Privacy Policy

Privacy Policy

Last updated: February 2026

This Privacy Policy describes how your personal information is collected, used, and shared when you visit or make a purchase from whiletruegeek.com (“Site”).

1. Data Controller

The data controller responsible for your personal data is:

Evgenii Gerasimov (Individual Entrepreneur)
NIF: 319321827
Address: Rua Bartolomeu Perestrelo 59, Edifício Varandas da Falésia, Bloco A, 3°A, 9125-025 Caniço, Portugal
Email: contact@whiletruegeek.com
Contact form: https://whiletruegeek.com/contact

2. What Personal Data We Collect

2.1 Data you provide directly

When you make a purchase or contact us, we may collect:

  • Full name
  • Email address
  • Billing and shipping address
  • Phone number (optional)
  • Order and transaction details
  • Any information you include in messages to us

2.2 Data collected automatically

When you visit the Site, we may collect:

  • IP address
  • Browser type and version
  • Pages visited and time spent
  • Referring website
  • Device information

This data is collected through cookies and server logs. See Section 6 for cookie details.

2.3 Payment data

Payment information (such as card details) is processed securely by our payment provider WooPayments (powered by Stripe). We do not store your card details on our servers.

3. Legal Basis for Processing (GDPR Art. 6)

We process your personal data based on the following legal grounds:

  • Performance of a contract (Art. 6(1)(b)): To process your order, handle payment, arrange delivery, and provide customer support.
  • Legal obligation (Art. 6(1)(c)): To comply with tax, accounting, and other legal requirements (e.g., invoice retention).
  • Legitimate interest (Art. 6(1)(f)): To improve our website, prevent fraud, and ensure security.
  • Consent (Art. 6(1)(a)): For optional cookies and marketing communications, where applicable. You may withdraw consent at any time.

4. How We Use Your Data

We use the collected data to:

  • Fulfill and ship your orders
  • Process payments
  • Communicate with you about your order or support requests
  • Comply with legal obligations (tax records, invoicing)
  • Improve our website and services
  • Send promotional emails (only with your explicit consent)

5. Who We Share Your Data With

We share your personal data only when necessary to fulfill orders and operate our business:

  • WooPayments / Stripe — payment processing
  • Printful — order fulfillment (printing and shipping). Printful receives your name and shipping address to deliver your order.
  • Hostinger — website hosting

We do not sell your personal data to third parties.

6. Cookies

We use cookies for:

  • Essential cookies — required for the site to function (cart, session, login)
  • Functional cookies — remember your preferences

When you first visit our site, you will be asked to consent to non-essential cookies via a banner. You can manage or withdraw your cookie preferences at any time through your browser settings or our cookie banner.

7. Your Rights Under GDPR

As a resident of the European Union, you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — correct inaccurate or incomplete data
  • Erasure (“right to be forgotten”) — request deletion of your data
  • Restriction — request we limit how we process your data
  • Data portability — receive your data in a structured, machine-readable format
  • Object — object to processing based on legitimate interest
  • Withdraw consent — where processing is based on consent, withdraw it at any time

To exercise any of these rights, contact us at contact@whiletruegeek.com or via our contact form. We will respond within 30 days.

You also have the right to lodge a complaint with your local data protection authority. In Portugal, this is the Comissão Nacional de Proteção de Dados (CNPD)www.cnpd.pt.

8. Data Retention

We retain your data as follows:

  • Completed orders: 5 years (Portuguese tax/accounting obligations)
  • Inactive user accounts: 12 months, then deleted
  • Pending/failed/cancelled orders: 1 month
  • Support correspondence: 24 months

You may request earlier deletion by contacting us (subject to legal retention obligations).

9. Data Security

We take appropriate measures to protect your personal data:

  • SSL/TLS encryption (HTTPS) on all pages
  • Regular software and plugin updates
  • Secure access controls for admin areas
  • Payment processing handled by PCI-DSS compliant providers

10. International Transfers

Your data may be transferred to service providers outside the EEA (e.g., Stripe in the US). Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or adequacy decisions.

11. Age Restriction

This site is not intended for individuals under the age of 16. We do not knowingly collect data from anyone under 16.

12. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. The “last updated” date at the top will be revised accordingly.

13. Contact

For questions about this Privacy Policy or to exercise your data rights:

Email: contact@whiletruegeek.com
Contact form: https://whiletruegeek.com/contact