Política de privacidad

DrakCards Last updated: September 13, 2025

DrakCards ("we," "us," or "our") operates the website www.drakcards.com (the "Site"), an e-commerce platform based in Germany specializing in the sale of Pokémon-related products, including graded cards, plush toys, figures, books, games, card accessories, and binders. We are committed to protecting your privacy and ensuring that your personal data is handled in a safe, transparent, and compliant manner.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our Site, make a purchase, or otherwise interact with us. It applies to all users, including those in the European Union (EU), European Economic Area (EEA), and internationally.

As a German-based business, we comply with the General Data Protection Regulation (GDPR) (EU) 2016/679, the German Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG), and other applicable EU data protection laws. For users outside the EU/EEA, we adhere to relevant international data protection laws, such as the California Consumer Privacy Act (CCPA) where applicable, to the extent they apply to our operations. If you are a resident of a specific jurisdiction with additional rights, those will be honored to the fullest extent possible.

By using our Site, you consent to the practices described in this Policy. If you do not agree, please do not use the Site. We may update this Policy periodically; changes will be posted here with the updated date. Continued use after changes constitutes acceptance.

 

1. Information We Collect

We collect personal data necessary to provide our services. This includes:

Personal Information You Provide

  • Contact Details: Name, email address, phone number (including WhatsApp).
  • Billing and Shipping Information: Address, city, postal code, country.
  • Payment Information: Payment card details, bank account information (processed securely via third-party providers; we do not store full card numbers).
  • Account Information: If you create an account, username, password, and purchase history.
  • Communication Data: Information from inquiries, support requests, or newsletters (e.g., preferences).

You provide this data when placing orders, subscribing to newsletters, contacting us via email (info@drakcards.com), phone (+49 176 32949109), or the Site's contact form, or participating in promotions.

Information Collected Automatically

  • Usage Data: IP address, browser type, device information, pages visited, time spent on pages, referral sources.
  • Cookies and Tracking Technologies: See Section 7 for details.

We do not knowingly collect sensitive personal data (e.g., health, racial, or political information). For minors under 16 (or the age of digital consent in your jurisdiction), we do not process data without verifiable parental consent. Pokémon products may appeal to younger users, but all purchases must be made by adults or with adult supervision.

 

2. How We Use Your Information

We process your data based on legal bases under GDPR/BDSG, including contract performance, legitimate interests, consent, and legal obligations. Purposes include:

  • Order Fulfillment: Processing purchases, managing payments (via Shopify, PayPal, credit/debit cards, bank transfers), shipping (via DHL or similar), and issuing invoices.
  • Customer Service: Responding to inquiries, handling returns/refunds, and resolving issues (e.g., out-of-stock: refund, voucher, or exchange).
  • Marketing: Sending newsletters or offers about Pokémon products (with consent; opt-out anytime).
  • Site Improvement: Analyzing usage to enhance functionality, prevent fraud, and personalize experiences.
  • Legal Compliance: Meeting tax, accounting, and regulatory requirements.

We accept payments in EUR (with automatic conversion to major currencies via Shopify). All orders are insured for loss/damage/theft.

 

3. Sharing Your Information

We share data only as necessary and with safeguards:

  • Service Providers: Shopify (hosting/payments), payment processors (PayPal, etc.), shipping carriers (DHL, FedEx), and email tools (for automated confirmations). These are data processors bound by data processing agreements (DPAs) ensuring GDPR compliance.
  • Marketing Partners: For consented newsletters (e.g., analytics tools).
  • Business Transfers: In mergers or asset sales.
  • Legal Requirements: To authorities if required by law.

We do not sell your data. For shipping labels, providers access address data only.

 

4. International Data Transfers

As a German business using global services, data may transfer outside the EEA (e.g., to the US via Shopify or Google Analytics). We ensure adequacy via:

  • Standard Contractual Clauses (SCCs) or Binding Corporate Rules.
  • Shopify's and Google's GDPR-compliant frameworks.

For non-EEA users, transfers comply with local laws (e.g., CCPA restrictions on sales). You have rights regarding transfers under applicable law.

 

5. Data Retention

We retain data only as long as needed:

  • Order data: 10 years for tax/accounting (per BDSG/German Commercial Code).
  • Marketing data: Until opt-out or 2 years inactivity.
  • Usage data: 26 months (Google Analytics default).

Data is securely deleted or anonymized thereafter.

 

6. Your Data Protection Rights

Under GDPR/BDSG (for EU/EEA users) and equivalent laws:

  • Access: Request a copy of your data.
  • Rectification: Correct inaccuracies.
  • Erasure ("Right to be Forgotten"): Delete data (subject to legal retention).
  • Restriction: Limit processing in disputes.
  • Portability: Receive data in machine-readable format.
  • Objection: Oppose processing for marketing or legitimate interests.
  • Withdraw Consent: At any time (without affecting prior processing).

To exercise rights, contact us at info@drakcards.com. We respond within one month (extendable). For verification, provide details. EEA users may complain to the Bavarian State Office for Data Protection Supervision (if applicable) or your local authority. Non-EEA users: See CCPA rights (e.g., opt-out of sales) via the same contact. No fee unless requests are excessive.

We use manual processing via Shopify dashboard; a privacy app may be added for automated requests.

 

7. Cookies and Tracking

We use cookies for essential functions (e.g., cart management), analytics (Google Analytics), and marketing (e.g., Facebook Pixel).

Type

Purpose

Examples

Management

Essential

Site operation

Session cookies

Browser settings

Analytics

Usage insights

Google Analytics

Opt-out via tools

Marketing

Targeted ads

Facebook Pixel

Consent banner/opt-out

Our Site uses a cookie consent banner for non-essential cookies. You can manage via browser (e.g., delete cookies) or allaboutcookies.org. Disabling may limit functionality.

 

8. Data Security

We implement reasonable technical (e.g., encryption, firewalls) and organizational measures (e.g., access controls) to protect data. However, no system is infallible; we cannot guarantee absolute security against breaches. In case of a breach, we notify affected users and authorities per GDPR (within 72 hours).

 

9. Third-Party Links

Our Site may link to third-party sites (e.g., PayPal). We are not responsible for their privacy practices; review theirs.

 

10. Changes to This Policy

We may update this Policy for legal or operational reasons. Check periodically. Material changes will be notified via email or Site notice.

 

11. Contact Us

For questions, rights requests, or concerns:

  • Email: info@drakcards.com
  • Phone/WhatsApp: +49 176 32949109
  • Address: Pedro Cunha, Postnummer: 1048551885, Packstation 174, 47804 Krefeld

DrakCards is the data controller. For GDPR inquiries, contact our representative at the above.

This Policy ensures full compliance and minimizes liability. Consult legal counsel for specifics.