Privacy Policy
1. Who We Are (Data Controller)
⚠ Complete next week: Add your registered business name, address, company number, and VAT number here once you receive them. These are required by GDPR Art. 13 and the EU eCommerce Directive.
Business name: Vanguard Cases
Website: vanguardcase.online
Contact email: vanguardcasesltd@gmail.com
Registered address: [To be added — next week]
Company registration no.: [To be added — next week]
VAT number: [To be added — next week]
We are the data controller for all personal data collected through this website. We are subject to the EU General Data Protection Regulation (GDPR) (Regulation 2016/679).
2. What Personal Data We Collect
When you place an order
First name, last name, email address, phone number (optional), shipping address, billing name, and payment information. Your card details (number, expiry, CVV) are entered directly into Stripe's secure form and are never transmitted to or stored on our servers.
When you submit a contact or collaboration form
Full name, email address, phone number (optional), and the content of your message.
When you visit our website
We store the following data in your browser's local storage (not cookies):
- Shopping cart — items you've added, stored locally in your browser. No account or login required. This data never leaves your device unless you proceed to checkout.
- Display preference (dark/light mode) — only stored if you give consent. If you choose "Essential Only" on the consent banner, this preference is not saved and the site defaults to dark mode each visit.
We do not use tracking cookies, advertising pixels, Google Analytics, or any third-party analytics tools.
Google Fonts
This website loads fonts (Montserrat, Inter, Great Vibes) from Google's servers (fonts.googleapis.com and fonts.gstatic.com). When your browser loads these fonts, your IP address is transferred to Google LLC (United States). This transfer is governed by the EU–US Data Privacy Framework and Google's standard contractual clauses. See Google's Privacy Policy for details. We plan to self-host these fonts in a future update to eliminate this transfer.
3. Why We Process Your Data — Legal Basis
Under GDPR Art. 6, we must have a lawful basis for every type of processing. The table below explains each activity:
| Processing activity | Legal basis (GDPR Art. 6) | Details |
|---|---|---|
| Processing and fulfilling your order | Art. 6(1)(b) — Contractual necessity | We cannot fulfil your order without your name, email, and shipping address. |
| Sending your order confirmation email | Art. 6(1)(b) — Contractual necessity | Required to confirm your purchase and provide your order reference. |
| Maintaining payment records | Art. 6(1)(c) — Legal obligation | Financial and VAT records must be kept for 7 years under EU accounting law. |
| Responding to contact / collaboration enquiries | Art. 6(1)(f) — Legitimate interests | We have a legitimate interest in responding to messages sent to us. You may object at any time. |
| Saving your display preference (dark/light mode) | Art. 6(1)(a) — Consent | Only stored if you click "Accept All" on the consent banner. You can withdraw consent by clearing your browser's local storage. |
| Loading fonts from Google's servers | Art. 6(1)(f) — Legitimate interests | We have a legitimate interest in providing a consistent visual experience. Your IP is transferred to Google — see Section 2. |
4. How Long We Keep Your Data
| Data type | Retention period | Reason |
|---|---|---|
| Order records (name, email, address, amount) | 7 years | EU accounting and VAT legal obligations |
| Contact / collaboration form submissions | 2 years | In case of follow-up enquiries or disputes |
| Shopping cart (browser local storage) | Until you clear your browser data or complete your order | Stored only on your device |
| Display preference (browser local storage) | Until you clear your browser data or withdraw consent | Stored only on your device (if you consented) |
5. Third-Party Processors
We share your data with the following third parties, each of whom is bound by GDPR-compliant data processing agreements:
| Processor | Purpose | Country | Safeguards |
|---|---|---|---|
| Stripe, Inc. | Payment processing. Receives your card details, billing name, email, and billing address to process transactions. | United States | EU–US Data Privacy Framework; Stripe's Standard Contractual Clauses |
| Google LLC | Font delivery (Google Fonts CDN). Receives your IP address when fonts are loaded. | United States | EU–US Data Privacy Framework; Google's Standard Contractual Clauses |
| Gmail / Google Workspace | Email delivery for order confirmations and form responses. | United States | EU–US Data Privacy Framework; Google's Standard Contractual Clauses |
We do not sell, rent, or trade your personal data to any other third party.
6. Your Rights Under GDPR
As an EU/EEA resident, you have the following rights regarding your personal data:
- Right of access (Art. 15) — You can request a copy of all personal data we hold about you.
- Right to rectification (Art. 16) — You can ask us to correct inaccurate data.
- Right to erasure / "right to be forgotten" (Art. 17) — You can ask us to delete your data, subject to our legal retention obligations.
- Right to restriction (Art. 18) — You can ask us to pause processing your data in certain circumstances.
- Right to data portability (Art. 20) — You can request your data in a machine-readable format.
- Right to object (Art. 21) — You can object to processing based on legitimate interests (e.g., contact-form responses).
- Right to withdraw consent (Art. 7(3)) — If processing is based on your consent (display preference), you can withdraw it at any time by clearing your browser's local storage.
To exercise any of these rights, email us at vanguardcasesltd@gmail.com. We will respond within 30 days. We may need to verify your identity before processing your request.
7. Right to Lodge a Complaint
If you believe we are processing your personal data unlawfully, you have the right to lodge a complaint with your national data protection authority. In Malta, this is the Information and Data Protection Commissioner (IDPC).
8. Data Security
We take reasonable technical and organisational measures to protect your data. All payments are processed over encrypted HTTPS connections. Card details are handled entirely by Stripe and are PCI DSS compliant. We do not store payment card information on our servers.
9. Changes to This Policy
We may update this policy from time to time. The "Last updated" date at the top of this page will always reflect the most recent version. For significant changes, we will notify you by email if you have an active order.
10. Contact & Data Enquiries
For any privacy-related questions or to exercise your rights, contact us at:
Email: vanguardcasesltd@gmail.com
Website: vanguardcase.online