Privacy Policy

Hard Heart

Last updated: 31 May 2026

Hard Heart ("we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the rights you have over it. It applies to our website and any related applications (the "Site").

We process personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable Portuguese data protection law. By using the Site, you acknowledge that you have read and understood this Policy.

1. Who we are (Data Controller)

The data controller responsible for your personal data is:

Hard Heart
Praça Pedro Ferreira
2240-342 Ferreira do Zêzere
Santarém, Portugal
Email: jitduu@superbee.my

2. Information we collect

We collect the following categories of personal data, depending on how you interact with the Site:

Category
Examples
Identity & contact
First and last name, email address, billing and shipping address, phone number
Order information
Products purchased, order history, items in your cart, returns and refunds
Payment data
Processed securely by our payment providers — we do not store full card numbers (see Section 7)
Account credentials
Username and password, if you create an account
Technical & usage data
IP address, device and browser type, pages viewed, referring pages, approximate location, cookie identifiers
Communications
Messages you send us by email, chat, contact form, or social media

3. How we collect it

  • Directly from you — when you place an order, create an account, sign up for our newsletter, or contact us.
  • Automatically — through cookies and similar technologies when you browse the Site (see our Cookie section below).
  • From third parties — such as our payment processors, shipping partners, and analytics providers, who provide us with limited data needed to fulfil your order and improve our service.

4. Why we use your data and our legal basis

Under the GDPR, we must have a lawful basis to process your personal data. We rely on the following:

  • To perform our contract with you — processing and delivering your orders, handling returns, and providing customer support.
  • Your consent — sending marketing emails, and setting non-essential cookies. You can withdraw consent at any time.
  • Our legitimate interests — preventing fraud, securing the Site, understanding how customers use the Site, and improving our products and service, provided these interests are not overridden by your rights.
  • Legal obligation — keeping records for tax, accounting, and consumer-law compliance.

5. Marketing communications

If you opt in, we may send you emails about new drops, editions, and offers. Every marketing email includes an unsubscribe link, and you can opt out at any time by clicking it or by contacting us. Opting out of marketing will not affect service messages related to your orders (such as shipping confirmations).

6. Who we share your data with

We do not sell your personal data. We share it only with trusted parties who help us run our business, and only as needed:

  • Shopify — our e-commerce platform, which hosts the Site and processes orders.
  • Payment providers — to process payments securely.
  • Shipping and fulfilment partners — to deliver your orders.
  • Analytics and marketing tools — to understand Site usage and, where you've consented, deliver relevant communications.
  • Authorities or advisors — where required by law, to prevent fraud, or to protect our legal rights.

Some of these providers may process data outside the European Economic Area (EEA). Where that happens, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses.

7. Payments & Shopify

Our store is hosted on Shopify Inc., which provides the online platform that lets us sell to you. When you pay through a direct payment gateway, your card data is encrypted under the Payment Card Industry Data Security Standard (PCI-DSS) and is stored only as long as needed to complete your transaction. We never see or store your full card number. For more, see Shopify's Terms of Service and Privacy Statement.

8. Cookies

We use cookies and similar technologies to make the Site work, remember your cart, understand how the Site is used, and — with your consent — support marketing. Essential cookies are always active because the Site cannot function without them. Non-essential cookies are only set if you accept them.

You can manage or block cookies through your browser settings or our cookie banner at any time. Blocking some cookies may affect how the Site works for you.

9. How long we keep your data

We keep personal data only as long as necessary for the purposes described in this Policy — for example, for the duration of our relationship with you, and afterwards as required to meet legal, tax, and accounting obligations. When data is no longer needed, we securely delete or anonymise it.

10. How we protect your data

We use appropriate technical and organisational measures to protect your personal data against loss, misuse, and unauthorised access. However, no method of transmission over the internet is completely secure, and we cannot guarantee absolute security.

11. Your rights under the GDPR

If you are in the EU/EEA, you have the following rights over your personal data:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate or incomplete data.
  • Erasure — ask us to delete your data ("right to be forgotten"), where applicable.
  • Restriction — ask us to limit how we use your data in certain circumstances.
  • Portability — receive your data in a portable format, or have it transferred to another controller.
  • Objection — object to processing based on our legitimate interests, and to direct marketing at any time.
  • Withdraw consent — where we rely on consent, withdraw it at any time without affecting prior processing.

To exercise any of these rights, contact us at jitduu@superbee.my. We will respond within the timeframe required by law. You may be asked to verify your identity before we act on your request.

12. Complaints

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the Portuguese data protection authority, the Comissão Nacional de Proteção de Dados (CNPD), at www.cnpd.pt. We'd appreciate the chance to address your concerns first — please contact us before doing so.

13. Children

The Site is not directed at children under 16, and we do not knowingly collect their personal data. If we learn that we have collected data from a child under 16 without appropriate consent, we will delete it promptly.

14. Third-party links

The Site may contain links to other websites we do not control. We are not responsible for the privacy practices of those sites, and we encourage you to read their privacy policies before sharing any data.

15. Changes to this Policy

We may update this Policy from time to time. When we make material changes, we will post the updated version here with a new "Last updated" date. Please review it periodically.

16. Contact us

Data controller

Hard Heart

Praça Pedro Ferreira

2240-342 Ferreira do Zêzere

Santarém, Portugal

jitduu@superbee.my