This Privacy Policy applies to the online store operated under Hooknestbasics and explains how personal data is handled in accordance with applicable European data protection laws, including Regulation (EU) 2016/679 (General Data Protection Regulation, GDPR).
Data Controller
The data controller is:
Hooknestbasics
Email: basic@hooknestbasics.com
Telephone: +421 905 438 762
Address: Hlavná 58, 811 01 Bratislava, Slovakia
Personal Data Collected
Personal data may be collected when customers place an order, contact customer support, or interact with the website. This may include:
* Name
* Email address
* Telephone number
* Billing and delivery address
* Order-related information
Purpose of Processing
Personal data is processed for the following purposes:
* Processing and fulfilling orders
* Managing customer communication
* Handling enquiries and support requests
* Maintaining internal records related to transactions
* Meeting applicable legal obligations under EU and Slovak regulations
Legal Basis for Processing
Personal data is processed on the basis of:
* Performance of a contract (order handling and fulfilment)
* Legal obligations applicable to commercial record keeping
* Legitimate interests related to the operation of an online retail service
Payment Processing & Security
Payments are processed securely through our verified payment gateway, Stripe.
We do not process, record, or store your full credit card numbers or sensitive payment details on our own servers. When payment is made, certain necessary transaction data is encrypted and transmitted directly to Stripe for the purpose of processing transactions, preventing fraudulent activity, and completing payment authorisation. Stripe processes such data as an independent data controller in accordance with its own privacy policy and strict PCI-DSS compliance standards.
Data Retention
Personal data is retained only for as long as necessary for the purposes for which it was collected:
* Order and transaction records: typically retained for up to 10 years, in line with applicable accounting and tax obligations under EU and Slovak law.
* Customer communication records: retained for a reasonable period necessary to handle enquiries and maintain service continuity, generally up to 24 months after the last interaction.
* Marketing-related preferences (if applicable): retained until consent is withdrawn or no longer relevant.
After the relevant retention periods, data is deleted or anonymised unless further retention is required under legal obligations.
Data Sharing
Personal data is not sold or disclosed to unrelated third parties. To support our direct-to-consumer operations and in-house fulfillment, data may only be shared with necessary partners for:
* Secure payment processing (Stripe)
* Internal order handling and proprietary warehousing dispatch
* Shipping and delivery carriers (to deliver your physical orders)
* Compliance with legal obligations
All such parties are required to handle personal data in accordance with applicable data protection regulations.
Data Security Measures
Appropriate organisational and technical measures, including SSL encryption, are applied to protect personal data against unauthorised access, alteration, disclosure, or destruction, in line with GDPR requirements.
Your Rights
Under applicable data protection laws, individuals may exercise the following rights:
* Access to personal data
* Rectification of inaccurate data
* Erasure of data where applicable
* Restriction of processing
* Objection to processing in certain cases
* Data portability where applicable
Requests relating to personal data can be submitted using the contact details provided above.
International Data Transfers
Where personal data is transferred outside the European Economic Area, appropriate safeguards are applied in accordance with GDPR requirements.
Changes to This PolicyThis Privacy Policy may be updated from time to time to reflect legal, operational, or regulatory changes. The latest version will always apply.