This Privacy Policy explains how SDRstore.eu (the “Services”) collects, uses, and protects personal data when you browse the website, create an account, place an order, contact us, or otherwise interact with our Services.

This Privacy Policy does not limit your statutory rights under applicable law.

1) Who we are (Data Controller)

2) Personal data we collect and where it comes from

• Identity and contact: name, email, phone, billing and shipping address (from you).
• Account data: username, password (stored hashed), saved addresses, preferences (from you and your account activity).
• Order and transaction data: products viewed/added/purchased, invoices, returns/exchanges, warranty/RMA records (from you and order activity).
• Payment-related data: payment status and transaction references; fraud/risk signals provided by payment processors. We do not store full card numbers on our servers when you pay via third-party processors.
• Support communications: messages, attachments, and case notes (from you).
• Device/technical and security logs: IP address, device/browser details, timestamps, and security events (collected automatically, including via security/CDN providers such as Cloudflare).
• Delivery data: carrier, tracking numbers, delivery status, and proof of delivery (from carriers and fulfilment partners).

3) Why we use personal data (purposes and legal bases)

• To provide the Services and fulfil orders (contract): account creation, checkout, payment processing, fulfilment, shipping, returns/exchanges, and service notifications.
• To provide customer support (contract and/or legitimate interests): responding to inquiries, managing RMAs, troubleshooting, and keeping service records.
• To comply with legal obligations (legal obligation): invoicing, accounting, tax compliance, and consumer-law related obligations.
• To protect the Services and prevent fraud/abuse (legitimate interests and, where applicable, legal obligation): account security, fraud detection, return/chargeback abuse prevention, and maintaining evidence to establish, exercise, or defend legal claims.
• To improve the website (legitimate interests and/or consent depending on cookies): performance monitoring, bug fixing, and usability improvements.
• Marketing communications (consent and/or legitimate interests where permitted): newsletters and promotions. You can opt out at any time.

4) Automated risk checks

We and our service providers may use automated checks to detect high-risk transactions and protect customers and our company (for example risk signals from payment processors and security systems). Automated checks can result in additional verification requests, order holds, or cancellations in suspected fraud scenarios.

5) Who we share data with (recipients)

We do not sell personal data. We share data only where necessary for the purposes above, including:

• Infrastructure and security providers (for hosting, CDN, DDoS protection, fraud/security logging), for example Cloudflare and our hosting provider.
• Payment processors (to process payments, prevent fraud, and handle chargebacks), for example Stripe and PayPal.
• Shipping carriers and fulfilment partners (to deliver orders and provide tracking), for example DHL, UPS, PostNL, DPD, and local carriers.
• Professional advisers (legal/accounting/insurance) where necessary.
• Authorities and legal process: where required by law, or where necessary to protect rights, safety, and property and to defend legal claims.
• Business transfers: in a merger, acquisition, restructuring, or asset sale, subject to appropriate safeguards.

6) International transfers

Some service providers may process personal data outside the EEA/UK. Where transfers occur, we use appropriate safeguards, such as adequacy decisions or Standard Contractual Clauses and additional measures where required.

7) Cookies and similar technologies

We use cookies and similar technologies to operate the website (strictly necessary), maintain sessions and carts, secure the Services, and, if enabled, to analyze performance and measure marketing.

• Strictly necessary: required for login, cart, checkout, and security.
• Preferences: remember settings you choose.
• Analytics (optional): understand how the website is used.
• Marketing (optional): measure and improve advertising effectiveness.

Where required by law, optional cookies are used only after your consent. You can change your cookie choices at any time via Update cookie settings and read more at cookie-policy.

8) Data retention

• Invoices and accounting/tax records: retained for the statutory period required by applicable law (often 7–10 years depending on jurisdiction and record type).
• Order and warranty/RMA records: retained for the duration of warranty, limitation periods, and as necessary to handle disputes.
• Support communications: retained as needed to resolve issues and for evidence in disputes.
• Security, fraud, and abuse logs: retained as necessary to protect the Services and to establish, exercise, or defend legal claims.
• Marketing subscriptions: retained until you unsubscribe/withdraw consent; we keep a suppression record to ensure we respect opt-outs.

9) Your rights (EEA/UK)

Depending on your location and applicable law, you may have the right to:

• Access your personal data.
• Correct inaccurate data.
• Request deletion (with legal exceptions).
• Restrict processing in certain cases.
• Object to processing based on legitimate interests, including direct marketing.
• Data portability for certain data.
• Withdraw consent at any time where processing is based on consent.

To exercise your rights, contact [[email protected]]. To prevent unauthorized disclosure, we may request reasonable verification (for example confirming the account email and order reference). We do not request more data than necessary for verification.

10) Account deletion (self-service)

You can request account deletion from your profile settings. Once submitted, we will close your account and delete or anonymize personal data where possible. Certain records may be retained as described in the retention section (for example invoices, tax records, and data needed for disputes/fraud prevention).

11) Security

We use measures designed to protect personal data, including encryption in transit (HTTPS/SSL), access controls, and security monitoring. No method of transmission or storage is completely secure, so we cannot guarantee absolute security. You are responsible for keeping your credentials confidential.

12) Children

The Services are not intended for children. We do not knowingly collect personal data from children under the age of majority in their jurisdiction. If you believe a child has provided personal data, contact us at [[email protected]].

13) Third-party links

Our website may link to third-party services. Their privacy practices are governed by their own policies. We are not responsible for their content, privacy, or security practices.

14) Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and revise the “Last updated” date above.