs: 12 months • Analytics: 26 months (if consented) • Cookie/consent records: 12 months • Marketing preferences: until withdrawal

• Essential cookies: cart, auth, security, language – cannot be turned off • Analytics/marketing: only if you consent via the cookie banner; revoke anytime • You can also block cookies in your browser, which may limit functionality

We send newsletters/promotions only after opt-in. Unsubscribe anytime via the email link or support@eomini.com.

TLS in transit, role-based access, least-privilege, regular patches and backups. No method is 100% secure; we continuously improve.

You may request access, rectification, erasure, restriction, portability, objection (where processing is based on legitimate interest), and withdrawal of consent at any time without affecting the lawfulness of prior processing.

Send requests to support@eomini.com from your registered email, include your full name and order/account details, and clearly state your request. We may request additional verification to prevent unauthorized disclosure.

Before actioning a request, we may verify identity using account controls, order details, and fraud checks. Where requests are manifestly unfounded or excessive, we may refuse or charge a reasonable fee as permitted by law.

We typically respond within 30 days. Complex or high-volume requests may be extended by up to 60 additional days, in which case we will notify you with reasons for delay.

When deleting an account, we remove or anonymize profile data except information that must be retained by law (tax, accounting, anti-fraud, legal claims). Some backup systems may retain encrypted snapshots for a limited period.

To protect customers and the platform, we process risk signals such as IP reputation, failed payments, suspicious order patterns, and device/network indicators under legitimate interests and legal compliance obligations.

Support interactions may be stored to resolve disputes, monitor service quality, prevent abuse, and prove compliance. Calls/chats, where recorded, are announced and retained under defined retention schedules.

Cardholder data is processed by certified payment providers. We do not store full card numbers or CVV. Payment event metadata may be retained for reconciliation, fraud prevention, and chargeback defense.

For international shipping, personal data (name, address, phone, customs value) may be disclosed to carriers, customs brokers, and authorities where legally required for delivery, export/import, and tax compliance.

Where required, we may preserve, disclose, or process personal data to establish, exercise, or defend legal claims, enforce contractual rights, recover debts, investigate abuse, and respond to lawful government requests.

Our services are not directed to individuals under 16. If we learn that we have collected data from a child without valid authorization, we will delete the data as soon as reasonably practicable.

You may lodge a complaint with your local supervisory authority. Examples: • UK: ICO – https://ico.org.uk • Germany: competent state authority • Hungary: NAIH – https://naih.hu

We do not perform solely automated decision-making that produces legal or similarly significant effects. Any recommendation systems are assistive and can be overridden by user choice or human review.

If a conflict arises between this policy and mandatory law, mandatory law prevails. If one provision is unenforceable, remaining provisions remain valid to the maximum extent allowed by applicable legislation.

We may revise this policy for legal, operational, or technical reasons. Material changes will be reflected by an updated date and, where required, additional notice or renewed consent.