Privacy

When you provide information to us through www.golfalmar.com we respect your privacy and process your personal data in accordance with the EU General Data Protection Regulation (GDPR). This Privacy Policy explains what we collect, how we use it, who we share it with, and the rights you have over your data. Your use of the site is subject to this Privacy Policy and our Terms.

1. Who we are

GOLF AL MAR ("we", "us") operates the website and online shop at www.golfalmar.com. For GDPR purposes we are the data controller of any personal data collected through the site. For questions about this policy or to exercise your rights, contact hello@golfalmar.com.

2. Information you provide to us

We collect personal data when you:

• Place an order. To process and ship an order we collect your name, email address, shipping and billing address, phone number (where required by the carrier), and the contents of your order. Payment card data is collected and processed by Stripe — we never see or store your card number.
• Subscribe to our newsletter. To send you new journal posts and your one-time welcome discount we collect your email address (and your name, if you provide one). You can unsubscribe at any time using the link in every email or by emailing us.
• Contact us by email. Anything you send to hello@golfalmar.com is stored so we can respond and follow up.

3. Information collected automatically

When you visit the site we collect a limited set of technical information needed to operate it and to understand aggregate traffic:

• Server access logs — IP address, request timestamp, requested URL, and browser user-agent. Kept briefly for security and abuse-prevention.
• Vercel Analytics — anonymous, aggregate page-view statistics. No advertising cookies are set and individual visitors are not tracked across sites.
• Strictly necessary storage— your shopping cart is held in your browser's local storage on your device. Stripe sets its own cookies on the checkout page for fraud prevention.

4. Legal bases for processing (GDPR Art. 6)

• Performance of a contract (Art. 6(1)(b)) — processing your order, sending order confirmations, fulfilling delivery.
• Consent (Art. 6(1)(a)) — sending you our newsletter after you sign up.
• Legitimate interests (Art. 6(1)(f)) — operating and securing the website, preventing fraud, responding to enquiries.
• Legal obligation (Art. 6(1)(c)) — retaining invoice records for the period required by tax law.

5. How long we keep your data

• Order records and invoices — for the period required by applicable tax and commercial law (typically 7–10 years in the EU).
• Newsletter subscriber records — until you unsubscribe, then removed from our active list.
• Contact emails — for as long as needed to handle your enquiry, then archived briefly or deleted.
• Server logs and analytics — short rolling windows.

6. Who we share your data with

We use a small set of vetted processors that help us run the shop. Each is bound by a data-processing agreement and may only use your data on our instructions.

• Stripe Payments Europe — processes card payments and stores card details on its own PCI-DSS-compliant systems. stripe.com/privacy
• Resend — sends transactional and newsletter emails on our behalf. resend.com/legal/privacy-policy
• Vercel Inc. — hosts the website, stores uploaded journal images (Vercel Blob), and provides Vercel Analytics. vercel.com/legal/privacy-policy
• MongoDB Atlas — database storing orders, journal posts, and newsletter subscribers. mongodb.com/legal/privacy-policy

We do not sell or rent your personal data, and we do not share it for advertising purposes. Where a legitimate legal request requires it, we may disclose data as required by law.

7. International transfers

Some of our processors (notably Stripe, Resend, and Vercel) may transfer data to the United States. These transfers are protected by the EU–US Data Privacy Framework and/or Standard Contractual Clauses approved by the European Commission.

8. Cookies and similar technologies

We use only what is needed to operate the site. We do not use Google Analytics, Google Ads, the Facebook Pixel, or any cross-site advertising trackers. The technologies in use are:

• Local storage (your cart) — stores the items in your cart on your own device. Not sent to our servers.
• Stripe checkout cookies — set by Stripe on the checkout page for fraud prevention.
• Vercel Analytics — privacy-friendly, cookie-less analytics.

9. Your rights under GDPR

You have the right to:

• Access the personal data we hold about you.
• Rectification of any inaccurate data.
• Erasure of your data ("right to be forgotten").
• Restriction of processing in certain circumstances.
• Portability — receive your data in a machine-readable format.
• Object to processing based on our legitimate interests.
• Withdraw consent at any time (for example, by unsubscribing from the newsletter).
• Lodge a complaint with your local data-protection supervisory authority.

To exercise any of these rights, email hello@golfalmar.com. We respond within 30 days.

10. Security

We follow current best practices to protect your data: TLS encryption in transit, password-protected admin access, and processors selected for their security posture. No system is completely secure; if a personal-data breach affecting you occurs, we will notify the supervisory authority and (where required) you, in accordance with GDPR Art. 33–34.

11. Children

The site is not directed at children under 16. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

12. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be reflected by updating the "Last updated" date at the top of this page. Continued use of the site after a change constitutes acceptance of the updated policy.