Terms of service

  1. Who we are and scope We are the controller of the data processed through the Site. We operate the store on the Shopify platform and process payments through Stripe. This Policy applies to all pages under shoponlineword.store and to the official support channels listed here.
  2. What data we collect We collect only the data necessary to provide our services. Categories include: Account & identification: name, email, password (hashed), language/country. Prices are shown in EUR unless otherwise indicated and may change without notice. Prices **exclude VAT and import duties**; where applicable, such taxes are payable by you upon delivery. Payment data: processed by Stripe. We do not store full card numbers; we receive only payment tokens and status metadata. Support data: content you send via contact form, email or chat (including attachments if any). Technical & usage data: IP address, cookie identifiers, device/browser type, pages viewed, session duration, traffic source, cart/checkout interactions. Marketing & preference data: cookie consent choices, newsletter preferences, campaign/utm data (where consent or legitimate interest applies).
  3. Purposes and legal bases (Art. 6 GDPR) We process personal data for: Contract performance: create/manage your account; process orders; deliver products; customer support; billing and invoicing (Art. 6(1)(b)). For EU/UK orders shipped from outside your customs area, we **do not collect VAT at checkout and are not registered for OSS/IOSS**. Import VAT and any duties will be assessed by customs and **collected by the carrier upon delivery (DAP)**. Invoices issued by us reflect the amount paid to ShopWordON (items + shipping) and **do not display VAT charged by us**. Legitimate interests: site and checkout security; fraud prevention; improving products and user experience; aggregated analytics (Art. 6(1)(f)). Consent: marketing communications; analytics and advertising cookies; audience creation and remarketing where required (Art. 6(1)(a)). You may withdraw consent at any time without affecting prior processing.
  4. Cookies & similar tech We use cookies and similar technologies to operate the Site and measure performance. On first visit we display a consent banner where you can accept/decline non‑essential categories. Strictly necessary: store functionality, session, cart, checkout, security. (Legal basis: legitimate interest/contract.) Analytics (e.g., GA4): traffic and usage measurement. Enabled only with consent. Marketing/ads (e.g., Google/Meta): ad personalisation and remarketing. Enabled only with consent. You can manage cookies via the banner and browser settings. Blocking essential cookies may break Site functionality.
  5. Sharing & recipients We share personal data only with processors/service providers under appropriate data protection agreements: Shopify (e‑commerce/hosting, anti‑fraud, checkout). Stripe (payment processing). Logistics & carriers (shipping and tracking). Email/transactional & support (order communications and support). Analytics & advertising (consent‑based only, for metrics and campaigns). Public authorities when required by law. We do not sell personal data.
  6. International transfers - **EU/UK Customs & Duties:** For orders delivered into the EU/UK from outside your customs area, import VAT and/or duties may apply and are **collected by the carrier upon delivery (DAP)** according to your country’s rules. We do not currently offer Delivered Duty Paid (DDP). Customs inspections may cause delays beyond the stated estimates.
  7. Data retention We retain personal data only for as long as necessary for the purposes described or as required by law: Tax/accounting records: up to 10 years (or as required by local law). Account & order history: while the account remains active and for the period necessary to legal obligations/warranty. Cookies/analytics: as per each cookie’s lifespan (or until consent is withdrawn). Support tickets: up to 24 months after closure unless legal retention applies. After retention, data is securely deleted or anonymised.
  8. Your rights (EEA/UK) You have the following rights under the GDPR: Access to your personal data and information about processing; Rectification of inaccurate or incomplete data; Erasure (right to be forgotten) where applicable; Restriction of processing; Portability of data; Object to processing based on legitimate interests (including direct marketing); Withdraw consent at any time when processing is based on consent; Lodge a complaint with your local Supervisory Authority. To exercise rights, contact. We may request additional information to verify your identity.
  9. Automated decisions & profiling We do not make decisions solely based on automated processing that produce legal or similarly significant effects. Fraud detection systems (e.g., Shopify/Stripe) may conduct automatic risk analysis; you may request human review via the contact above.
  10. Security We implement appropriate technical and organisational measures (TLS encryption, access control, audit logs, environment segregation) to protect personal data. No system is 100% secure; in case of a relevant incident we will follow applicable notification procedures.
  11. Children The Site is not intended for individuals under 16 (or the minimum age in your country). We do not knowingly collect data from children. If you believe a child has provided data to us, contact us to remove it.
  12. Changes to this Policy We may update this Policy from time to time to reflect legal, technical or operational changes. The current version will always be available on the Site and show the last updated date. For material changes, we may request new consent or provide prominent notice.