Privacy Policy

Last updated: April 24, 2026

This Privacy Policy explains what personal information we collect, why we collect it, how we use and protect it, and the choices you have. We believe in keeping things simple and transparent.

1. Who This Policy Applies To

This Privacy Policy applies to all individuals who visit our website, create an account, place an order, contact our support team, or otherwise interact with Commodore International Corporation (“Commodore,” “we,” “us,” or “our”).

It covers personal information we collect through our website, our checkout and payment systems, our customer support channels, and any newsletters or marketing communications we send you.

2. Information We Collect

We only collect what we need to serve you well and run our business responsibly. The table below summarizes the categories of information we may collect:

  • Identity and contact information: name, email address, postal address, phone number.
  • Order and transaction data: products purchased, order history, payment token (we never store full card numbers), shipping and billing address, refund and warranty claim history.
  • Account credentials: username, hashed password. We do not store plain-text passwords.
  • Technical and device data: truncated/anonymized IP address, browser type, device type, operating system. We do not use persistent cross-site tracking identifiers.
  • Usage data: pages visited, products viewed, referral source, clicks, and interactions with our site.
  • Communications: content of emails, support tickets, or messages you send us.
  • Marketing preferences: whether you have opted in to receive marketing emails from us.
  • We do not intentionally collect sensitive personal information such as biometric identifiers, precise health information, religious beliefs, political affiliation, or other categories of sensitive data unless required to provide a service, comply with law, or respond to your request.

Please do not submit sensitive personal information to us unless specifically requested.

3. Legal Bases for Processing (EU & UK)

If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal information under one of the following legal bases as required by the GDPR and UK GDPR:

  • Contract performance (Art. 6(1)(b) GDPR): to process your order, handle payment, arrange delivery, and manage returns and warranties.
  • Legitimate interests (Art. 6(1)(f) GDPR): to prevent fraud, maintain site security, analyze site performance, and improve our products and services, where these interests are not overridden by your rights.
  • Consent (Art. 6(1)(a) GDPR): to send you marketing emails. You may withdraw consent at any time.
  • Legal obligation (Art. 6(1)(c) GDPR): to comply with tax, accounting, export control, and other legal requirements.

We do not use automated decision-making or profiling that produces legal or similarly significant effects on individuals.

We may use automated tools to detect fraud, maintain security, improve site performance, personalize website functionality, or analyze aggregate usage trends, but these processes do not make legally binding decisions about you without human involvement.

4. How We Use Your Information

Here is how we use the data we collect:

  • To process and fulfill your orders, including payment, delivery, and customer communication.
  • To manage your account and provide customer support.
  • To process returns, exchanges, and warranty claims.
  • To send you transactional and order-related emails (these are not marketing emails and cannot be unsubscribed from while your order is open).
  • To send you marketing emails and promotions, if relevant and you have opted in.
  • To detect and prevent fraud, abuse, and unauthorized activity.
  • To analyze how our website is used so we can improve it.
  • To comply with our legal obligations, including tax, export control, and consumer protection requirements.
  • We never sell or rent your personal information to third parties.

5. Sharing Your Information

We share your information only where necessary to operate our business or comply with the law. Specifically, we may share your data with:

  • Payment processors: to securely handle your payment. They receive only what they need and are bound by strict data protection agreements.
  • Shipping carriers and logistics providers: to arrange delivery of your order.
  • Cloud hosting and IT service providers: who process data on our behalf under data processing agreements.
  • Customer support tools: to help us manage support tickets and communications.
  • Analytics providers: in anonymized or aggregate form only (see Section 8 on Cookies).
  • Legal authorities: where required by law, court order, or to protect our rights or the rights of others.
  • Business successors: in connection with a merger, acquisition, or sale of assets. We will notify you if your data transfers to a new controller with different privacy practices.
  • All third parties who handle your personal information on our behalf are required to do so under data processing agreements that restrict how they may use your data.

We may use carefully selected third-party service providers to operate our business and provide our services, including providers that assist with: payment processing; ecommerce infrastructure; shipping and logistics; cloud hosting; customer support; fraud prevention; analytics; and email communications.

These providers may process personal information solely on our behalf and only as necessary to perform contracted services.

6. International Data Transfers

Commodore is headquartered in the United States. If you are in the EU, UK, or another jurisdiction with data transfer restrictions, your personal information may be transferred to and processed in the United States or other countries. We rely on the following safeguards to ensure lawful transfers:

  • Standard Contractual Clauses (SCCs) approved by the European Commission, for transfers from the EEA.
  • UK International Data Transfer Agreements (IDTAs) or Addenda, for transfers from the UK.
  • Any applicable adequacy decisions adopted by regulators.

Our representatives in the EU and UK are available to answer data-related questions:

  • EU Representative (GDPR Art. 27): Commodore Business Machines BV, Hullenbergweg 278-308, Zuidoost, 1101 BV Amsterdam, Netherlands.
  • UK Representative (UK GDPR Art. 27): Commodore Electronics Ltd., Lytchett House, 13 Freeland Park, Wareham Road, Poole, BH16 6FA, UK.

7. How Long We Keep Your Information.

Order records: retained for up to 7 years to meet tax, accounting, and legal obligations.

Account data: retained while your account is active and for a reasonable period afterward to handle any unresolved matters. You may request deletion at any time.

Warranty and claims records: retained for the duration of the applicable warranty period plus 2 years. Marketing preferences: retained until you unsubscribe or withdraw consent.

Anonymized analytics data: retained for up to 14 months for trend analysis, then deleted or further anonymized.

Support communications: retained for up to 3 years after resolution of the matter. When data is no longer needed, we securely delete or irreversibly anonymize it.

8. Cookies and Analytics

We have engineered our website to be as privacy-friendly as possible. Essential cookies: we use a small number of cookies strictly necessary for the site to work, for example, to maintain your shopping cart session and secure your login. These do not track you across other websites.

We use Google Analytics 4 in “cookieless” mode. No tracking files are placed on your device to identify you across sessions. We can see aggregate, anonymous data (for example, which product pages are popular) without being able to identify you personally. No cookie banner: because we do not use cookies that require consent under GDPR or the ePrivacy Directive, we do not show a cookie consent banner. You may block all cookies in your browser settings. If you prefer not to be included in our anonymous statistics, you may opt out of Google Analytics by clicking here.

We do not use advertising cookies, tracking pixels for ad retargeting, or behavioral advertising.

9. Your Privacy Rights

EU and UK Residents

If you are located in the EEA or the UK, you have the following rights under the GDPR and UK GDPR:

  • Right of access: to request a copy of the personal information we hold about you.
  • Right to rectification: to ask us to correct inaccurate or incomplete data.
  • Right to erasure (“right to be forgotten”): to ask us to delete your data, subject to certain legal retention obligations.
  • Right to restriction: to ask us to restrict processing of your data in certain circumstances.
  • Right to data portability: to receive your data in a structured, machine-readable format.
  • Right to object: to processing based on legitimate interests, including for direct marketing.
  • Right to withdraw consent: at any time, for any processing based on consent (including marketing emails). Withdrawal does not affect the lawfulness of prior processing.

To exercise any of these rights, please contact our Data Protection Officer using the details in Section 14. We will respond within 30 days (extendable by a further 60 days for complex requests, with notice). There is no charge for most requests.

You also have the right to lodge a complaint with your national data protection supervisory authority. In the EU, you can find your local authority at edpb.europa.eu. In the UK, the relevant authority is the Information Commissioner’s Office (ico.org.uk).

California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act and California Privacy Rights Act:

  • Right to know: to request disclosure of the categories and specific pieces of personal information we have collected, the sources, the business purposes, and the categories of third parties with whom we share it.
  • Right to delete: to request deletion of personal information we have collected, subject to certain exceptions.
  • Right to correct: to request correction of inaccurate personal information.
  • Right to opt out of sale or sharing: we do not sell your personal information. We do not share it for cross-context behavioral advertising.
  • Right to non-discrimination: we will not discriminate against you for exercising any of these rights.

To exercise your California privacy rights, contact us here. We will respond within 45 days (extendable by a further 45 days with notice).

Other U.S. States

Residents of Virginia, Colorado, Connecticut, Texas, and other states with applicable privacy laws have similar rights to know, access, delete, correct, and opt out of sale or sharing. Contact us here to exercise any of these rights. We will respond within the timeframe required by applicable law.

We also do not share personal information for cross-context behavioral advertising or targeted advertising as those terms are defined under applicable U.S. privacy laws.

10. Do Not Track

We do not track your activity across third-party websites and therefore do not currently respond to browser “Do Not Track” signals. We will update this section if our practices change.

11. Children’s Privacy

Our website and Products are intended for adults. We do not knowingly collect personal information from anyone under 16 (or under 13 for users in the United States, consistent with COPPA). If you are under 16, please do not use our website or provide us with any personal information.

If we learn that we have inadvertently collected personal information from a child under 13 without verifiable parental consent, we will delete it promptly. Parents or guardians who believe we may have collected information from their child may contact us here.

12. Data Security

We take the security of your personal information seriously. Our security measures include TLS encryption for all data transmitted between your browser and our website. Tokenized payment processing, we never see your full card number; only a secure token is stored. Strict access controls limiting who within Commodore can access personal data.

No internet transmission or data storage system is perfectly secure. If we become aware of a breach that affects your rights, we will notify you and the relevant authorities as required by applicable law.

If we become aware of a security incident involving your personal information, we will investigate promptly and provide notice where required by applicable law.

Any notice will be provided within the timeframe required by applicable law and may be delivered by email, website notice, or other legally permitted means.

13. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. For material changes — particularly those affecting how we use your personal information or your rights — we will provide advance notice by email or a prominent notice on our website, and where required by law, seek your renewed consent. The most current version is always available at the bottom of our website.

14. Contact Us

For questions, access requests, or complaints about how we handle your personal information, please reach out to our Data Protection Officer here. We aim to respond within one business day.

Web: (for data rights requests, select “Privacy and GDPR”)
Mail: Data Protection Officer, Commodore International Corporation, 8 The Green, Suite A, Dover, DE 19901, USA
EU Representative: Commodore Business Machines BV
UK Representative: Commodore Electronics Ltd.

For purposes of applicable privacy laws, including the GDPR and UK GDPR, Commodore International Corporation is the data controller responsible for the collection and use of your personal information.

© 2026 Commodore International Corporation. All rights reserved.