Privacy Policy
Last updated: June 2026 · GDPR compliant
1. Introduction and data controller
Your privacy matters to us. This privacy policy explains what personal data [Legal entity — pending] ("we", "our", "us") collects when you visit or interact with this site, how we use that data, and what your rights are under applicable law, including the EU General Data Protection Regulation (GDPR) and equivalent national legislation.
The data controller is [Legal entity — pending], reachable at hello@cordavel.com. Our registered postal address is [Address — pending], [Address line — pending].
2. Data we collect
We may collect the following categories of personal data:
- Order data: name, email address, delivery address, order contents and a payment reference (not your card number — payment data is handled by our payment provider).
- Tuning data: the draw length, draw weight and bow details you give us so we can cut and spine your arrows correctly.
- Contact data: name, email address and the content of any message you send us via the contact form.
- Newsletter data: email address, if you subscribe to our newsletter.
- Browsing data: IP address, browser type, device type and pages viewed, collected via server logs and, where applicable, analytics software.
- Preference data: language preference and cart contents stored locally in your browser (localStorage) — this data does not leave your device unless you place an order.
3. How we use your data
We use your data for the following purposes and on the following legal bases:
- Fulfilling your order (performance of a contract): processing your order, cutting and tuning to your specification, arranging shipping, issuing invoices and handling returns.
- Customer service (legitimate interest / contract): answering your enquiries and resolving complaints.
- Marketing (consent): sending newsletters if you have subscribed. You can unsubscribe at any time via the link in every email we send.
- Legal obligations: retaining order and invoicing data for the period required by applicable tax and commercial law (typically 7 to 10 years depending on jurisdiction).
- Improving the site (legitimate interest): analysing anonymised browsing data to understand how the site is used and where it can be improved.
4. Data sharing and processors
We do not sell your personal data. We share data only with the following categories of third-party processors, who have agreed to appropriate data-processing terms:
- Payment providers: handle card payment authorisation. They do not return your full card number to us after processing.
- Carriers: receive your name and delivery address to deliver your order.
- Email providers: used to send order confirmation and newsletter emails.
- Hosting and infrastructure providers: our site and databases are hosted on servers located in the EU or in jurisdictions offering an adequate data-protection framework.
We will disclose data to law-enforcement or regulatory authorities where required to do so by law.
5. Cookies and local storage
This site uses browser local storage (localStorage, not cookies) to remember your language preference and cart contents. This data is stored only on your device and is not transmitted to our servers unless you complete a purchase or newsletter sign-up.
If we introduce third-party analytics or advertising services, we will update this policy and seek your consent where the law requires it. Currently, no third-party tracking cookies are set by this site.
6. Data retention
We retain personal data only as long as necessary for the purpose for which it was collected, unless a longer retention period is required by law:
- Order data: 7 years from the order date (statutory accounting obligation).
- Contact-form messages: 12 months from the date of the last reply, unless the matter requires longer retention.
- Newsletter subscriber data: until you unsubscribe, plus 30 days to process the request.
- Server logs: 90 days, on a rolling basis.
7. Your rights
Under the GDPR and equivalent laws, you have the following rights regarding your personal data:
- Access: request a copy of the personal data we hold about you.
- Rectification: request correction of inaccurate data.
- Erasure: request deletion of your data, subject to legal retention obligations.
- Restriction: request that we restrict processing of your data in certain circumstances.
- Portability: receive your data in a structured, machine-readable format.
- Objection: object to processing based on legitimate interest, including direct marketing.
- Withdrawal of consent: withdraw your consent at any time where processing is based on consent, without affecting the lawfulness of prior processing.
To exercise any of these rights, contact hello@cordavel.com. We will respond within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the supervisory authority in your country of residence.
8. International transfers
Where data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including the European Commission's standard contractual clauses, or transfer to countries offering an adequate level of data protection as determined by the Commission.
9. Data security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration or disclosure. These include HTTPS encryption of all data in transit, access controls on our systems, and regular review of our security practices. In the event of a data breach likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority and, where required, the individuals concerned, within the timeframes imposed by law.
10. Changes to this policy
We may update this privacy policy from time to time to reflect changes in our practices or applicable law. We will post the updated policy on this page with a revised "last updated" date. If the changes are substantial, we will notify you by email (if you are a customer or subscriber) or by a notice on the site. We encourage you to review this policy periodically.
For any questions about this policy or your data, write to hello@cordavel.com.
Questions about your data? Write to us at hello@cordavel.com.