1. Controller
The data controller is the legal entity behind primearx.com, identified in the Site footer. The controller is registered in the Republic of Poland and operates under the EU General Data Protection Regulation (GDPR) and the Polish implementing law.
2. What we collect
| Data | Why we need it | Retention |
|---|---|---|
| Send the activation code, order confirmation and any support correspondence. | Until account deletion + 7 years for tax records (anonymised). | |
| Billing country | Compute EU VAT correctly at checkout. | 7 years (EU tax law). |
| Billing name & address | Issue legally valid VAT invoices on request. | 7 years (EU tax law). |
| Order history | Power the My Keys archive and customer support. | Until account deletion + 7 years (anonymised). |
| Activation codes | Re-deliver codes you’ve already paid for. | Encrypted at rest. Removed on account deletion. |
| Card data | Not stored. Only an opaque token from the PCI-DSS certified gateway. | Token expires per processor policy. |
| IP address | Fraud screening, server logs. | 30 days, then anonymised. |
3. Legal basis
- Performance of contract (GDPR Art. 6(1)(b)) — to deliver the product you ordered.
- Legal obligation (Art. 6(1)(c)) — for VAT records and accounting (kept 7 years).
- Legitimate interests (Art. 6(1)(f)) — fraud detection and basic server logging.
We do not rely on consent for any of the above, except for non-essential cookies (see the Cookie policy).
4. Third-party processors
Some data is processed by carefully selected third parties under data processing agreements:
- Payment processor (PCI-DSS certified gateway) — handles card authorisation. Receives the amount, currency, billing country and a tokenised card reference. Never returns full card numbers to us.
- Code distributor — receives the SKU you ordered to release the activation code. Receives no personal data beyond an internal order ID.
- Email delivery provider — sends transactional emails (order confirmation, code delivery, password reset). Receives only your email address and the message body.
- Hosting provider — operates the EU-based servers running the Shop.
None of the above sell your data or use it for their own marketing.
5. Marketing & profiling
We do not send marketing email, run affiliate trackers, sell your data to third parties or build behavioural profiles for ad networks. The only emails you receive from us are transactional — orders, codes, password resets, and replies to your support questions.
6. Your rights under GDPR
You can at any time request:
- Access — a copy of every piece of personal data we hold about you.
- Rectification — correction of incorrect data.
- Erasure — deletion of your account and personal data, subject to the 7-year tax retention obligation (which keeps anonymised records).
- Portability — your data in a machine-readable format (JSON / CSV).
- Restriction or objection — limit how we process your data.
- Withdrawal of consent — for any cookies or processing based on consent.
- Complaint to the supervisory authority — the Polish Data Protection Office (UODO) or your local EU data-protection authority.
To exercise any of these rights, write to support@primearx.com from the email address on file. We respond within 30 days.
7. Cookies
We use a small set of cookies for cart functionality and session management. The full list — names, purposes, retention, opt-out — is on the Cookie policy page.
8. International transfers
All data is hosted on EU-based servers. The PCI-DSS certified payment gateway and the email delivery provider operate within the EU/EEA or under a Standard Contractual Clauses agreement compatible with GDPR.
9. Children
The Shop is not directed at children under 16 and does not knowingly collect personal data from minors. If you believe a minor has placed an order using your card without permission, contact us and we will refund and delete the record.
10. Changes
Material changes to this policy are communicated by email to registered users at least 30 days before taking effect. The current version’s last updated date is shown above the page title.
11. Contact
For privacy questions or data requests: support@primearx.com.