Privacy policy

Privacy at Andre Blunt

We make a few good things, the way we see them. The same care goes into how we hold your data. We collect what an order needs and little more. We keep it only as long as the law and the work require. We never sell it.

This policy explains what personal data we process when you visit andreblunt.com or buy from us, why we process it, the legal basis for doing so, and the rights you hold under the General Data Protection Regulation (Regulation (EU) 2016/679, the GDPR) and Hungarian data protection law.

Who we are (the data controller)

The controller of your personal data is:

Andre Blunt Kft.
Registered office: 1085 Budapest, Jozsef korut 69. Fsz. 1. ajto, Hungary
Company registration number: 01-09-451918
VAT number: HU32967656
Email: hello@andreblunt.com
Website: andreblunt.com

For any question about this policy or your data, write to hello@andreblunt.com. We have not appointed a Data Protection Officer, as our processing does not require one under Article 37 GDPR. The address above remains the point of contact for all privacy matters.

What this policy covers

This policy covers personal data we process as a controller when you browse our site, place an order, contact us, or sign up to hear from us. It does not cover third-party websites we may link to. Those sites run their own policies, and we are not responsible for them.

The data we collect

We collect data in three ways: what you give us, what we record as you use the site, and what our service providers process to fulfil an order.

Data you give us

Order and delivery data: full name, shipping address, billing address, email address, and telephone number where provided.
Account data: if you create an account, your login credentials and saved order history.
Communications: the content of messages you send us, including by email, and our replies.
Marketing data: your email address and consent status if you subscribe to updates.

Data we collect as you use the site

Technical data: IP address, browser type and version, device type, operating system, and time zone.
Usage data: pages viewed, products viewed, time on page, referring source, and how you move through the site.
Cookie data: identifiers set by cookies and similar technologies. See the Cookies section below.

Payment data

We do not see or store your full card number. Payments are processed by our payment providers (for example Shopify Payments and, where offered, PayPal). They receive your card and payment details directly through their own secure systems and act as independent controllers for that data. We receive only confirmation of payment and limited transaction details needed to manage your order.

Why we use your data, and our legal basis

We process personal data only where the GDPR gives us a lawful basis. The table below sets out each purpose and the basis we rely on.

To fulfil your order

We use your order, delivery, and contact data to take payment, produce your items, ship them, and handle returns or exchanges. Legal basis: performance of a contract with you (Article 6(1)(b) GDPR).

To run our store and keep records

We use order and account data to manage your account, respond to enquiries, prevent fraud, and keep accurate business records. Legal basis: our legitimate interest in operating the store and protecting it (Article 6(1)(f) GDPR), and, for tax and accounting records, compliance with a legal obligation (Article 6(1)(c) GDPR).

To meet our legal obligations

We retain invoices and accounting records to comply with Hungarian tax and accounting law. We also process data where required to answer lawful requests from authorities. Legal basis: compliance with a legal obligation (Article 6(1)(c) GDPR).

To send marketing, where you have asked us to

If you subscribe, we use your email address to send news of new pieces and the occasional note from the house. Legal basis: your consent (Article 6(1)(a) GDPR). You can withdraw consent at any time, with no effect on processing carried out before withdrawal. Every email carries an unsubscribe link.

To understand and improve the site

We use analytics and cookie data to see how the site is used and to make it better. Where this relies on non-essential cookies, our legal basis is your consent (Article 6(1)(a) GDPR), collected through our cookie banner. Where we analyse aggregated, non-identifying data, we rely on our legitimate interest in improving the store (Article 6(1)(f) GDPR).

Cookies and similar technologies

Cookies are small files placed on your device. We use them in two groups.

Strictly necessary cookies make the site work: they keep your basket, hold your session, and secure checkout. These run without consent because the site cannot function without them.
Analytics and marketing cookies help us measure traffic and, where used, support advertising. These run only with your consent.

When you first visit, our cookie banner lets you accept or refuse non-essential cookies. You can change your choice at any time through the cookie settings on the site or by clearing cookies in your browser. Refusing non-essential cookies does not stop you shopping with us.

Who we share your data with

We share data only with the providers we need to run the house, and only for the purposes described here. Each acts as our processor under a written agreement that holds them to GDPR standards, unless noted as an independent controller.

Shopify: our e-commerce platform. Shopify hosts the store and processes order, account, and technical data so we can sell to you.
Printful: our production and fulfilment partner. Our items are made to order (print-on-demand), with production in 2 to 5 business days, then shipped worldwide. Printful receives the name, address, and order details needed to produce and dispatch your order.
Payment providers: Shopify Payments and, where offered, PayPal, who process your payment as independent controllers.
Analytics and marketing providers: standard analytics tools and, where used, advertising platforms, which receive usage and cookie data subject to your consent.
Shipping carriers: the couriers who deliver your order receive the delivery data needed to complete the delivery.
Professional advisers and authorities: accountants, lawyers, and public authorities, where the law requires or permits disclosure.

We do not sell your personal data. We do not share it for any purpose other than those set out in this policy.

International transfers

Some of our providers process data outside the European Economic Area, including in the United States. Where data leaves the EEA, we rely on a lawful transfer mechanism under Chapter V GDPR. This is usually the European Commission's Standard Contractual Clauses, or an adequacy decision where one applies to the destination country. You can ask us for details of the safeguards in place by writing to hello@andreblunt.com.

How long we keep your data

We keep personal data only as long as we need it for the purpose we collected it, or as long as the law requires.

Order and account data: for the life of your account, and afterwards for as long as needed to handle returns, warranty, and disputes.
Invoices and accounting records: for 8 years, as required by Hungarian accounting law (Act C of 2000 on Accounting).
Marketing data: until you unsubscribe or withdraw consent, after which we remove you from the list.
Analytics and cookie data: for the retention period set by the relevant tool, then deleted or anonymised.

When a retention period ends, we delete the data or anonymise it so it can no longer identify you.

Your rights

Under the GDPR you have the following rights over your personal data. You can exercise any of them by writing to hello@andreblunt.com.

Access: ask for a copy of the data we hold about you.
Rectification: ask us to correct data that is wrong or incomplete.
Erasure: ask us to delete your data, where there is no lawful reason for us to keep it.
Restriction: ask us to limit how we use your data in certain cases.
Objection: object to processing we base on legitimate interest, and object at any time to direct marketing.
Portability: ask for the data you gave us in a structured, common, machine-readable format, and ask us to send it to another controller where technically feasible.
Withdraw consent: withdraw any consent you gave us, at any time, without affecting processing already carried out.

We answer requests without undue delay and within one month, as the GDPR requires. There is no charge for a reasonable request. We may ask you to confirm your identity before we act, so that we release data only to the right person.

Automated decisions

We do not make decisions about you by automated means alone, and we do not carry out profiling that produces legal or similarly significant effects on you.

How we protect your data

We use appropriate technical and organisational measures to keep your data safe, including encryption in transit, access controls, and providers who are themselves held to recognised security standards. No system is ever entirely without risk, but we take the protection of your data seriously and review our measures as the house grows.

Children

Our store is intended for adults. We do not knowingly collect data from children under 16. If you believe a child has given us their data, write to hello@andreblunt.com and we will remove it.

How to complain

If you have a concern about how we handle your data, please come to us first at hello@andreblunt.com. We would rather put it right ourselves.

You also have the right to lodge a complaint with a supervisory authority. In Hungary this is the Hungarian National Authority for Data Protection and Freedom of Information (Nemzeti Adatvedelmi es Informacioszabadsag Hatosag, NAIH):

Address: 1055 Budapest, Falk Miksa utca 9-11, Hungary
Postal address: 1363 Budapest, Pf. 9
Telephone: +36 1 391 1400
Email: ugyfelszolgalat@naih.hu
Website: naih.hu

If you live in another EU country, you may also complain to the supervisory authority where you live or work.

Changes to this policy

We may update this policy as the house and the law change. When we do, we will post the new version here and update the date below. Where a change is significant, we will tell you by a clear notice on the site or by email.