Privacy Policy

Last updated: June 2026

1. Introduction

Welcome to The Card Acropolis (“we”, “our”, “us”). We operate an online trading card game (TCG) accessories webshop based in the Netherlands, serving customers across the European Economic Area (EEA).

We are committed to protecting your personal data and respecting your privacy in compliance with the General Data Protection Regulation (GDPR) and applicable Dutch data protection laws.

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website or make a purchase.

2. Data Controller

The data controller responsible for your personal data is:

The Card Acropolis
3281 RH, Numansdorp
Netherlands
Email: thecardacropolis@gmail.com
KvK Number: 98319116
VAT Number: NL209933148B02

3. Personal Data We Collect

a. Information you provide directly:

·         Full name

·         Billing and shipping address

·         Email address

·         Phone number

·         Account login details (if you create an account)

·         Payment details (processed securely via third-party providers)

b. Automatically collected data:

·         IP address

·         Browser type and version

·         Device type and operating system

·         Website usage data (pages visited, time spent, clicks)

·         Cookies and tracking technologies

c. Order and customer data:

·         Order history

·         Preferences and interests (e.g., TCG product categories)

·         Customer service communications

4. Legal Bases for Processing

We process your personal data under the following legal grounds:

·         Performance of a contract: To process and deliver your orders

·         Legal obligation: For accounting, tax, and regulatory compliance

·         Legitimate interests: To improve our services, prevent fraud, and secure our platform

·         Consent: For marketing communications and non-essential cookies

5. How We Use Your Data

We use your personal data to:

·         Process, fulfill, and deliver your orders across Europe

·         Manage your account and provide customer support

·         Send order confirmations, invoices, and shipping updates

·         Improve our website, products, and services

·         Detect and prevent fraud or misuse

·         Comply with legal obligations

·         Send marketing communications (only if you have opted in)

6. Sharing Your Data

We share your personal data only when necessary with trusted third parties:

·         Payment providers (e.g., iDEAL, PayPal, Stripe)

·         Shipping and logistics companies (e.g., PostNL, DHL, UPS)

·         IT service providers (hosting, website maintenance, analytics tools)

·         Marketing service providers (email platforms, advertising tools)

·         Authorities when required by law

All third parties are contractually obligated to process your data in compliance with GDPR.

7. International Data Transfers

As we operate within Europe, your data is primarily processed within the EEA.

If personal data is transferred outside the EEA, we ensure appropriate safeguards are in place, such as:

·         European Commission-approved Standard Contractual Clauses (SCCs)

·         Transfers to countries with an adequacy decision

8. Data Retention

We retain your personal data only as long as necessary:

·         Order and financial data: up to 7 years (Dutch tax requirements)

·         Account data: until you delete your account

·         Marketing data: until you withdraw consent

·         Customer service data: as long as necessary to resolve inquiries

9. Your Rights (GDPR)

As a resident of the EEA, you have the following rights:

·         Right of access

·         Right to rectification

·         Right to erasure (“right to be forgotten”)

·         Right to restrict processing

·         Right to data portability

·         Right to object to processing

·         Right to withdraw consent at any time

To exercise your rights, contact us at thecardacropolis@gmail.com

You also have the right to lodge a complaint with your local supervisory authority or with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

10. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience.

Types of cookies:

·         Essential cookies: Required for website functionality

·         Analytics cookies: To understand and improve website usage

·         Marketing cookies: To provide personalized ads (only with your consent)

You can manage your cookie preferences via our cookie banner or browser settings.

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

·         SSL/TLS encryption

·         Secure payment processing

·         Access control and authentication measures

·         Regular security monitoring

12. Third-Party Links

Our website may contain links to external websites. We are not responsible for their privacy practices. We encourage you to review their privacy policies.

13. Children’s Privacy

Our webshop is not intended for individuals under the age of 18. We do not knowingly collect personal data from children without parental consent.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated “Last updated” date.

15. Contact Information

If you have any questions about this Privacy Policy or how we handle your data, please contact us.