Privacy policy
Controller
The controller within the meaning of the GDPR is [COMPANY LEGAL NAME], [ADDRESS], e-mail: [CONTACT EMAIL].
What we process
When you visit the site, our hosting provider processes technical access data (IP address, time, requested page) in server logs to deliver the site securely (Art. 6(1)(f) GDPR).
When you place an order, we process the data needed to fulfil the contract — name, delivery address, e-mail and order details (Art. 6(1)(b) GDPR). Payment is handled by Stripe Payments Europe, Ltd.; your payment details are entered directly with Stripe and never touch our servers. See Stripe's privacy policy at https://stripe.com/privacy.
Your cart is stored only in your own browser (localStorage) and is not transmitted to us until you check out.
Retention
Order and invoice data are retained for the periods required by tax and commercial law, then deleted. Server logs are deleted after [N] days.
Your rights
You have the right to access, rectification, erasure, restriction of processing, data portability and objection (Art. 15–21 GDPR), and the right to lodge a complaint with a supervisory authority. Contact us at [CONTACT EMAIL] to exercise these rights.
