Privacy policy

Privacy Policy

Last updated: 8 July 2026

This policy explains what personal data Nordic Tech Co. collects when you visit or buy from nordictechco.shop, why we collect it, and what rights you have over it. It is written to comply with Regulation (EU) 2016/679 (GDPR).

Who is responsible

The data controller is:

Nordic Tech Co.
Via Tagliamento 11, 81025 Marcianise (CE), Italia
Email: privacy@nordictechco.shop

What we collect

Category Examples When
Identity & contact Name, email, shipping and billing address, phone number When you place an order or create an account
Order data Items purchased, order value, order history When you buy
Payment data Payment method type, last four digits, billing address, transaction status At checkout
Technical data IP address, browser and device type, operating system, referring URL Whenever you visit
Usage data Pages viewed, products viewed, time on site, cart contents Whenever you visit
Communications Emails and support messages you send us When you contact us
Marketing preferences Newsletter subscription status When you subscribe or unsubscribe

We never see your full card number. Card details are captured directly by our payment processor and are never transmitted to or stored on our systems.

Why we process it, and on what legal basis

Purpose Legal basis (GDPR Art. 6)
Processing and delivering your order; handling returns and warranty claims Performance of a contract — Art. 6(1)(b)
Taking payment and preventing fraud Performance of a contract — Art. 6(1)(b); legitimate interests — Art. 6(1)(f)
Keeping accounting and tax records Legal obligation — Art. 6(1)(c)
Responding to your enquiries Legitimate interests — Art. 6(1)(f)
Sending marketing emails Consent — Art. 6(1)(a)
Analytics and improving the store Consent — Art. 6(1)(a), collected via our cookie banner
Security, abuse prevention, defending legal claims Legitimate interests — Art. 6(1)(f)

Where we rely on legitimate interests, we have assessed that our interest in running a secure and functioning store does not override your rights and freedoms. You may object to this processing at any time — see Your rights, below.

Cookies and tracking

Analytics and marketing cookies are set only after you consent through our cookie banner. Strictly necessary cookies — those that keep your cart contents, maintain your session, and protect against fraud — are set without consent, as permitted by Article 5(3) of the ePrivacy Directive.

You can withdraw or change your cookie consent at any time using the cookie preferences link in the footer of every page.

Who we share it with

We do not sell your personal data. We share it only with processors who need it to deliver the service:

  • Shopify Inc. — e-commerce platform hosting this store. Privacy policy
  • Payment processors (Shopify Payments / Stripe, PayPal) — to take payment and prevent fraud.
  • Carriers and fulfilment partners — to deliver your order. They receive your name, address and phone number, and nothing else.
  • Email and analytics providers — where you have consented.

Each processor is bound by a data processing agreement under Article 28 GDPR.

We may also disclose data where required by law, court order, or to establish, exercise or defend legal claims.

International transfers

Some of our processors operate outside the European Economic Area. Where data is transferred outside the EEA, we rely on an adequacy decision of the European Commission, or on Standard Contractual Clauses adopted under Article 46(2)(c) GDPR, together with supplementary technical measures where required. You may request a copy of the safeguards in place by emailing privacy@nordictechco.shop.

How long we keep it

Data Retention
Order and invoice records 10 years — required by Italian tax and civil law
Account data Until you delete your account, then 30 days
Marketing consent and newsletter data Until you unsubscribe, then 12 months as proof of consent
Support correspondence 3 years from last contact
Analytics data 14 months
Server and security logs 12 months

Your rights

Under Articles 15 to 22 GDPR you have the right to:

  • Access — obtain a copy of the personal data we hold about you;
  • Rectification — have inaccurate data corrected;
  • Erasure — have your data deleted, where no legal obligation requires us to keep it;
  • Restriction — have processing limited while a dispute is resolved;
  • Portability — receive your data in a structured, machine-readable format;
  • Object — object to processing based on legitimate interests, and to direct marketing at any time and without justification;
  • Withdraw consent — at any time, without affecting the lawfulness of processing carried out before withdrawal.

To exercise any of these, email privacy@nordictechco.shop. We respond within one month, extendable by two further months for complex requests, in which case we will tell you why. There is no charge unless a request is manifestly unfounded or excessive.

Automated decision-making

We do not make decisions producing legal effects concerning you based solely on automated processing. Our payment processors run automated fraud scoring on transactions; a declined transaction can be reviewed by contacting us.

Complaints

If you believe we have handled your data unlawfully, we would like the chance to put it right — write to privacy@nordictechco.shop.

You also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement. In Italy this is the Garante per la protezione dei dati personali (Piazza Venezia 11, 00187 Roma — garanteprivacy.it).

Children

This store is not directed at children under 16. We do not knowingly collect their personal data. If you believe a child has provided us with personal data, contact us and we will delete it.

Changes

We may update this policy. Material changes will be announced on this page and, where the change affects processing based on your consent, we will ask for consent again. The date at the top reflects the current version.