Privacy Policy.

This Policy applies to all personal data processed by our store — including data of customers who purchase toys and recreational items, persons who contact us for enquiries, website visitors and anyone whose data is processed in connection with our retail activities.

By purchasing products, contacting us or visiting our website, you acknowledge having read and understood this Policy.

In connection with our toy retail activities, we process personal data in the following categories:

• Purchase data: Name and CPF for NF-e or NFC-e issuance when requested — CPF is not required for purchases below the legal threshold.
• Contact data: Name, phone number, email address and message content — collected when customers contact us with enquiries, gift ideas or product questions.
• Purchase history: Record of products purchased, for warranty support, exchange management and repeat service under the CDC.
• Billing and invoice data: Name, CPF and address for NFC-e/NF-e issuance — processed in compliance with applicable tax law.
• Technical website data: IP address, browser type, pages visited and access times — for website analysis and improvement.

We do not store payment card data — electronic payments are processed by PCI-DSS certified platforms.

We do not sell or commercially exploit customers' personal data. Sharing occurs only in the following situations:

• SEFAZ-MG / Receita Federal: Tax data for NFC-e and NF-e issuance and compliance with applicable federal and state tax obligations.
• Suppliers and manufacturers (warranty): In cases where warranty claims require manufacturer involvement — minimum data (name and purchase record) shared only when strictly necessary.
• Payment platforms: For electronic payment processing under PCI-DSS standards.
• PROCON-MG: When required in a consumer dispute mediation under the CDC.
• Legal authorities: When required by a competent judicial or administrative order.

Primary storage of customer data is carried out in Brazil. Any technology platforms used for website or communication purposes that operate on servers outside Brazilian territory do so only under the guarantees of Art. 33 of the LGPD or recognised adequacy mechanisms.

• Tax records and NFC-e / NF-e: Minimum 5 years under federal tax legislation (CTN, Art. 174) and SEFAZ-MG requirements.
• Purchase records for warranty (CDC): Minimum 5 years for durable goods (toys with warranty) under CDC Art. 26, II — minimum 30 days for non-durable goods.
• Contact enquiry data: Up to 1 year from the last interaction, unless a purchase or ongoing service relationship exists.
• Website analytics: Aggregated and anonymised after 12 months.

• Access to customer purchase records restricted to the store owner and authorised staff;
• Encryption in transit (HTTPS) for the website and digital communications;
• PCI-DSS certified payment platforms — card data never stored by our store;
• Incident response procedures and breach notification in accordance with LGPD Art. 48.

• Confirmation and Access (Art. 18, I–II): Confirm whether we process your data and receive a copy.
• Correction (Art. 18, III): Request correction of inaccurate or outdated data.
• Anonymisation / Blocking / Deletion (Art. 18, IV): Request restriction or deletion of unnecessary data.
• Portability (Art. 18, V): Receive your data in a structured format.
• Deletion of consent-based data (Art. 18, VI): Request deletion of data processed on the basis of consent.
• Information on sharing (Art. 18, VII): Find out which entities your data has been shared with.
• Withdrawal of Consent (Art. 8º, §5º): Withdraw consent at any time.
• Complaint to the ANPD (Art. 18, §1º): Lodge a complaint at www.gov.br/anpd.

We respond within 15 business days. Deletions may be limited by legal tax and warranty retention obligations — we will always explain any limitation.

Our website may use cookies for essential functionality and aggregated performance analysis. We do not use behavioural tracking cookies for advertising purposes without prior consent. Preferences can be managed through browser settings.

Our store serves children and families — the protection of children's data is a priority we take very seriously. We observe the following guidelines:

• We do not intentionally collect personal data directly from children under 13. Any data related to a purchase for a child is collected from the parent or guardian who makes the purchase.
• When processing data related to children under 13 — for example, in the context of a purchase record or warranty claim — the data subject for LGPD purposes is the parent or guardian, whose consent governs the processing (LGPD Art. 14, §1º).
• We never use children's data for marketing profiling or targeted advertising.
• All toy products we sell comply with applicable Brazilian safety and labelling standards for children's products — including INMETRO certification requirements for toys marketed to children under 14.
• We do not collect data about children's play preferences, behaviour or interests for commercial purposes.

In the ordinary course of toy retail, we do not collect or process sensitive personal data as defined in LGPD Art. 5º, II (race, ethnicity, religion, health, biometrics, sexual orientation, etc.). If a situation arises where such data is voluntarily shared with us — for example, in the context of a product recommendation for a child with a specific developmental need — we treat it with the heightened care required by Art. 11 of the LGPD, use it solely for the purpose for which it was shared, and do not retain it beyond that interaction.

This Policy may be updated to reflect changes in our activities, the LGPD, ANPD guidance or CDC regulations. Material changes will be communicated via our website or directly to customers where contact details are held.

All privacy requests, questions and complaints should be directed to our Data Protection Officer (Encarregado — LGPD Art. 41):