Privacy Policy

Privacy Policy

Last updated: [12.04.2025]

This Privacy Policy explains how Heartless Castles (“we”, “us”, “our”) collects, uses, and protects your personal data when you visit our website or interact with our services.

We are committed to ensuring that your privacy is protected and handled in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR).

1. Who We Are

Heartless Castles 
Mõisa 3, 21006 Narva, Estonia
Email: heartlesscastles.mgmt@gmail.com

2. What Information We Collect

We may collect the following types of personal data:

  • Contact details (name, email, phone number)
  • Shipping and billing address
  • Order and payment details
  • Account information (if created)
  • Device and browsing data (IP address, browser type, pages visited)
  • Communication history (emails, customer support messages)

We do not store full credit card numbers. Payments are securely handled by Shopify and its partners.

3. How We Use Your Information

We use your data to:

  • Process and ship your orders
  • Provide customer support
  • Improve our website and services
  • Send promotional emails (only with your consent)
  • Comply with legal obligations

4. Legal Basis for Processing

We process your data based on:

  • Your consent (e.g., newsletter sign-up)
  • Our contract with you (order fulfillment)
  • Legal obligations (e.g., tax records)
  • Our legitimate interests (e.g., analytics, fraud prevention)

5. Data Storage and Security

We store your data on secure servers provided by Shopify and follow strict security measures to protect it.

6. Data Retention

We retain your data only as long as necessary:

  • Order and tax data – up to 7 years (legal requirement)
  • Account and contact data – as long as your account is active
  • Marketing data – until you unsubscribe

7. Sharing Your Information

We only share your data with trusted partners, such as:

  • Shopify (e-commerce platform)
  • Payment processors (e.g., Stripe, PayPal)
  • Shipping partners
  • Email marketing services
  • Legal authorities (if required by law)

We never sell your personal data.

8. Cookies

We use cookies to enhance your experience. These include:

  • Essential cookies (for website functionality)
  • Performance cookies (e.g., Google Analytics)
  • Marketing cookies (e.g., Meta Pixel)

You can disable cookies via your browser settings. 

9. Your Rights (EU / GDPR)

You have the right to:

  • Access your data
  • Correct inaccurate data
  • Request deletion
  • Restrict or object to processing
  • Request data portability
  • Withdraw consent at any time

To exercise your rights, contact us at heartlesscastles.mgmt@gmail.com.

10. Marketing Communications

You will only receive marketing communications if you have opted in. You can unsubscribe anytime via the link in our emails.

11. Children’s Privacy

Our website is not intended for children under 16. We do not knowingly collect data from minors.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Please check this page regularly for any changes.

13. Contact Us

If you have questions about this Privacy Policy or how your data is used, please contact us:

Heartless Castles 
Email: heartlesscastles.mgmt@gmail.com
Address: Mõisa 3, 21006 Narva, Estonia