Privacy Policy

[COMPANY LEGAL NAME, e.g. Meridian Timepieces, Lda.] (Meridian Watches), [STREET ADDRESS], [POSTAL CODE] Lisbon, Portugal, is the data controller for personal data processed through this website. Contact our privacy team at concierge@meridianwatches.example.

• Account data: email, display name, hashed password.
• Order data: name, billing/shipping address, phone, order history.
• Payment data: handled by our PCI-DSS compliant payment processor; we receive only a transaction reference and the last four digits of the card.
• Technical data: IP address, device, browser, and pages visited (used for fraud prevention and service quality).

• Performance of a contract — to process your order and provide the service.
• Legal obligation — invoicing, tax, anti-fraud, AML/KYC where required.
• Legitimate interests — fraud prevention, network security, service improvement.
• Consent — for marketing emails and non-essential cookies (see Cookie Policy).

We share data with: payment service providers (for authorisation and fraud screening), shipping carriers and insurers, identity-verification providers, our IT/cloud hosting providers, and authorities when legally required. We do not sell your personal data.

Where data is transferred outside the EEA, we rely on adequacy decisions or EU Standard Contractual Clauses with appropriate safeguards.

Order and accounting records are kept for the period required by tax law (typically 10 years in Portugal). Account data is retained while the account is active and deleted on request, subject to legal retention obligations.

Under GDPR you may request access, rectification, erasure, restriction, portability, and objection. You may also lodge a complaint with the Portuguese data-protection authority (CNPD) or your local supervisory authority.

The site is served over HTTPS/TLS. Payment data is processed exclusively by a PCI-DSS Level 1 compliant provider; card numbers never touch our servers.