Privacy Policy

1. Data Controller

The controller of your personal data, as defined by Article 4(7) of the General Data Protection Regulation (EU) 2016/679 (GDPR), is:
[Company name or name of the business owner]
Address: [company address]
VAT ID: [VAT number, if applicable]
Email: [contact@email.com]
Phone: [phone number]

2. Scope of Data Processing

We may process the following categories of personal data:

  • First and last name

  • Billing and shipping address

  • Email address

  • Phone number

  • Order and payment history

  • IP address and cookie data (as described in our Cookie Policy)

3. Purposes of Data Processing

Your personal data is processed for the following purposes:

  • Fulfilling orders and contracts

  • Accounting and tax compliance

  • Customer service and communication

  • Legal obligations

  • Direct marketing (only with your explicit consent)

4. Legal Basis for Processing

We process your data based on:

  • Article 6(1)(b) GDPR – processing necessary for the performance of a contract

  • Article 6(1)(c) GDPR – compliance with legal obligations

  • Article 6(1)(f) GDPR – legitimate interests (e.g. marketing, fraud prevention)

  • Article 6(1)(a) GDPR – your consent (e.g. for newsletters)

5. Data Retention Period

We retain personal data:

  • For the duration of the contract and up to 5 years after its completion (for tax and legal purposes)

  • For marketing purposes – until consent is withdrawn or for a maximum of 5 years

  • For cookie data – in accordance with your browser settings and our Cookie Policy

6. Data Sharing

Your data may be shared with:

  • Delivery and courier companies

  • Accounting and tax service providers

  • IT and hosting service providers

  • Government authorities, when legally required

7. Your Rights under GDPR

You have the right to:

  • Access your data

  • Rectify inaccurate or incomplete data

  • Erase your personal data (right to be forgotten)

  • Restrict processing of your data

  • Data portability

  • Object to processing

  • Withdraw your consent at any time

  • File a complaint with your local data protection authority or the European Data Protection Board

8. Data Security

We implement appropriate technical and organizational measures to protect your data from unauthorized access, misuse, loss, or alteration.

9. Final Provisions

This policy is effective as of [date]. We reserve the right to amend this Privacy Policy at any time. All changes will be published on our website.