Privacy Policy of CardAstro

Effective Date: November 10, 2025

CardAstro (“we,” “us,” or “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you visit www.cardastro.com and use our services, including purchases made through our WooCommerce store.

By using our website, you consent to this Privacy Policy. If you disagree, please refrain from using our site.

1. Information We Collect

We collect personal data to provide, improve, and secure our services. “Personal information” refers to any data that can identify you directly or indirectly.

Depending on your interactions and applicable law, we may collect:

  • Contact Details: Name, email address, phone number, billing and shipping addresses.

  • Account Details: Username, password, preferences, and profile information.

  • Payment Details: Payment method, card information (handled by third-party providers only), and transaction data.

  • Order & Transaction History: Purchases, returns, wishlists, and shopping behavior.

  • Communications: Messages, inquiries, reviews, or customer support chats.

  • Technical & Device Data: IP address, browser type, operating system, device ID, and connection logs.

  • Usage Data: Page views, session duration, referral URLs, and navigation paths.

  • Cookies & Tracking Data: Information collected through cookies, pixels, or similar technologies (see Section 3).

We may also derive inferences about your interests or preferences to improve recommendations and personalize offers.

2. How We Use Your Information

Your personal information is used to:

  • Process and fulfill orders via WooCommerce

  • Provide customer support and manage your account

  • Process payments securely through PayPal, Stripe, or WooCommerce Payments

  • Send transactional updates (order confirmations, shipping notices, etc.)

  • Send marketing emails or newsletters (if you have opted in)

  • Analyze website traffic and user behavior via Google Analytics

  • Improve our products, website performance, and user experience

  • Detect and prevent fraud or unauthorized access

  • Comply with legal, tax, and accounting obligations

  • Run loyalty, referral, or reward programs (if you participate)

  • Provide live chat or automated customer assistance tools

Processing is based on Article 6(1) GDPR:
(a) Consent (b) Contract performance (c) Legal obligation (f) Legitimate interest (security, analytics, marketing improvements).

3. Cookies and Tracking Technologies

We use cookies and similar technologies for essential website functions, analytics, and marketing.

Types of cookies:

  • Essential cookies: Required for cart, checkout, and login sessions.

  • Performance cookies: Measure traffic and improve usability.

  • Analytics cookies: Used by Google Analytics to track interactions.

  • Marketing cookies: Enable personalized advertising and remarketing (e.g., Google Ads, Facebook Pixel).

You can control or withdraw cookie consent anytime via your browser or our on-site cookie banner. Refusing cookies may affect certain site features.

Google Analytics
We use Google Analytics 4 (Google Ireland Limited) with IP anonymization enabled.
Google may process data such as IP address, device identifiers, and browsing actions.
You can opt out via the Google Analytics Opt-out Add-on.
More details: Google Privacy Policy.

4. Payment Processing

Payments are handled by trusted PCI-DSS-compliant processors:
PayPal (PayPal Europe S.à r.l.), Stripe Payments Europe Ltd., and WooCommerce Payments.

These providers collect and process payment data under their own terms.
We only receive transaction confirmations—never full card numbers.
Their privacy policies apply independently of ours.

5. Email Marketing & Newsletters

If you subscribe to our newsletter, we use your name and email address to send promotions, product news, and updates.
We use Mailchimp (The Rocket Science Group LLC, USA) or another GDPR-compliant provider.
Data may be transferred to the USA under Standard Contractual Clauses (SCCs).

You can unsubscribe anytime using the “Unsubscribe” link in any email.
Your consent remains the lawful basis for this processing.

6. Chat and Customer Support Tools

We may integrate live chat or helpdesk services (e.g., Tidio, Crisp, Zendesk, or similar) to provide real-time support.
When you start a chat, the provider may collect your IP address, browser details, and conversation history.
These tools act as data processors under GDPR and use secure transmission methods (TLS/SSL).
You can decline cookies or messaging pop-ups to avoid data collection.

7. Loyalty, Rewards, and Referral Programs

If you participate in a loyalty or referral program, we process basic identifiers (name, email, purchase history, points balance).
These may be managed via third-party apps integrated into WooCommerce.
Participation is voluntary, and you can withdraw at any time.
All such services comply with GDPR and CCPA standards.

8. Data Sharing and Disclosure

We may share your data with:

  • Hosting provider: NameCheap (secure EU or US servers)

  • Website platform: WordPress + WooCommerce

  • Analytics provider: Google Analytics

  • Email provider: Mailchimp

  • Payment processors: PayPal, Stripe, WooCommerce Payments

  • Shipping partners: DHL and DHL International

  • Chat or loyalty service providers (if used)

  • Legal or regulatory authorities, when required by law

We never sell or rent your personal data.

9. Data Retention

We retain data only for as long as necessary:

  • Orders, invoices, and account data – 7–10 years (legal requirement)

  • Support communications – up to 3 years

  • Marketing/email data – until consent is withdrawn

  • Analytics – stored only in aggregated or anonymized form

After expiry, data is securely deleted or anonymized.

10. Your Rights (GDPR / CCPA)

You may request to:

  • Access your personal data

  • Correct inaccurate or incomplete information

  • Request erasure (“Right to be forgotten”)

  • Restrict or object to processing

  • Receive your data in portable format

  • Withdraw consent at any time

To exercise these rights, email info@cardastro.com.
We may verify your identity before fulfilling the request.

11. Security

We employ robust security measures including:

  • SSL/TLS encryption

  • Secure NameCheap hosting

  • Regular WordPress and WooCommerce updates

  • Access control and encrypted backups

  • Security plugins and monitoring

While we take all reasonable precautions, no system is entirely immune from risk.

12. Children’s Privacy

Our website and services are not intended for individuals under 16 years of age.
We do not knowingly collect personal data from minors.
If such data is identified, it will be deleted promptly.

13. International Data Transfers

Data may be transferred to countries outside the EEA, particularly when using providers such as Google, Mailchimp, or PayPal.
Transfers occur under lawful safeguards, including Standard Contractual Clauses or adequacy decisions by the EU Commission.
These mechanisms ensure an adequate level of data protection.

14. Changes to This Privacy Policy

We may update this policy periodically to reflect operational, legal, or technological changes.
The latest version will always be available on this page with the updated Effective Date.
Material changes will be communicated via email or on-site notice.

15. Contact Us

If you have any questions, complaints, or requests regarding your personal data, please contact:

CardAstro
📧 Email: info@cardastro.com
🌐 Website: www.cardastro.com
🏢 Address: Aldanstr. 13, 16321 Bernau bei Berlin, Germany