Shirts Do Caralho

Privacy Policy

Last updated: June 2026

1. Who we are

Shirts do Caralho, operated at shirtsdocaralho.online, is an online retailer of football shirts. We are responsible for the personal data you provide when using our website.

2. Data we collect

  • Account data: name, email address and password (hashed).
  • Order data: delivery address, order history and payment references.
  • Usage data: pages visited, search queries, browser type and IP address.
  • Cookies: session cookies for authentication and preference cookies. See our Cookie Policy.

3. How we use your data

  • To process and fulfil your orders.
  • To manage your account and provide customer support.
  • To send transactional emails (order confirmations, shipping updates).
  • To improve our website and product catalogue.
  • To comply with legal obligations.

4. Legal basis for processing

We process your data on the following legal bases under GDPR:

  • Contract: processing necessary to fulfil your order.
  • Legitimate interest: improving our services and preventing fraud.
  • Consent: marketing communications and non-essential cookies.
  • Legal obligation: tax and accounting requirements.

5. Data sharing

We do not sell your personal data. We share data only with:

  • Payment processors (Stripe) to handle transactions securely.
  • Shipping providers to deliver your order.
  • Hosting infrastructure (our VPS provider) to operate the website.

6. Data retention

We retain account data for as long as your account is active. Order data is kept for 7 years to comply with tax obligations. You may request deletion of your account at any time.

7. Your rights

Under GDPR you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Request deletion of your data ("right to be forgotten").
  • Restrict or object to processing.
  • Data portability.
  • Withdraw consent at any time.

To exercise these rights, contact us at privacy@shirtsdocaralho.online.

8. Security

We use HTTPS encryption, hashed passwords (bcrypt) and secure session cookies. Access to personal data is restricted to authorised personnel only.

9. Changes to this policy

We may update this policy from time to time. We will notify you of significant changes by email or by displaying a notice on the website.