Privacy Policy
This Privacy Policy explains how [company / store name] (“we”, “us”, “our”) collects, uses and protects personal data when you visit our website, place an order or contact us.
We process personal data in accordance with the General Data Protection Regulation (GDPR). The GDPR applies to organisations processing personal data of individuals in the EU and sets requirements for how personal data must be collected, stored and managed.
1. Data controller
The data controller responsible for your personal data is:
YourBrandUp OÜ
Registry code: 14536112
Email: info@thebrandnamedyou.com
2. Personal data we collect
When you place an order through our website, we may collect the following personal data:
- name;
- email address;
- billing address;
- shipping address;
- phone number, if required for delivery;
- order details, including the purchased book and order amount;
- payment status and transaction information;
- communication you send to us by email or through the website.
We do not store your full card details on our website.
3. How we use your personal data
We use your personal data for the following purposes:
- to process and fulfil your book order;
- to arrange shipping and delivery;
- to send order confirmations and order-related messages;
- to process payments;
- to handle customer support and order-related questions;
- to comply with accounting, tax and legal obligations;
- to protect our website, orders and payment process from fraud or misuse.
4. Legal basis for processing
We process your personal data on the following legal bases:
- Performance of a contract – to process your order, payment and delivery.
- Legal obligation – to keep accounting and transaction records where required by law.
- Legitimate interest – to manage customer communication, prevent fraud and maintain the security of our website.
- Consent – where consent is required, for example for optional marketing emails or non-essential cookies.
5. Payments through Stripe
Payments on our website are processed through Stripe. When you make a payment, Stripe may process payment-related personal data, such as card information, billing details, transaction details and information needed for fraud prevention and payment security. Stripe explains in its Privacy Policy how it collects, uses, retains, discloses and protects personal data provided to Stripe.
We do not receive or store your full card number, CVC code or other complete payment card details. We may receive limited payment information, such as payment status, transaction ID, card brand and the last four digits of the card, where this is necessary for order management and accounting.
6. Shipping and delivery
After your purchase, we will send you an order confirmation email. You can reply to this email with the postal address where you would like the book to be shipped.
Please note that shipping costs from Estonia are not included in the book price and will be added separately.
To deliver your order, we may process your name, email address, shipping address and, where necessary, your phone number. This information may be shared with delivery service providers only to the extent necessary to deliver your order.
7. Sharing of personal data
We may share your personal data with trusted service providers where necessary, including:
- payment processor: Stripe;
- shipping and delivery service providers;
- website hosting and technical service providers;
- accounting or legal service providers, where necessary;
- public authorities, if required by law.
We do not sell your personal data.
8. Data retention
We keep your personal data only for as long as necessary for the purposes described in this Privacy Policy.
Order and accounting records may be kept for the period required by applicable accounting and tax laws. Customer communication is kept for as long as necessary to resolve the matter and protect our legal interests.
9. Your rights
Under the GDPR, you have the right to:
- request access to your personal data;
- request correction of inaccurate data;
- request deletion of your personal data;
- request restriction of processing;
- object to processing based on legitimate interest;
- request data portability;
- withdraw consent, where processing is based on consent;
- lodge a complaint with a data protection authority.
The European Commission explains that individuals have the right to access their personal data and receive information about the purpose of processing, categories of data and recipients of the data.
To exercise your rights, contact us at: info@thebrandnamedyou.com
10. Cookies and analytics
Our website may use cookies and similar technologies to ensure the website works correctly, improve user experience and, where applicable, analyse website traffic.
Essential cookies are used to provide core website and checkout functionality. Non-essential cookies, such as analytics or marketing cookies, are used only where legally permitted or where you have given consent.
11. Security
We use reasonable technical and organisational measures to protect personal data against unauthorised access, loss, misuse or disclosure. However, no website or online transmission can be guaranteed to be completely secure.
12. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. The latest version will always be available on this page.
13. Contact
For questions about this Privacy Policy or the processing of your personal data, contact us at: info@thebrandnamedyou.com