Privacy Policy 

1.General Terms
    1.1. This Privacy Policy explains how Nordcrunch Ltd. Reg. No. 40003764071, Industriālais parks, Glūdas parish, Jelgava district, LV‑3040, Latvia, hereinafter referred to as the “Data      Controller”) collects, processes, and stores personal data obtained from its customers and visitors to the website www.nordcrunch.com (hereinafter referred to as “Data Subject” or “You”).
   1.2. Personal data means any information relating to an identified or identifiable natural person. Processing refers to any action performed on personal data, such as collection, recording, organization, use, viewing, deletion, or destruction.
   1.3. The Data Controller follows applicable legal principles regarding data processing and ensures that personal data are handled in compliance with applicable laws.

2. Collection, Processing, and Storage of Personal Data
  2.1. The Data Controller primarily collects, processes, and stores personally identifiable information through the online store and email communication.
  2.2. By visiting and using the services provided on the online store, You agree that any information provided will be used and managed in accordance with this Privacy Policy.
  2.3. The Data Subject is responsible for ensuring that the personal data submitted are accurate, complete, and correct. Deliberately providing false information is considered a violation of this Privacy Policy. You must promptly notify the Data Controller of any changes to the submitted personal data.
  2.4. The Data Controller is not liable for any losses incurred by the Data Subject or third parties resulting from inaccurate or false personal data provided.
3. Processing of Customer Personal Data
  3.1. The Data Controller may process the following personal data:
     3.1.1. Name and surname
     3.1.2. Delivery address
     3.1.3. Contact information (email and/or phone number)
     3.1.4. Transaction data (purchased items, price, payment information, etc.)
     3.1.5. Any other information provided during the purchase or while contacting the company
  3.2. The Data Controller reserves the right to verify submitted information using publicly available registers.
  3.3. The legal basis for processing personal data is provided by Article 6(1) of the General Data Protection Regulation (GDPR):
     a) Consent provided by the Data Subject;
     b) Processing necessary for the performance of a contract;
     c) Processing necessary to comply with a legal obligation;
     f) Processing necessary for the legitimate interests of the Data Controller or a third party, except where overridden by the interests, rights, or freedoms of the Data Subject.
  3.4. Personal data are stored as long as at least one of the following applies:
     3.4.1. Data are needed for the purposes they were collected;
     3.4.2. The Data Controller or Data Subject can exercise legitimate interests, e.g., raising objections or legal claims;
     3.4.3. There is a legal obligation to retain the data (e.g., accounting law);
     3.4.4. The Data Subject’s consent is still valid and there is no other lawful basis for processing.
Once these conditions cease, the personal data are irreversibly deleted or archived.
3.5. To fulfill obligations, the Data Controller may transfer personal data to partners or data processors acting on its behalf, such as accountants, couriers, or payment platforms. Payment processing is provided by everypay.eu, and necessary data may be shared with this platform. Upon request, personal data may also be disclosed to public authorities or law enforcement agencies.
3.6. Appropriate technical and organizational measures are implemented to ensure the security of personal data against accidental or unlawful destruction, alteration, disclosure, or unauthorized processing.
4. Rights of the Data Subject
4.1. Under GDPR and Latvian law, You have the right to:
4.1.1. Access your personal data, receive information about processing, and request a copy in electronic format or transfer it to another controller;
4.1.2. Request correction of inaccurate or incomplete data;
4.1.3. Request deletion (“right to be forgotten”), where legally allowed;
4.1.4. Withdraw consent at any time, if processing is based on consent;
4.1.5. Restrict processing — request temporary suspension of personal data processing;
4.1.6. Contact the Data State Inspectorate.
Requests may be submitted electronically at [email protected].
5. Final Provisions
5.1. This Privacy Policy is prepared in accordance with the European Parliament and Council Regulation (EU) 2016/679 (GDPR) and applicable Latvian laws.
5.2. The Data Controller reserves the right to update or amend this Privacy Policy at any time without prior notice. Changes take effect upon publication at www.nordcrunch.com.