Rated 4.8/5 by 200+ collectors ⭐ Secure checkout with transparent payment options 💳 Clear shipping updates and responsive support 🚚 Carefully listed sealed TCG products 💯 Rated 4.8/5 by 200+ collectors ⭐ Secure checkout with transparent payment options 💳 Clear shipping updates and responsive support 🚚 Carefully listed sealed TCG products 💯
0
0
HoloVaultCards privacy policy

Privacy Policy

Privacy Policy

Last updated: 26 June 2026

This Privacy Policy explains how HoloVaultCards.com collects, uses, stores, and protects personal data when you visit our website, place an order, contact us, subscribe to our newsletter, or use our services.

1. Controller

The controller responsible for data processing on this website is:

HoloVaultCards GbR
Represented by: Jennifer Köster
Neuwerkstraße 4
99084 Erfurt
Germany

E-Mail: [email protected]
Website: https://holovaultcards.com

2. Personal Data We Process

Depending on how you use our website, we may process the following categories of personal data:

  • Name and contact details, such as email address, billing address, and shipping address
  • Order details, such as purchased products, order number, order status, delivery status, and invoice information
  • Payment-related information, such as selected payment method, payment status, transaction references, and fraud-prevention information
  • Communication data, such as messages sent by email, contact forms, or support requests
  • Technical data, such as IP address, browser type, device type, operating system, visited pages, referrer URL, access time, and log files
  • Newsletter data, if you subscribe to marketing emails
  • Review data, if you submit a product review
  • Cookie and consent data, such as cookie preferences and consent records

3. Purposes and Legal Bases

We process personal data for the following purposes:

  • To provide and operate the online shop
  • To process orders, payments, shipping, returns, and customer support
  • To communicate with customers about orders, questions, or complaints
  • To comply with legal accounting, tax, and commercial retention obligations
  • To protect the website against fraud, abuse, spam, bots, attacks, and technical misuse
  • To improve the website, user experience, product pages, and shop functionality
  • To send newsletters or marketing emails if the customer has subscribed
  • To display and manage product reviews

The legal bases for processing are:

  • Art. 6(1)(b) GDPR: processing necessary for the performance of a contract or pre-contractual steps
  • Art. 6(1)(c) GDPR: processing necessary to comply with legal obligations
  • Art. 6(1)(f) GDPR: processing based on our legitimate interests, such as website security, fraud prevention, customer support, and shop improvement
  • Art. 6(1)(a) GDPR: processing based on consent, for example for newsletters or non-essential cookies where required

4. Orders and Customer Accounts

When you place an order, we process the data required to complete the purchase, including name, email address, billing and shipping address, purchased products, order value, payment status, and shipping information.

This data is required to process your order, provide customer support, manage returns or complaints, and comply with tax and accounting obligations.

If customer accounts are available, we process login and account data so that customers can view order history, manage their information, and use shop features.

5. Payment Processing

When you select a payment method during checkout, payment-related data may be transferred to the relevant payment provider, payment gateway, on-ramp provider, wallet provider, bank, card processor, or fraud-prevention service.

Depending on the payment method selected, the payment provider may process your data independently under its own privacy policy. This may include payment verification, fraud checks, compliance checks, transaction processing, chargeback handling, or legally required identity checks.

If crypto, blockchain, wallet, or on-ramp payment methods are used, transaction information may be processed by external payment providers and may also be recorded on public or semi-public blockchain networks depending on the payment method used.

6. Shipping and Delivery

To deliver orders, we may transfer the required shipping data to delivery companies, logistics providers, fulfillment partners, customs service providers, or tracking service providers.

This usually includes the customer’s name, delivery address, email address, phone number if provided, order reference, and shipment details.

7. Contact and Customer Support

If you contact us by email, contact form, or other communication channels, we process your message, contact details, and any information you provide in order to answer your request.

We may keep support communication for documentation, fraud prevention, legal defense, and customer service purposes.

8. Newsletter and Marketing Emails

If you subscribe to our newsletter, we process your email address and, if provided, your name and preferences in order to send marketing emails, product updates, offers, and shop news.

Newsletter emails are sent only with your consent. You can unsubscribe at any time by using the unsubscribe link in the email or by contacting us at: [email protected].

After unsubscribing, we may store your email address in a suppression list to make sure you do not receive further marketing emails.

9. Product Reviews

If you submit a product review, we may process your name, review text, rating, product reference, date, and verification status.

Reviews may be displayed publicly on the product page. Please do not include private or sensitive personal information in product reviews.

We reserve the right to moderate or remove reviews that are abusive, fake, illegal, misleading, spam, or unrelated to the product.

10. Website Logs, Security and Live Traffic Data

When you visit our website, our server and security systems may automatically process technical data such as IP address, browser type, device type, operating system, referrer URL, pages visited, access time, country or approximate location, and error logs.

We use this data to keep the website secure, detect abuse, block bots or attacks, prevent fraud, troubleshoot errors, and improve shop performance.

If live traffic or analytics features are enabled, we may process technical visitor information such as visited pages, session activity, device type, browser type, country, and visit frequency. Where legally required, non-essential analytics or tracking will only be used with consent.

11. Cookies and Similar Technologies

Our website uses cookies and similar technologies to operate the shop and improve user experience.

Essential cookies may be used for functions such as cart contents, checkout, login, security, language settings, consent management, and payment processing. These cookies are necessary for the website to work properly.

Non-essential cookies, such as analytics, marketing, tracking, or personalization cookies, are only used where legally permitted and, where required, after the customer has given consent.

You can manage or delete cookies in your browser settings. If you disable essential cookies, some shop functions may not work correctly.

12. Hosting, CDN and Security Providers

Our website is hosted by external technical service providers. Hosting providers may process website data, server logs, database data, order data, email data, and technical security data on our behalf.

We may also use CDN, firewall, caching, anti-bot, or security services to protect and speed up the website. These providers may process IP addresses, request data, device information, and security logs.

If Cloudflare or a similar CDN/security provider is active on the website, visitor requests may be routed through that provider’s servers for security, caching, and performance purposes.

13. Media, Uploaded Files and Images

If you upload files, images, screenshots, or other content through our website or support channels, we process this content to provide the requested service, handle your order, or answer your support request.

Please do not upload unnecessary personal, sensitive, or third-party data.

14. Recipients of Personal Data

We may share personal data with the following categories of recipients where necessary:

  • Hosting and IT service providers
  • Payment providers, payment gateways, on-ramp providers, banks, wallet providers, and fraud-prevention services
  • Shipping companies, logistics providers, and tracking services
  • Email and newsletter service providers
  • Accounting, tax, and legal service providers
  • Authorities, courts, or regulators where legally required
  • Security, CDN, anti-bot, and analytics providers where used

We do not sell personal data.

15. International Data Transfers

Some service providers may process data outside the European Economic Area. If personal data is transferred to countries outside the EEA, we use appropriate safeguards where required, such as adequacy decisions, standard contractual clauses, or other legally recognized transfer mechanisms.

16. Data Retention

We store personal data only for as long as necessary for the purposes described in this Privacy Policy.

Order, invoice, payment, accounting, and tax-related data may be stored for the legally required retention periods under German commercial and tax law.

Support messages are stored for as long as needed to handle the request and protect our legal interests.

Newsletter data is stored until you unsubscribe or withdraw consent, unless further storage is legally required.

Technical logs are usually stored for a limited period unless longer storage is necessary for security, fraud prevention, troubleshooting, or legal purposes.

17. Your Rights

Under the GDPR, you may have the following rights:

  • Right of access to your personal data
  • Right to rectification of incorrect or incomplete data
  • Right to erasure of your data
  • Right to restriction of processing
  • Right to data portability
  • Right to object to processing based on legitimate interests
  • Right to withdraw consent at any time with effect for the future
  • Right to lodge a complaint with a data protection supervisory authority

To exercise your rights, please contact us at: [email protected].

We may need to verify your identity before processing your request.

18. Right to Object

If we process personal data based on legitimate interests under Art. 6(1)(f) GDPR, you have the right to object to this processing for reasons arising from your particular situation.

If personal data is processed for direct marketing, you can object to this at any time.

19. Right to Withdraw Consent

If processing is based on consent, you can withdraw your consent at any time with effect for the future. The withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

20. Complaint to a Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates data protection law.

For HoloVaultCards in Thuringia, the competent supervisory authority may be:

Thüringer Landesbeauftragter für den Datenschutz und die Informationsfreiheit
Häßlerstraße 8
99096 Erfurt
Germany
Website: https://www.tlfdi.de

21. Children

Our shop is not directed at children under the age of 16. If we become aware that personal data of a child has been processed without the required legal basis or consent, we will delete the data where legally required.

22. Changes to This Privacy Policy

We may update this Privacy Policy from time to time if our website, services, legal obligations, or data processing activities change.

The current version is always available on HoloVaultCards.com.