OurStone
GDPR

Privacy Policy

Effective from January 1, 2026 · Compliant with GDPR

1. Data Controller

  • The data controller is ShopSK, based in Slovakia, contact: info@ourstone.fun.
  • We process personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) and Act No. 18/2018 Coll. on the Protection of Personal Data.

2. Data We Collect

  • Identification and contact data: name, email address, phone number, delivery address.
  • Transaction data: order history, payment amounts, chosen payment method.
  • Technical data: IP address, browser type, pages visited — collected anonymously for analytics purposes.

3. Purpose and Legal Basis for Processing

  • Order fulfilment and delivery — performance of a contract (Art. 6(1)(b) GDPR).
  • Sending order confirmations and status updates — legitimate interest of the controller.
  • Sending marketing emails — only with customer consent (Art. 6(1)(a) GDPR).
  • Compliance with legal obligations (accounting, tax documents) — legal obligation (Art. 6(1)(c) GDPR).

4. Data Retention

  • Personal data related to orders is retained for 5 years due to statutory accounting and tax obligations.
  • Registered customer data is retained for the duration of the customer account and 1 year after its deletion.
  • Marketing consent — until it is withdrawn.

5. Data Recipients

  • Shipping companies — for the purpose of order delivery (name, address, phone number).
  • Payment gateways — for payment processing (the controller has no access to card details).
  • Email service provider Resend — for sending confirmation emails.
  • Supabase — cloud database storage, EU server operator in Germany.

6. Your Rights

  • Right of access — you may request a copy of your personal data that we process.
  • Right to rectification — you may request correction of inaccurate data.
  • Right to erasure — you may request deletion of your data if there is no legal basis for further processing.
  • Right to data portability — you may request your data in a structured format.
  • Right to object — you may object to processing based on legitimate interest.
  • Right to withdraw consent — if processing is based on consent, you may withdraw it at any time.

7. Complaints

  • If you believe your rights have been violated, you have the right to lodge a complaint with the Office for Personal Data Protection of the Slovak Republic (www.dataprotection.gov.sk).

8. Cookies

  • Our website uses technical cookies necessary for the shopping cart and login functionality. We do not use third-party advertising or analytics cookies without your consent.

Have questions about our Privacy Policy?

Contact us