1. INTRODUCTION

1.1. The following Privacy Policy (hereinafter referred to as the “Policy”) is established, documented, and publicly made available pursuant to applicable data protection laws and frameworks, including but not limited to the General Data Protection Regulation (EU) 2016/679, as amended, supplemented, or reinterpreted by competent supervisory authorities, and sets forth the conditions, modalities, legal bases, procedural standards, and data subject rights pertaining to the processing, handling, collection, dissemination, retention, pseudonymization, minimization, and transfer of personal data, which, for the purposes of this Policy, shall be construed broadly and interpreted to include all information capable, either directly or indirectly, and whether by inference or combination with other data points, of identifying an individual natural person.

1.2. This Policy is applicable to all Users who, whether intentionally or unintentionally, voluntarily or incidentally, directly or through automated means, access, browse, navigate, interact with, transmit data to, or otherwise engage with the website located at the domain www.thespacebar.shop, as owned and operated by Spacebar Computer Shop, an entity organized and existing under the laws of its jurisdiction of incorporation (hereinafter referred to as the “Data Controller”).

​

2. DEFINITIONS

2.1. For the purposes of this Policy, the following terms shall be defined as follows, with such definitions applying equally in the singular and plural forms, and regardless of grammatical tense:

(a) “Personal Data” means any information, including but not limited to names, addresses, email addresses, identification numbers, location data, online identifiers, or factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of the data subject, that enables or facilitates the identification of such data subject directly or indirectly;

(b) “Processing” means any operation or set of operations performed upon Personal Data, whether or not by automated means, including but not limited to collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, alignment, combination, restriction, erasure, or destruction;

(c) “Data Subject” means any identified or identifiable natural person whose Personal Data is collected, stored, or otherwise processed by or on behalf of the Data Controller;

(d) “Data Controller” means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data;

(e) “Data Processor” means a natural or legal person, public authority, agency, or other body that processes Personal Data on behalf of the Data Controller;

(f) “Cookies” means small files that are stored on the data subject’s device for the purpose of recording technical, navigational, or behavioral data during the course of interaction with the Website.

​

3. CATEGORIES OF PERSONAL DATA COLLECTED

3.1. The Data Controller, either directly or through authorized third-party service providers, may, in accordance with applicable legal bases and data minimization principles, collect, retain, and process the following categories of Personal Data, the exact scope and content of which may vary depending on the nature and extent of the User’s interaction with the Website:

(a) Identifying information, including but not limited to name, surname, and date of birth;
(b) Contact details, including mailing address, email address, and telephone number;
(c) Transactional information, including purchase history, billing data, and order preferences;
(d) Technical data, including IP address, browser type, operating system, and session metadata;
(e) Behavioral and usage data derived from cookies and similar tracking technologies.

3.2. The collection and processing of such Personal Data shall be limited to what is necessary for the specified purposes, which are described in Section 4 hereinbelow, and shall not be retained for any duration exceeding the period reasonably required for the fulfillment of those purposes, unless a longer retention period is required or permitted by applicable law.

​

4. PURPOSES AND LEGAL BASES FOR PROCESSING

4.1. Personal Data shall be processed solely for purposes that are legitimate, specified, and explicit, and shall not be further processed in a manner that is incompatible with those purposes, which may include but shall not be limited to the following:

(a) To facilitate the execution of contractual obligations entered into by the User, including but not limited to the purchase of goods or services through the Website;
(b) To comply with legal obligations imposed by national or supranational regulatory frameworks;
(c) To pursue the legitimate interests of the Data Controller or third parties, provided such interests are not overridden by the interests or fundamental rights and freedoms of the data subject;
(d) To obtain and document freely given, specific, informed, and unambiguous consent from the User, where such consent is required by law, for the purpose of marketing communications or behavioral analytics.

4.2. Where consent is the basis for processing, it shall be recorded and retained in a durable medium, and may be withdrawn by the data subject at any time without prejudice to the lawfulness of processing based on consent before its withdrawal.

​

5. METHODS AND MODALITIES OF DATA COLLECTION

5.1. Personal Data may be collected through direct means, such as completion of forms or submission of inquiries via the Website, or through automated means, such as the deployment of cookies, analytics scripts, or server logs, which may record metadata and behavioral patterns during navigation sessions.

5.2. All such methods shall be implemented in accordance with recognized industry standards, technical safeguards, and procedural controls intended to ensure the integrity, availability, and confidentiality of the data collected, while minimizing risk and exposure to unauthorized access or unintended disclosure.

​

6. DATA TRANSFERS TO THIRD PARTIES AND INTERNATIONAL DESTINATIONS

6.1. Personal Data may, to the extent strictly necessary for the fulfillment of legitimate purposes, be disclosed to third-party recipients, including but not limited to payment processors, logistics providers, IT service vendors, legal advisors, or competent regulatory bodies, all of whom shall be bound by contractual obligations to maintain confidentiality and implement appropriate technical and organizational measures.

6.2. Where Personal Data is transferred to jurisdictions outside the European Economic Area (EEA) or similar legally protected zones, such transfers shall be effected only where an adequate level of protection is ensured by means of adequacy decisions, standard contractual clauses approved by the European Commission, binding corporate rules, or other recognized transfer mechanisms under applicable data protection laws.

​

7. DATA RETENTION DURATION

7.1. Personal Data shall not be retained in a form that permits identification of the data subject for any period longer than is necessary for the purposes for which the Personal Data was collected or otherwise processed, except where longer retention periods are mandated or authorized by law, such as for accounting, tax, or legal compliance purposes.

​

8. SECURITY OF PROCESSING

8.1. The Data Controller shall implement appropriate technical and organizational measures, taking into account the nature, scope, context, and purposes of processing, as well as the risks to the rights and freedoms of natural persons, in order to ensure a level of security appropriate to the risk, including, where appropriate, measures such as encryption, access control, anonymization, audit logging, and incident response protocols.

​

9. RIGHTS OF DATA SUBJECTS

9.1. Pursuant to applicable data protection laws, the User is entitled to exercise, with respect to their Personal Data, the following rights:

(a) The right to request access to and obtain a copy of their Personal Data;
(b) The right to rectification of inaccurate or incomplete Personal Data;
(c) The right to erasure (right to be forgotten), subject to conditions;
(d) The right to restrict processing under certain circumstances;
(e) The right to data portability;
(f) The right to object to processing based on legitimate interest or direct marketing;
(g) The right to lodge a complaint with a supervisory authority.

9.2. Any request to exercise the aforementioned rights shall be submitted to the Data Controller using the contact information provided in Section 10 below and shall be responded to within a period not exceeding thirty (30) calendar days, subject to any extension permissible under applicable law.

​

10. CONTACT INFORMATION

10.1. For any inquiries, requests, or communications concerning this Policy or the exercise of data subject rights, the Data Controller may be contacted at the following address:

Spacebar Computer Shop
Email: privacy@thespacebar.shop

​

11. MODIFICATIONS TO THIS POLICY

11.1. This Privacy Policy may be amended, modified, updated, or supplemented at any time, with or without prior notice, in order to reflect changes in legal requirements, technological advancements, or business practices, and any such revised version shall be published on the Website and shall become effective as of the date of such publication.