Privacy Policy

When you use our site, we collect only the data strictly necessary to process your order:

• Personal data: name, first name, email address, phone number, postal address.
• Payment data: card type, last 4 digits, expiration date, type and issuer, via our provider Stripe. No full banking data is stored on our site.
• IP addresses temporarily stored in our security logs (maximum 90 days) for fraud prevention, rate limiting and abuse protection. No IP address is used for statistical analysis or profiling purposes.
• Technical cookies: a PHP cookie is used to keep your session active (login, cart, etc.).
• Third-party cookies: Stripe may use its own cookies during payment processing, beyond our control.

Collected data are used exclusively for:

• processing and tracking your orders,
• shipping products,
• communicating with you when necessary (confirmation, delivery, after-sales service).
• Sending newsletters and promotional information (with opt-out option)

No data is used for statistical or advertising purposes.

Your data are shared only with providers essential to fulfilling your order:

• Stripe, for secure payment processing.
• Swiss Post, for shipping your orders (and La Poste française for final delivery of parcels to France).

These partners only have access to the data required for their services. No data is sold or passed on to unrelated third parties.

We measure usage of the site (card clicks, cart additions, page views) for service-improvement purposes, on the basis of legitimate interest (GDPR Art. 6.1.f). These statistics are strictly anonymous: no cookie is set, no IP address is stored, no visitor identifier or fingerprint is used. We do not use any third-party analytics service (Google Analytics, Facebook Pixel, Matomo, etc.).

The site uses only cookies that are strictly necessary for its operation or explicitly chosen by the user:

• Session cookie (PHPSESSID): required to keep your cart, language preference and session active during navigation. Deleted when the browser is closed.
• Optional functional cookie (game_pseudo): set only if you enter a nickname in the mini-game, in order to remember it. Stored for 30 days, can be deleted at any time via your browser.
• Stripe cookies (payment): during checkout, Stripe may set strictly necessary cookies on its own domain (stripe.com) for fraud detection and PCI-DSS compliance. These cookies are essential for secure payment processing.

Since no tracking, third-party analytics or marketing cookies are used, no consent banner is required under the ePrivacy directive, the GDPR or the Swiss nFADP. You can disable or delete cookies at any time via your browser settings.

Data are securely stored on a server hosted by Infomaniak (Geneva, Switzerland) with restricted access and encrypted communication via HTTPS. Payments are processed by Stripe under strict security standards.

Data related to orders are kept for 10 years in accordance with Swiss accounting obligations. After this period, they are deleted or anonymized.

In accordance with the Federal Data Protection Act (nLPD), you have the following rights:

• Right to access your data
• Right to rectification
• Right to deletion (within legal limits)
• Right to object or withdraw consent

To exercise these rights, contact us at: commandes@bd-pokecards.ch.

For any question or complaint regarding your data, you can contact us at commandes@bd-pokecards.ch.

You can also contact the Federal Data Protection and Information Commissioner (FDPIC) in Switzerland.