Privacy Policy

Last updated: November 17, 2024

Who We Are

Our website address is: https://hierro.store. We operate an e-commerce website that accepts both traditional card payments and Bitcoin.

What Personal Data We Collect and Why

Essential Shopping Data

When you use our store, we collect:

  • Products you’ve viewed
  • Basic location and IP address (for tax and shipping estimates)
  • Browser type and version
  • Shopping cart contents (stored temporarily via cookies)

Checkout Information

During checkout, we collect:

  • Name
  • Email address
  • Billing address
  • Shipping address
  • Phone number
  • Purchase details
  • Payment information (processed securely through our payment providers)

This information is used to:

  • Process and fulfill your orders
  • Send order confirmations and updates
  • Handle refunds and support requests
  • Comply with tax and accounting requirements
  • Prevent fraud
  • Improve our store offerings

Account Information

If you create an account, we store:

  • Your name
  • Email address
  • Password (encrypted)
  • Address information
  • Order history

Comments

If you leave comments, we collect:

  • Comment content
  • Name
  • Email address
  • IP address (for spam detection)
  • Browser user agent string

If you use Gravatar for your avatar, your email hash may be shared with their service (see: https://automattic.com/privacy/).

Media

Please note: if you upload images, avoid those with embedded location data (EXIF GPS). Visitors can download and extract location data from website images.

Cookies

We use cookies for:

Essential Store Functionality

  • Shopping cart contents
  • Session management
  • Order processing

Payment Processing

  • Stripe-specific cookies:
  • wp_woocommerce_session_HASH
  • stripe_mid
  • stripe_sid

Optional Features

  • Comment author details (if you opt-in)
  • Login persistence (lasts 2 days, or 2 weeks with “Remember Me”)
  • Screen preferences

Payment Processing

Stripe Payments

When you pay with a card, we share necessary data with Stripe:

  • Name
  • Email
  • Billing address
  • Transaction amount
  • Payment card details (processed directly by Stripe, never stored on our servers)

Stripe’s privacy policy: https://stripe.com/gb/privacy

Data Security

  • All payment data is encrypted using SSL/TLS
  • We are PCI DSS compliant through Stripe
  • Full card details are never stored on our servers

Data Sharing

Who Has Access

Our team members can access:

  • Order details
  • Customer information
  • Shipping information

This access is limited to fulfilling orders, processing refunds, and providing customer support.

Third-Party Services

We share data with:

  • Stripe (payment processing)
  • Shipping providers (delivery services)
  • Automated spam detection services (for comments)

Data Retention

We retain data for:

  • Order information: 7 years (tax/accounting requirements)
  • Account information: Until you delete your account
  • Comments: Indefinitely (for comment threading)
  • Cart sessions: 24 hours
  • Payment records: As required by financial regulations

Your Rights

You have the right to:

  • Access your personal data
  • Receive an export of your data
  • Request deletion of your data
  • Correct any inaccurate data
  • Object to our data processing

Note: Some data must be retained for legal, administrative, or security purposes.

Additional Information

Security Measures

  • SSL/TLS encryption for all traffic
  • Secure password storage
  • Regular security updates
  • Limited staff access to personal data

Privacy Policy Updates

We may update this policy occasionally. Significant changes will be notified through our website.

Contact Information

For privacy-related questions:

Legal Basis

This privacy policy complies with:

  • GDPR requirements
  • CCPA requirements
  • Local privacy laws
  • PCI DSS requirements (via Stripe)

For specific questions about payment data handling, please consult privacy@hierro.store.