Payment & Security
We ensure that the payment processing for your orders is secure and compliant with applicable data protection regulations. The personal data processed for the execution of payments is protected by the respective payment service providers, according to their own Privacy Policies.
The legal basis for processing the data necessary for the completion of payments is art. 6 par. 1 b) GDPR (processing is necessary for the execution of a contract in respect of which you are the beneficiary) and art. 6 par. 1 f) GDPR (processing is necessary for the legitimate interests pursued by the controller or by a third party).
A. Shopify Payments
Payments on our website are processed through Shopify Payments, a service operated by Shopify Inc., headquartered at 151 O’Connor Street, Ground Floor, Ottawa, Ontario K2P 2L8, Canada, and Shopify International Ltd., based at 2nd Floor 1-2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32, Ireland.
Shopify Payments processes the following categories of data:
-
Identity information: name, billing address, email address;
-
Payment information: credit or debit card details (such as card number, expiry date, security code);
-
Transaction details: purchased items, transaction amount, date and time of payment.
The purposes of data processing include:
-
Processing and managing payments;
-
Preventing fraud and unauthorized transactions;
-
Ensuring compliance with legal obligations, including anti-money laundering regulations.
Payments are processed using encrypted technology compliant with the PCI DSS (Payment Card Industry Data Security Standard) requirements. All card transactions are subject to 3D Secure authentication, where applicable, in compliance with PSD2 regulations for Strong Customer Authentication (SCA).
You can review Shopify's Privacy Policy here: https://www.shopify.com/legal/privacy.
B. Stripe
Stripe is another payment service provider we use for processing online transactions. Stripe Payments Europe, Ltd., located at The One Building, 1 Grand Canal Street Lower, Dublin 2, Co. Dublin, Ireland, processes your personal data in accordance with GDPR requirements.
Stripe processes personal data such as:
-
Identity information: name, billing address, email address;
-
Payment information: card details, bank account information (for certain payment methods);
-
Transaction information: amount paid, date and time of payment, transaction reference.
Stripe uses this information for:
-
Processing payments and completing transactions;
-
Fraud detection, prevention, and compliance with financial regulations;
-
Managing refunds and chargebacks if necessary.
Stripe uses secure encryption technology and complies with PCI DSS standards. You can access Stripe’s Privacy Policy here: https://stripe.com/privacy.
C. Security of Your Payment Information
We are committed to maintaining the highest standards of security when it comes to your payment information. We implement appropriate technical and organizational measures to ensure the confidentiality, integrity, and availability of your data, including:
-
SSL (Secure Socket Layer) encryption for all data transmitted during the checkout process;
-
Regular security monitoring and system updates;
-
Restricted access to payment information to authorized personnel only;
-
Protection against data breaches and unauthorized access.
At no time do we store your full credit or debit card information on our servers. Payment processing is handled entirely by certified third-party providers.