Free IS shipping over 15.000 kr.Free Iceland shipping over 15.000 kr.24–48 hours after dispatch, trackedPickup at Ármúli 29
NordicCards & Games

Legal · Privacy

Privacy Policy

Plain-English summary of how Nordiccardsngames ehf handles personal data under Icelandic Persónuvernd and the EU GDPR. Last updated when the site went live.

Who is the data controller

Nordiccardsngames ehf (VSK 148883), Ármúli 29, 108 Reykjavík, Iceland. Contact: nordiccardsngames@gmail.com, +354 765 0289.

What we collect

  • Order data (name, address, items, totals)
  • Contact details (email, phone)
  • Payment confirmations from the hosted provider — no card data is stored on this site
  • Anonymous analytics (only after you accept the cookie banner).
  • Marketing email opt-ins, if you choose to subscribe.

We do not store card numbers. Payments are processed by hosted providers (Teya) on their own pages — only confirmation tokens reach us.

Why we use it

  • Fulfilling and shipping your orders.
  • Communicating about your order, returns, or pickup.
  • Tax records — kept for the period required by Icelandic law.
  • Improving the site (analytics) — only with consent.
  • Email marketing — only if you opt in. Unsubscribe in every email.

Cookies

Essential cookies (cart, checkout, security) are always on — without them the store cannot work. Analytics cookies fire only after you click Accept all on the consent banner. You can revoke consent any time by clearing site data in your browser; the banner will reappear.

Who can see your data

Only the store owner accesses customer and order data.

  • Your payment provider sees only the data needed to charge the card.
  • The shipping carrier (Dropp / private delivery) sees the delivery address.
  • Our accountant (Easytax) sees aggregated tax records.

Retention

Order and tax records retained as required by Icelandic law (typically 7 years for VAT). Marketing data deleted on request.

Your rights

Under Icelandic Persónuvernd / GDPR you can request access, correction, or deletion of your data by emailing the store.

We respond within 30 days. If you believe we have mishandled your data you can file a complaint with the Icelandic Persónuvernd authority.

International transfers

Hosting and analytics providers may be located outside Iceland (typically EEA / US with SCCs). We pick providers that comply with GDPR Standard Contractual Clauses.

Changes

We may update this policy. Material changes are flagged at the top and announced via email to subscribers.