Last updated: March 2026 · Effective date: March 15, 2026
1. Data Controller
VGUARD Capital S.L. ("we", "us", "Heritage Knittings"), a company registered in Spain, is the data controller responsible for your personal data. For questions regarding this policy, contact privacy@heritageknittings.com.
2. What We Collect
We collect only what is necessary to provide our services:
- Account data — name, email address, phone number
- Order data — shipping and billing address, payment method, order history
- Browsing data — pages visited, browser type, device, IP address (via cookies)
- Communications — messages you send us, reviews, survey responses
We do not collect sensitive personal data (health, ethnicity, political views, biometrics).
3. Why We Process Your Data
Each processing activity has a specific legal basis under GDPR Article 6:
- Contract performance (Art. 6(1)(b)) — processing orders, managing your account, handling returns
- Legal obligation (Art. 6(1)(c)) — tax records, fraud prevention, regulatory compliance
- Legitimate interest (Art. 6(1)(f)) — improving our website, preventing abuse, basic analytics
- Consent (Art. 6(1)(a)) — marketing emails, optional analytics cookies, product reviews
4. Who Receives Your Data
We share data only with processors who need it to deliver our services:
- Shopify Inc. — e-commerce platform, order processing, payment handling
- Payment providers — Shopify Payments, PayPal, Klarna (depending on your choice)
- Shipping carriers — for order delivery (name, address, phone)
- Cloudflare Inc. — website hosting, CDN, security
- Resend Inc. — transactional email delivery
We never sell, rent, or trade your personal data. All processors are bound by data processing agreements.
5. International Transfers
Some of our processors (Shopify, Cloudflare) operate in the United States and Canada. These transfers are protected by EU Standard Contractual Clauses (SCCs) as approved by the European Commission, ensuring an adequate level of data protection in compliance with GDPR Chapter V.
6. Cookies
We use two categories of cookies:
- Essential cookies — required for site functionality (cart, session, language preference, currency). These cannot be disabled.
- Analytics cookies — help us understand how visitors use our site. Only activated with your consent via the cookie banner.
You can change your cookie preferences at any time via the cookie settings in your browser or our cookie banner.
7. Data Retention
- Order and transaction data — 7 years (Spanish and EU tax law)
- Account data — until you request deletion or 3 years after last activity
- Marketing consent — until you unsubscribe
- Analytics data — 26 months maximum
- Support communications — 2 years after resolution
8. Your Rights Under GDPR
You have the following rights regarding your personal data:
- Access (Art. 15) — obtain a copy of your personal data
- Rectification (Art. 16) — correct inaccurate data
- Erasure (Art. 17) — request deletion ("right to be forgotten")
- Restriction (Art. 18) — limit how we process your data
- Portability (Art. 20) — receive your data in a machine-readable format
- Objection (Art. 21) — object to processing based on legitimate interest
- Withdraw consent (Art. 7(3)) — at any time, without affecting prior processing
To exercise any right, email privacy@heritageknittings.com. We will respond within 30 days.
9. Data Security
We protect your data using TLS/SSL encryption for all data in transit, secure hosting via Cloudflare with DDoS protection, hashed authentication tokens (no plaintext passwords stored), and access controls limiting employee access to personal data on a need-to-know basis.
10. Children
Our services are not directed at individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, contact us and we will delete it promptly.
11. Changes to This Policy
We may update this policy to reflect changes in our practices or legal requirements. Material changes will be communicated via email or a notice on our website. The "last updated" date at the top always reflects the most recent version.
12. Complaints & Contact
If you are unsatisfied with how we handle your data, you have the right to lodge a complaint with your local supervisory authority. For EU residents, this is typically the data protection authority in your country of residence. For Norwegian residents, contact Datatilsynet (datatilsynet.no).
Data Controller:
VGUARD Capital S.L.
Email: privacy@heritageknittings.com
This policy is governed by Norwegian law and the EU General Data Protection Regulation (Regulation 2016/679). Disputes shall be resolved in Rogaland district court, Norway.