Privacy Policy
Last updated: 29 April 2026
Where are those cookie consent pop-ups?
We do not show a site-wide cookie consent banner on this shop because we keep tracking narrow and first-party:
- We do not use third-party advertising or cross-site tracking cookies.
- Website analytics runs on our own infrastructure (Matomo) to understand how the site is used and to help keep it secure — not for unrelated purposes.
- Visitors are not tracked across other websites for advertising.
- With our recommended Matomo settings, analytics is not used to build a long-term profile of you across visits on this site.
Essential cookies still apply for the shop to work (for example session, cart, checkout, and sign-in). You can limit or delete cookies in your browser, and you can opt out of Matomo analytics on this page (see below).
1. Data Controller
The data controller for personal data collected through cyberpunks.shop is:
Pinout LTD
Registered address: Evripidou 12A, Agia Zoni, 3031, Limassol, Cyprus
Company registration number: HE 446523
VAT number: CY60011163K
Contact email: r2d2@cyberpunks.shop
For any questions about this Policy or your personal data, contact us at the email above.
2. What Personal Data We Collect
We collect personal data in the following categories:
2.1 Account and contact data
- Full name
- Email address
- Postal address (billing and shipping)
- Phone number (if provided)
2.2 Order and transaction data
- Products purchased
- Order history and dates
- Payment metadata (transaction ID, last four digits of card, payment method) — full card details are processed by our payment provider and not stored by us
2.3 Communication data
- Email correspondence with customer support
- Messages and feedback you send through the Site
2.4 Technical data and usage data
To run our website smoothly and make it easier to use, a small amount of anonymised information may be processed automatically when you interact with us. Depending on what you do on the site, that may include:
-
Browsing the website (catalogue, search, and filters)
When you browse our store, our systems process basic technical signals needed to display pages correctly (for example device/browser information in a general form), keep your session stable, and remember simple choices such as language or currency where applicable. If you use on-site search or filters, we may process the search terms and selections you enter on our website to show relevant results.
-
Customer account (registration and sign-in)
If you create a customer account, we store the account details you provide (such as name, email address, and password) and information you add to your profile (for example saved addresses). Your account may also show your order history and related details needed to operate the account features.
-
Guest checkout and logged-in checkout
You may place an order as a guest or while signed in. In both cases we process the checkout details required to complete the purchase (such as contact details, billing/shipping address, and delivery preferences). Guest orders are still stored as orders in our systems even if you do not create an account.
-
Orders, invoices, and legal / tax records
We process information related to your purchase, including items purchased, prices, taxes where applicable, payment status, shipping status, and communications needed to manage the order. We retain certain order records where required for accounting, tax, dispute resolution, and legal compliance.
-
Payments
Payment details are typically collected and processed by payment service providers (PSPs) according to their terms. Depending on the payment method and integration, we may receive limited payment-related information from the provider (for example payment status, transaction reference, or a tokenised identifier), but we do not intend to store full card details on our servers.
-
Delivery and logistics
To ship your order, we process delivery information (such as recipient name, phone number, and delivery address) and share the minimum necessary details with carriers / fulfilment partners involved in delivery.
-
Customer support (email, forms, and order-related messages)
When you contact us for help, returns, or disputes, we process the information you send (including message content and attachments if you provide them) and relevant order context so we can respond and resolve the issue.
-
Transactional emails (non-marketing)
We may send operational messages related to your account or order (for example order confirmation, status updates, password reset, or important service notices). These messages are generally not marketing, unless clearly labelled otherwise and based on the appropriate legal basis/consent where required.
-
Website analytics and security (first-party Matomo, no third-party analytics sharing)
We may process usage information such as pages viewed, referrer information, visit timing, and an anonymised IP address, using privacy-friendly analytics (for example Matomo) hosted under our control. We use this to improve the site and help detect misuse. We do not use this analytics setup for cross-site advertising profiling.
-
First-party cookies and similar technologies (no third-party advertising / tracking cookies)
We use cookies and similar technologies needed for core shop functionality (for example keeping your session, cart, and essential preferences working) and, where applicable, for analytics as described above. You can control cookies through your browser settings and via the Matomo opt-out on this page if available.
2.5 Marketing data
- Newsletter subscription status
- Email open and click activity (if you have consented to marketing emails)
3. How We Collect Personal Data
Directly from you: when you create an account, place an order, contact support, or subscribe to communications.
Automatically: through cookies and similar technologies when you use the Site (see Section 2.4).
From third parties: payment processors, shipping carriers, and analytics providers, in connection with services they perform for us.
4. Why We Process Your Data and Legal Basis
We process personal data for the purposes below, on the following legal bases under GDPR Article 6. This reflects how our shop runs in practice: orders and support on contract and legal duty, marketing only with consent, analytics and security on legitimate interest with privacy-friendly Matomo (first-party, no third-party advertising or tracking cookies, opt-out on this page) — not as a basis for a site-wide cookie consent banner for that analytics setup.
| Purpose | Legal basis |
|---|---|
| Processing your order and delivering products | Contract performance (Art. 6(1)(b)) |
| Providing customer support | Contract performance / legitimate interest (Art. 6(1)(b), (f)) |
| Issuing invoices and meeting tax obligations | Legal obligation (Art. 6(1)(c)) |
| Preventing fraud and securing the site | Legitimate interest (Art. 6(1)(f)) |
| Sending marketing emails | Consent (Art. 6(1)(a)) |
| Website analytics and site improvement (including security and misuse detection) | Legitimate interest (Art. 6(1)(f)) |
| Responding to legal requests | Legal obligation (Art. 6(1)(c)) |
Consent (marketing). Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.
Analytics and similar technologies. Where we rely on legitimate interest for analytics and security, you may object to that processing and use the Matomo opt-out on this page (where available), in addition to your browser cookie controls. We do not use this analytics setup for cross-site advertising or profiling.
5. Who We Share Your Data With
We share personal data only with parties that need it to deliver our services, and only to the extent necessary:
- Payment processors — to process payments securely
- Shipping carriers — to deliver your Products
- Cloud and hosting providers — to operate the Site and store data
- Email and customer support tools — to communicate with you and handle support requests
- Tax and accounting professionals — for legal compliance
- Legal authorities — where required by law
Website analytics. We use Matomo on our own infrastructure to understand how the Site is used and to help keep it secure. We do not share analytics data with third-party advertising or analytics platforms for their own purposes.
All processors are bound by data processing agreements and obligations of confidentiality. We do not sell your personal data to third parties.
6. International Data Transfers
Some of our service providers may be located outside the European Economic Area. Where this is the case, transfers are protected by:
- European Commission adequacy decisions, or
- Standard Contractual Clauses (SCCs) approved by the European Commission, or
- Other lawful transfer mechanisms under GDPR Chapter V.
You can request a copy of the safeguards applied to a specific transfer by contacting us.
7. How Long We Keep Your Data
| Data category | Retention period |
|---|---|
| Account data | While your account is active, plus 12 months after closure |
| Order and invoice data | 7 years (Cyprus tax law) |
| Customer support communications | 3 years from last contact |
| Marketing consent and email activity | Until you withdraw consent, or after 3 years of inactivity |
| Website analytics data (Matomo) | As configured in our Matomo instance, typically up to 13 months |
| Server and security logs | Up to 12 months |
| Cookies and similar technologies | Essential shop cookies (for example session and cart): for the duration of your visit or as needed for core functionality; Matomo opt-out preference (if you use it): as set by that mechanism; we do not use long-term third-party advertising or tracking cookies (see Section 8) |
After the retention period, data is deleted or anonymised.
8. Cookies and Similar Technologies
The site uses first-party cookies and similar technologies for the following purposes:
- Strictly necessary cookies — required for the site to function (for example session, cart, checkout, and sign-in). These are not used for advertising or cross-site tracking.
- Analytics — we use Matomo on our own infrastructure to understand how the site is used and to help keep it secure. With our recommended settings, Matomo does not set analytics cookies; where a cookie is used only for an opt-out preference, it is limited to that purpose.
- Marketing cookies — we do not use third-party advertising or marketing tracking cookies on this site. Marketing emails are handled separately and only where you have given consent.
You can limit or delete cookies through your browser settings at any time. You can also use the Matomo opt-out on this page (where available). Refusing or removing non-essential cookies will not prevent you from using the site.
9. Your Rights Under GDPR
You have the following rights regarding your personal data:
- Access — request a copy of the personal data we hold about you
- Rectification — correct inaccurate or incomplete data
- Erasure (“right to be forgotten”) — request deletion of your data, subject to legal retention obligations
- Restriction — request that we limit how we process your data
- Portability — receive your data in a structured, machine-readable format and transfer it to another controller
- Objection — object to processing based on legitimate interest, including website analytics and security and direct marketing
- Withdraw consent — at any time, where processing is based on consent (for example marketing emails)
- Lodge a complaint — with the Cyprus supervisory authority (see Section 10)
How to exercise your rights. Email us at r2d2@cyberpunks.shop. We will respond within one month, as required by GDPR. For many requests we need enough information to verify your identity and locate your data (for example the email address used for your account or order). We can only fulfil requests relating to personal data we hold about you; we cannot provide, rectify, or delete data we store solely on behalf of others where the law does not allow it.
Analytics. Where we process website analytics on the basis of legitimate interest, you may object to that processing. You can also use the Matomo opt-out on this page (where available), in addition to your browser cookie controls.
Marketing. Where we send marketing emails based on consent, you may withdraw consent at any time (for example via the unsubscribe link in the email or by contacting us). Withdrawing consent does not affect the lawfulness of processing before withdrawal.
10. Right to Lodge a Complaint
If you believe we have not handled your personal data in accordance with the law, you have the right to lodge a complaint with the Cyprus supervisory authority:
Office of the Commissioner for Personal Data Protection
- Website: https://www.dataprotection.gov.cy
- Address: 1 Iasonos Street, 1082 Nicosia, Cyprus
- Email: commissioner@dataprotection.gov.cy
You may also lodge a complaint with the supervisory authority in your country of residence.
11. Data Security
We use technical and organizational measures to protect personal data, including encryption in transit (TLS), restricted access controls, secure hosting, and regular security reviews. No system is fully secure, but we work continuously to reduce risk and respond to incidents quickly.
In the event of a personal data breach affecting your rights, we will notify the supervisory authority within 72 hours and inform affected users without undue delay where required.
12. Children's Privacy
The Site is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it.
13. Automated Decision-Making
We do not make decisions affecting you based solely on automated processing, including profiling, that produce legal or similarly significant effects.
14. Changes to This Policy
We may update this Privacy Policy from time to time. The current version is always available on the Site with the revision date. Material changes will be communicated by email or through a Site notice.
15. Contact
For any questions about this Privacy Policy or your personal data:
- Email: r2d2@cyberpunks.shop
- Address: Pinout LTD, Evripidou 12A, Agia Zoni, 3031, Limassol, Cyprus