Privacy policy

Last updated: 24th of February, 2026

1. Introduction

This Privacy Policy describes how Calm System ("we", "us", or "our") collects, uses, and protects your personal data when you visit or make a purchase from our website.

We process personal data in accordance with the General Data Protection Regulation (GDPR) and applicable EU data protection laws.

2. Data We Collect

When you visit or make a purchase from our store, we may collect the following personal data:

  • Name

  • Billing and shipping address

  • Email address

  • Phone number

  • Payment details (processed securely via third-party providers)

  • IP address

  • Device and browser information

  • Order history

  • Communication records

We collect this information when you:

  • Place an order

  • Create an account

  • Subscribe to our newsletter

  • Contact customer support

  • Browse our website

3. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

  • Performance of a contract (to process and deliver your orders)

  • Legal obligation (tax and accounting requirements)

  • Legitimate interest (fraud prevention, business improvement)

  • Consent (marketing emails and cookies where required)

4. How We Use Your Data

We use your data to:

  • Process and fulfill orders

  • Provide customer support

  • Send order confirmations and updates

  • Prevent fraud and ensure store security

  • Improve our website and services

  • Send marketing communications (only if you opt in)

You may withdraw marketing consent at any time.

5. Payment Information

Payments are processed securely by third-party payment providers. We do not store full payment card details on our servers.

6. Data Sharing

We may share your data with:

  • Payment processors

  • Shipping and logistics partners

  • IT and hosting providers

  • Legal or regulatory authorities (if required by law)

All third parties are required to protect your data in accordance with applicable data protection laws.

7. International Data Transfers

Some of our service providers may process data outside the European Economic Area (EEA). In such cases, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

8. Data Retention

We retain personal data only as long as necessary to:

  • Fulfill contractual obligations

  • Comply with legal requirements

  • Resolve disputes

When no longer required, your data will be securely deleted.

9. Your Rights Under GDPR

As an EU resident, you have the right to:

  • Access your personal data

  • Correct inaccurate data

  • Request deletion ("Right to be Forgotten")

  • Restrict processing

  • Object to processing

  • Data portability

  • Withdraw consent at any time

  • Lodge a complaint with your local data protection authority

10. Cookies

Our website uses cookies and similar technologies to:

  • Ensure proper website functionality

  • Analyze website traffic

  • Personalize content and advertising

You can manage cookie preferences via your browser settings. Where legally required, we request your consent before placing non-essential cookies.

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, misuse, or alteration.

12. Changes to This Policy

We reserve the right to update this Privacy Policy at any time. Changes will be posted on this page.