GDPR Policy

1. Introduction

At shopultrahearing.com ("we", "us", "our"), we are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information in compliance with the General Data Protection Regulation (GDPR).

2. Data Controller

Controller: getultrahearing.com

3. Purposes and Legal Basis for Processing

We process personal data only when there is a lawful basis under GDPR, including:

Consent – when you have given us clear permission.
Contract – when processing is necessary to deliver our services.
Legitimate interest – when processing is needed for business operations without overriding your rights.
Legal obligation – when required to comply with the law.

4. Data We Collect

We may collect the following types of personal data:

Information you provide directly (e.g., name, email, phone number, order details).
Information collected automatically (e.g., IP address, browser type, device information, cookies).
Information related to purchases, customer support, or account setup.

5. Data Retention

We retain personal data only as long as necessary to fulfill the purposes for which it was collected, or as required by law. After this period, data will be securely deleted or anonymized.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, disclosure, alteration, or destruction.

7. Sharing of Personal Data

We do not sell or rent your personal data. We may share your information with:

Service providers working on our behalf (such as hosting, payment processing, or delivery partners).
Legal authorities if required by law.
Other parties only when you have given explicit consent.

If personal data is transferred outside the European Economic Area, we ensure adequate safeguards are in place.

8. Your Rights Under GDPR

You have the following rights regarding your personal data:

Right of access – to know what data we hold about you.
Right to rectification – to correct inaccurate or incomplete data.
Right to erasure – to request deletion of your data.
Right to restrict processing – to limit how your data is used.
Right to data portability – to receive your data in a usable format.
Right to object – to object to processing based on legitimate interests or marketing.
Right to withdraw consent – where processing is based on consent.
Right to lodge a complaint – with your local data protection authority.

9. Data Breach Notification

In the event of a data breach that may affect your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and, where necessary, inform you directly.