bBlue Board Theory← Back to store

Legal

Privacy Policy

Last updated 17 June 2026

This Privacy Policy explains how Blue Board Theory (“we”, “us”) collects, uses and protects your personal data when you visit blueboardtheory.com or place an order. We follow the EU General Data Protection Regulation (RGPD / GDPR) and Portuguese data-protection law.

1. Who is responsible for your data

The data controller is Blue Board Theory, operated by Mouiz Kisma (Empresário em nome individual), NIF 316657115, Rua Nau Vitória 985, andar 1, Porto, Portugal.

2. What we collect

  • Order details: name, shipping and billing address, email, phone number.
  • Payment data: handled entirely by Stripe. We never see or store your full card details. We receive only confirmation of payment and the last digits or method.
  • Support messages: anything you send us by email, WhatsApp or social media.
  • Usage data: basic, privacy-respecting analytics and the technical data your browser sends (e.g. approximate region, device type).

3. Why we use it and our legal basis

  • To fulfil your order (process payment, ship the product, provide support): performance of a contract.
  • To meet legal obligations (issue invoices, keep accounting records): legal obligation under Portuguese tax law.
  • To improve the store and prevent fraud: our legitimate interests.
  • For optional marketing (only if you opt in): your consent, which you can withdraw at any time.

4. Who we share it with (processors)

We only share data with services that help us run the store, under data-processing terms:

  • Stripe: payment processing.
  • Shipping carrier: to deliver your order (name and address only).
  • Hosting provider (Cloudflare or our deployment host): to serve the website.
  • Email provider: to send order confirmations and replies.

Some providers may process data outside the EU/EEA; where they do, transfers are protected by appropriate safeguards such as the EU Standard Contractual Clauses.

5. How long we keep it

We keep order and invoicing records for as long as Portuguese tax and accounting law requires (up to 10 years). Support messages and analytics are kept only as long as needed for their purpose.

6. Your rights

Under the RGPD you can ask us to:

  • access the data we hold about you;
  • correct inaccurate data;
  • delete your data (where no legal duty requires us to keep it);
  • restrict or object to certain processing;
  • receive your data in a portable format;
  • withdraw any consent you've given.

To exercise any of these, email hello@blueboardtheory.com. You also have the right to complain to the Portuguese supervisory authority, the Comissão Nacional de Proteção de Dados (CNPD).

7. Cookies

We use only the cookies needed to run the site and, if enabled, privacy-respecting analytics. We do not sell your data or use intrusive ad-tracking. You can block cookies in your browser settings.

8. Changes to this policy

We may update this policy as the business grows. The “last updated” date above always reflects the current version.

Note: this is a starting template prepared for a Portugal-based sole trader (empresário em nome individual) and is not legal advice. Before launch, have it reviewed by a lawyer or contabilista and fill in the bracketed details ([legal name], [NIF], full address).