Privacy policy

Last updated: May 20, 2026

This Privacy Policy explains how Nostalar collects, uses, stores, shares and protects personal data when you visit our website, place an order, create a customer account, contact us, subscribe to marketing communications, or otherwise interact with our online store at https://nostalar.com.

1. Controller

The controller responsible for the processing of your personal data is:

Philipp Schiemer
Sole proprietor
Schwarzen 993
6861 Alberschwende
Austria

Email: info@nostalar.com
Phone: +43 677 61646797

For questions about this Privacy Policy or to exercise your data protection rights, please contact us at info@nostalar.com.

2. What personal data we process

Depending on how you interact with our store, we may process the following categories of personal data:

2.1 Contact and order data

This may include:

- first and last name;
- billing address;
- shipping address;
- email address;
- phone number;
- order number;
- products ordered;
- size, color and product variant;
- order value;
- shipping method;
- delivery status;
- return, refund or cancellation information.

2.2 Account data

If you create a customer account, we may process:

- account login details;
- account preferences;
- order history;
- saved addresses;
- customer account activity.

2.3 Payment and transaction data

Payments are processed by external payment providers. Depending on the payment method selected at checkout, payment-related data may be processed by providers such as Shopify Payments, Shop Pay, PayPal, Klarna, Apple Pay, Google Pay, card networks, banks or other payment service providers.

We do not directly store full credit card numbers. We may receive payment status, transaction confirmations, partial payment details, fraud prevention information and refund information.

2.4 Communication data

If you contact us, we may process:

- your email address;
- your name;
- the content of your message;
- attachments or images you send to us;
- customer support history;
- information needed to respond to your request.

2.5 Technical and usage data

When you visit our website, we may process technical information such as:

- IP address;
- device type;
- browser type;
- operating system;
- language settings;
- approximate location based on IP address;
- pages visited;
- products viewed;
- items added to cart;
- referring website;
- date and time of visit;
- cookie and consent preferences.

2.6 Marketing data

If you subscribe to marketing communications or interact with advertising features, we may process:

- email address;
- marketing consent status;
- unsubscribe status;
- interactions with marketing emails;
- products viewed or purchased;
- advertising or cookie preferences.

We only send direct marketing emails where permitted by law, for example where you have subscribed or where another legal basis applies. You can unsubscribe from marketing emails at any time.

2.7 Data for returns, complaints and legal claims

For returns, withdrawal requests, refunds, complaints, defective products or legal claims, we may process:

- order details;
- return request details;
- photos of damaged, defective or incorrect items;
- communication history;
- refund status;
- shipping and tracking information;
- information needed to handle legal obligations or claims.

3. Sources of personal data

We collect personal data from the following sources:

- directly from you, for example when you place an order, create an account or contact us;
- automatically when you use our website, for example through cookies and similar technologies;
- from Shopify and other technical service providers operating our store;
- from payment providers, shipping providers and fulfillment partners;
- from marketing, analytics or customer support tools, where used and permitted by law.

4. Why we process your personal data

We process personal data for the following purposes:

4.1 To operate the online store

We process data to provide the website, shopping cart, checkout, customer account, payment process and order management.

4.2 To process and fulfill orders

We process data to accept orders, process payments, produce products, arrange shipping, provide tracking, handle returns, refunds and withdrawal requests, and provide customer support.

4.3 To communicate with you

We process data to send order confirmations, shipping updates, customer service replies, return instructions, refund notifications and other service-related messages.

4.4 To comply with legal obligations

We process data to comply with tax, accounting, consumer protection, e-commerce, customs, legal retention and other statutory obligations.

4.5 To prevent fraud and secure our store

We process data to detect and prevent fraud, misuse, unauthorized access, chargebacks, security incidents and other harmful activity.

4.6 To improve our store and services

We process data to understand how customers use our store, improve product pages, checkout, customer service, website performance and user experience.

4.7 To send marketing communications

If you subscribe or where otherwise permitted by law, we may use your data to send marketing emails, product updates or promotional messages.

4.8 To show or measure advertising

Where enabled and permitted by law, we may use cookies, pixels or similar technologies to measure advertising performance or show more relevant advertising. Non-essential cookies and similar technologies are only used with consent where required by applicable law.

5. Legal bases for processing

For individuals located in the European Economic Area, the United Kingdom or Switzerland, we process personal data on one or more of the following legal bases:

5.1 Performance of a contract

We process personal data where necessary to enter into or perform a contract with you, including:

- processing your order;
- taking payment;
- producing and shipping products;
- providing order confirmations and shipping updates;
- handling returns, refunds and withdrawal requests;
- providing customer support related to your order.

5.2 Legal obligation

We process personal data where necessary to comply with legal obligations, including:

- tax and accounting obligations;
- invoice and record retention obligations;
- consumer protection obligations;
- legal requests by authorities;
- handling statutory warranty, withdrawal and complaint rights.

5.3 Consent

We process personal data based on your consent where required, including for:

- non-essential cookies;
- certain analytics or advertising technologies;
- marketing emails, where consent is required;
- any other processing for which we ask your consent.

You may withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before withdrawal.

5.4 Legitimate interests

We may process personal data where necessary for our legitimate interests, provided that your rights and freedoms do not override those interests. These interests may include:

- operating and improving our store;
- responding to customer inquiries;
- preventing fraud and securing our website;
- documenting business communications;
- establishing, exercising or defending legal claims;
- understanding general customer behavior and store performance;
- protecting our business, customers and service providers.

6. Shopify

Our online store is powered by Shopify.

Shopify provides the technical platform, hosting, checkout, customer account functionality, order management, analytics, security and related services that allow us to operate the store.

Personal data you provide through our store may be processed by Shopify in order to provide these services to us and to you. Shopify may also process certain personal data as an independent controller for specific services, such as Shop, Shop Pay or other Shopify features, depending on how you interact with those services.

You can find more information about Shopify’s privacy practices here:

https://www.shopify.com/legal/privacy

You can also access Shopify’s consumer privacy information here:

https://privacy.shopify.com/en

7. Printful

We use Printful as our print-on-demand fulfillment and logistics provider.

When you place an order, we may share the personal data necessary to produce and ship your T-shirt with Printful. This may include:

- your name;
- shipping address;
- email address;
- phone number, where needed for shipping;
- order details;
- product details;
- shipping method;
- tracking information;
- information needed to handle damaged, defective or incorrect items.

Printful processes this data to produce, package and ship the ordered products, provide fulfillment services, process returns or claims where applicable, and perform related operational services.

You can find more information about Printful’s privacy practices here:

https://www.printful.com/policies/privacy

8. Payment providers

Depending on the payment method selected at checkout, your payment data may be processed by external payment providers, banks, card networks and payment platforms.

These providers may process your data as independent controllers or as processors, depending on the payment method and the applicable legal relationship.

Payment providers may use your data to:

- process payments;
- authenticate transactions;
- prevent fraud;
- handle chargebacks;
- process refunds;
- comply with legal and regulatory obligations.

Please also review the privacy notices of the payment provider you choose at checkout.

9. Shipping providers and carriers

To deliver your order, personal data may be shared with shipping providers, postal services, carriers, customs service providers or logistics partners.

This may include:

- name;
- shipping address;
- email address;
- phone number;
- tracking number;
- customs information, where required;
- delivery instructions.

For international shipments, customs authorities or carriers may require additional information depending on the destination country.

10. Other service providers

We may share personal data with trusted service providers where necessary to operate our business, including providers for:

- website hosting and infrastructure;
- IT security;
- customer support;
- email communication;
- payment processing;
- fraud prevention;
- analytics;
- advertising, where enabled;
- tax, accounting and legal services.

We only share personal data to the extent necessary for the relevant purpose and, where required, we use appropriate data processing agreements.

11. Cookies and similar technologies

Our website uses cookies and similar technologies.

Cookies may be used for different purposes:

11.1 Strictly necessary cookies

These cookies are required for the website to function. They enable features such as shopping cart, checkout, customer login, security and fraud prevention.

These cookies cannot usually be disabled through our website because the store would not work properly without them.

11.2 Analytics and performance cookies

These cookies help us understand how visitors use our website, which pages are visited, how the store performs and how we can improve the customer experience.

Where required by law, we use these cookies only with your consent.

11.3 Marketing and advertising cookies

These cookies may be used to measure advertising performance, personalize advertising or show relevant offers.

Where required by law, we use these cookies only with your consent.

11.4 Managing cookie preferences

You can manage your cookie preferences through our cookie banner or privacy settings on the website, where available. You can also adjust cookie settings in your browser.

Blocking or deleting cookies may affect some website functions.

12. Marketing communications

If you subscribe to marketing emails, we may use your email address and related information to send you product news, promotions, updates or other marketing messages.

You can unsubscribe at any time by using the unsubscribe link in the email or by contacting us at info@nostalar.com.

Even if you unsubscribe from marketing communications, we may still send you non-marketing service messages, such as order confirmations, shipping updates, refund notifications or legally required information.

13. Targeted advertising and privacy choices

We do not sell personal data for money.

Depending on your location and the technologies used in our store, certain disclosures of personal data for advertising or analytics may be considered a “sale”, “sharing” or “targeted advertising” under some privacy laws.

Where required by law, you may have the right to opt out of such processing. You can manage your choices through our cookie banner, privacy settings, data sharing opt-out page where available, or by contacting us at info@nostalar.com.

14. International data transfers

We are located in Austria. However, some of our service providers, including Shopify, Printful, payment providers, logistics providers and technical service providers, may process personal data in countries outside your country of residence, including countries outside the European Economic Area and the United Kingdom.

Where personal data is transferred internationally, we rely on appropriate safeguards where required by law. These may include:

- adequacy decisions;
- standard contractual clauses;
- data processing agreements;
- other lawful transfer mechanisms under applicable data protection laws.

15. Data retention

We keep personal data only for as long as necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

In particular:

- order and invoice data are generally retained for the statutory tax and accounting retention period;
- customer account data is retained while the account exists, unless deletion is requested and no legal retention obligation applies;
- customer support communications are retained for as long as necessary to handle the request and to document the matter;
- marketing data is retained until you unsubscribe or withdraw consent, unless retention is necessary to document consent or comply with legal obligations;
- cookie and analytics data are retained according to the settings of the relevant tools and applicable consent settings;
- data relevant to legal claims may be retained for as long as necessary to establish, exercise or defend legal claims.

If we no longer need personal data, we will delete it or anonymize it, unless legal obligations require further retention.

16. Requirement to provide personal data

Some personal data is necessary to place and fulfill an order.

If you do not provide the required order, payment or shipping data, we may not be able to:

- process your order;
- accept payment;
- produce and ship your product;
- provide customer support;
- handle returns, refunds or complaints.

Providing data for marketing communications or non-essential cookies is voluntary.

17. Your rights

Depending on where you live and subject to applicable legal conditions, you may have the following rights:

- right of access to your personal data;
- right to rectification of inaccurate personal data;
- right to erasure of your personal data;
- right to restriction of processing;
- right to data portability;
- right to object to processing based on legitimate interests;
- right to withdraw consent at any time;
- right to object to direct marketing;
- right not to be subject to certain automated decisions with legal or similarly significant effects;
- right to lodge a complaint with a data protection authority.

To exercise your rights, contact us at:

info@nostalar.com

We may need to verify your identity before processing your request.

18. Rights for customers in Canada

If you are located in Canada, you may have the right to request access to personal information we hold about you and to request correction of inaccurate or incomplete information, subject to applicable law.

You may contact us at info@nostalar.com to exercise these rights.

19. Rights for customers in the United States

Depending on your state of residence and applicable law, you may have rights regarding your personal information, such as the right to access, correct, delete, receive a copy of, or opt out of certain uses of personal information.

You can contact us at info@nostalar.com to exercise applicable rights.

We will not discriminate against you for exercising privacy rights.

20. Automated decision-making

We do not use automated decision-making that produces legal effects or similarly significant effects concerning you.

Payment providers, Shopify or fraud prevention tools may use automated systems to detect fraud, secure transactions or prevent misuse of the store. These systems help protect customers, our store and payment providers.

21. Security

We implement appropriate technical and organizational security measures designed to protect your personal data against unauthorized access, loss, misuse, alteration, or disclosure.

Please be aware that while we strive to protect your data using industry-standard security practices, transmissions over the internet can never be guaranteed as absolutely secure, and we encourage you to use secure methods when communicating confidential information.

22. Children’s data

Our store is not directed to children.

We do not knowingly collect personal data from children under the age of majority in their jurisdiction. If you believe that a child has provided us with personal data, please contact us at info@nostalar.com so we can take appropriate action.

23. Third-party websites and services

Our website may contain links to third-party websites, platforms or services.

We are not responsible for the privacy practices, content or security of third-party websites. Please review the privacy policies of those third parties before providing them with personal data.

24. Complaints

If you have concerns about how we process your personal data, please contact us first at:

info@nostalar.com

If you are located in Austria or the European Economic Area, you may also lodge a complaint with your local data protection authority.

For Austria, the competent supervisory authority is: Österreichische Datenschutzbehörde, Barichgasse 40-42, 1030 Vienna, Austria. Email: dsb@dsb.gv.at. You can lodge a complaint directly via their official website at https://www.dsb.gv.at using their provided forms.

If you are located in the United Kingdom, you may have the right to complain to the UK Information Commissioner’s Office.

If you are located in Canada, you may have the right to contact the Office of the Privacy Commissioner of Canada or another applicable privacy authority.

25. Changes to this Privacy Policy

We may update this Privacy Policy from time to time, for example if our data processing practices, service providers, technologies, payment methods, fulfillment setup, legal obligations or Shopify settings change.

The updated version will be published on this website with a new “Last updated” date.

If required by law, we will provide additional notice or request renewed consent.