The CARDS Corner - Official Web Logo

Privacy Policy

The Cards Corner

Adults playing party cards - The Cards Corner
Last Updated: March 6, 2024
 
At The Cards Corner, we believe trust is everything — in games and in business. This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit thecardscorner.store or purchase our products.
 
We comply with the General Data Protection Regulation (GDPR) and Portuguese data protection laws. By using our Website, you consent to the practices described here.

1. WHO WE ARE

Data Controller: The Cards Corner
Registered Office: Operating remotely, Portugal
Email: info@thecardscorner.store
 
We are responsible for deciding how your personal data is processed. If you have questions about this policy or your rights, contact us using the details above.

2. WHAT DATA WE COLLECT

We collect only data necessary to provide our services.
 
Identity Data includes your name and username. We collect this when you create an account or complete checkout.
Contact Data includes your email address, phone number, and billing and shipping addresses. We collect this during checkout and when you submit contact forms.
Payment Data includes card details processed securely through our payment providers. We never store complete card numbers on our servers.
Transaction Data includes your order history, purchase details, and payment confirmations. We collect this with every purchase you make.
Technical Data includes your IP address, browser type and version, device information, operating system, and platform. We collect this automatically when you browse our Website.
Usage Data includes pages you visit, time spent on each page, navigation paths, and click patterns. We collect this automatically through cookies and analytics tools.
Marketing Data includes your preferences for receiving communications, survey responses, and competition entries. We collect this when you subscribe to newsletters or participate in promotions.
Communications Data includes emails you send us, reviews you submit, customer service chat logs, and social media interactions. We collect this whenever you contact us.
 
We do not collect sensitive personal data such as health information, religious beliefs, or political opinions. We do not collect data from children under 16 without verifiable parental consent. We do not collect third-party personal data without permission.

3. HOW WE COLLECT YOUR DATA

We collect data through direct interactions. You provide data when you place orders, create accounts, subscribe to newsletters, enter competitions, complete surveys, or contact customer service.
 
We collect data through automated technologies. Cookies and similar tracking technologies gather technical and usage data as you browse our Website.
 
We collect data from third parties. Payment processors such as Stripe and PayPal, analytics providers such as Google Analytics, and delivery partners share necessary data with us to complete transactions and improve services.

4. WHY WE USE YOUR DATA

We process your data only when we have a valid legal basis under GDPR.
 
We process your data to fulfill contracts with you. This includes processing and delivering your orders, managing payments, communicating about your orders, and providing customer support. Without this processing, we cannot complete your purchases.
 
We process your data based on your consent. This includes sending marketing emails, newsletters, and promotional offers. You can withdraw consent at any time by unsubscribing or contacting us.
 
We process data based on legitimate interests. This includes improving our Website and products through analytics, troubleshooting technical issues, developing new features, and preventing fraud. We balance our interests against your privacy rights.
 
We process data to comply with legal obligations. This includes tax and accounting requirements, regulatory compliance, and cooperation with law enforcement when required by law.

5. HOW WE PROTECT YOUR DATA

  • We implement appropriate technical and organizational measures to protect your data.
  • We use SSL and TLS encryption for all data transmission between your browser and our servers.
  • We store data on secure servers located within the European Union.
  • We restrict access to personal data to authorized staff who need it for their work duties.
  • We conduct regular security audits and updates to maintain protection standards.
  • We use PCI-DSS compliant payment processors. We never store complete credit card numbers on our systems.
 
While we strive for maximum security, no internet transmission is completely secure. We cannot guarantee absolute security but commit to notifying you of any breaches as required by law.

6. DATA RETENTION

  • We keep your data only as long as necessary for the purposes we collected it.
  • We retain order and transaction data for seven years to comply with Portuguese tax law requirements.
  • We retain account data until you delete your account or until two years of inactivity, after which we may delete or anonymize it.
  • We retain marketing consent records until you withdraw your consent.
  • We retain customer service communications for three years to handle any follow-up issues or disputes.
  • We retain website analytics data in anonymized form for twenty-six months.
  • After these periods expire, we securely delete your data or anonymize it so it no longer identifies you.

7. YOUR GDPR RIGHTS

  • As an EU resident, you have specific rights regarding your personal data.
  • You have the right to access your data. You can request a copy of all personal data we hold about you.
  • You have the right to rectification. You can correct inaccurate or incomplete data about you.
  • You have the right to erasure, also known as the right to be forgotten. You can request deletion of your data, and we will comply unless legal obligations require us to retain it.
  • You have the right to restrict processing. You can ask us to limit how we use your data in certain circumstances.
  • You have the right to data portability. You can receive your data in a structured, commonly used format and transfer it to another service.
  • You have the right to object. You can object to certain types of processing, including direct marketing.
  • You have the right to withdraw consent. You can withdraw previously given consent at any time.
  • To exercise any of these rights, email info@thecardscorner.store with the subject line “Data Subject Request.” We respond within thirty days. For complex requests, we may extend this to sixty days and will inform you of the reason.
  • We may need to verify your identity before processing your request. This protects your privacy and prevents unauthorized access to your data.

8. COOKIES AND TRACKING

  • We use cookies and similar technologies to enhance your experience on our Website.
  • Essential cookies enable core functionality such as shopping carts, checkout processes, and security features. These cannot be disabled.
  • Analytical cookies help us understand how visitors use our site. We use Google Analytics for this purpose.
  • Marketing cookies allow us to deliver relevant advertisements and measure their effectiveness.
  • Preference cookies remember your settings and choices for future visits.
  • When you first visit our Website, we request your consent for non-essential cookies. You can change your preferences anytime through our cookie banner or your browser settings.
  • Third-party cookies may be set by our payment processors and analytics partners. Please review their privacy policies for details on their cookie practices.
  • You can disable cookies in your browser settings. However, this may affect the functionality of our Website.

9. WHO WE SHARE DATA WITH

  • We do not sell your personal data to anyone. We share data only with specific categories of recipients when necessary to provide our services.
  • We share data with payment processors including Stripe, PayPal, and Multibanco to process your payments securely. These providers are located in the European Union and United States with GDPR safeguards in place.
  • We share data with shipping carriers including CTT, DHL, and UPS to deliver your orders. These carriers operate within the European Union and internationally.
  • We share data with our e-commerce platform provider to host our Website and process orders. This provider may be located in the European Union or United States with GDPR safeguards.
  • We share data with email marketing providers such as Mailchimp or Klaviyo to send newsletters and promotional emails with your consent. These providers are located in the United States with GDPR safeguards.
  • We share data with analytics providers such as Google Analytics to improve our Website. The data shared is anonymized where possible.
  • We share data with legal authorities when required by law or to protect our rights.
  • All third parties are contractually bound to protect your data and use it only for the specified purposes.

10. INTERNATIONAL DATA TRANSFERS

We are based in Portugal and primarily process data within the European Economic Area.
 
Some of our service providers operate outside the European Economic Area. When we transfer data internationally, we ensure adequate protection through EU Commission adequacy decisions for countries with adequate data protection laws. We use Standard Contractual Clauses approved by the EU Commission for transfers to other countries. We rely on certification mechanisms such as the EU-US Data Privacy Framework where applicable.

11. MARKETING AND COMMUNICATIONS

We send promotional emails only with your explicit consent. You provide this consent when you opt-in at checkout or subscribe to our newsletter. Every marketing email we send includes an unsubscribe link for easy opt-out.
 
We do not buy email lists from third parties. We do not send spam. We do not share your email address with third parties for their own marketing purposes.
 
You have the right to opt out of marketing communications at any time. You can request information about how we profile you for marketing purposes. You can object to automated decision-making in marketing.

12. CHILDREN’S PRIVACY

Our Website is not intended for children (some categories) under eighteen years of age. We do not knowingly collect personal data from children under sixteen.
 
If you believe we have inadvertently collected data from a child under eighteen, please contact us immediately at info@thecardscorner.store. We will delete the data promptly upon verification.

13. DATA BREACHES

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify the Portuguese Data Protection Authority within seventy-two hours. We will notify you directly without undue delay if the breach poses a high risk to you. We will provide clear information about the breach and the steps we have taken to address it.

14. CHANGES TO THIS POLICY

We may update this Privacy Policy to reflect changes in our practices or legal requirements. For significant changes, we will notify you by email to your registered address. We will post a prominent notice on our Website. We will update the “Last Updated” date at the top of this policy.
Continued use of our Website after changes constitutes acceptance of the revised policy.

15. CONTACT US

For privacy questions, data requests, or concerns, please contact us:
 
The Cards Corner
Email: info@thecardscorner.store
Address: Operating remotely, Portugal
Website: thecardscorner.store
 
We respond to all privacy inquiries within forty-eight hours.