Legal
Privacy Policy
How Nortia Sundials and BWE Ltd. handle your personal data.
Effective 2026-05-22
Privacy Policy
This policy explains what personal data we collect when you use nortiasundials.com, why we collect it, how long we keep it, and what rights you have. We've kept the language as plain as we can.
In short
We collect the minimum personal data needed to take and fulfil your order. We do not run analytics, we do not profile you, we do not sell or share your data with marketers. Payment is processed by Stripe; we never see your card details. Shipping data is shared with the parcel carrier you select. That's it.
1. Who we are
The controller of your personal data is BWE Ltd. (Reg. No. 204048699, VAT BG204048699), trading as Nortia Sundials and Atelier Nortia, registered office in Varna, Bulgaria.
Privacy contact: hello@ateliernortia.com.
Because BWE Ltd. is established in the European Union, we are directly subject to the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") and to the Bulgarian Personal Data Protection Act.
2. What data we collect, and why
When you browse the site
We process standard server-log data (your IP address, browser type, the page you requested, the timestamp) for the technical operation and security of the site. This is handled by our hosting provider (Cloudflare) and we do not store these logs ourselves beyond Cloudflare's defaults. Legal basis: legitimate interest in running and securing the site (GDPR Art. 6(1)(f)).
When you use the calculator
The calculator runs in your browser. Your dial parameters (latitude, longitude, wall declination, diameter) are not transmitted to us. The free PDF the calculator generates is produced in your browser and downloaded to your device — we don't keep a copy.
When you place a paid order
We collect:
- Your name and email address, so we can identify the order and send you the confirmation, files, and any necessary updates;
- Your shipping address, for orders that include the alignment jig;
- Your dial configuration (size, hour-line set, gnomon dimensions), so we can produce the correct PDF, SVG, and printed jig;
- Order metadata: order number, items purchased, prices, VAT charged, country, the timestamp of the withdrawal-right waiver (for digital items).
Legal basis: performance of the sales contract with you (GDPR Art. 6(1)(b)) and compliance with our legal obligations as a VAT-registered seller (Art. 6(1)(c)).
When you pay
Payment is processed by Stripe Payments Europe Limited (Ireland) on Stripe's infrastructure. Your card details go directly to Stripe — we do not see, transmit, or store them. Stripe returns to us only:
- Your name and email address;
- Your billing and shipping address;
- A confirmation that the payment succeeded;
- A reference (the Stripe payment-intent ID) so we can reconcile the payment;
- The last 4 digits of your card and the card brand (so we can identify the payment in case of refund).
Stripe's own processing of your data is governed by Stripe's Privacy Policy. Stripe is a separate controller for its own purposes (fraud prevention, regulatory reporting) and our processor for the processing performed on our behalf.
When you write to us
If you email us at any @nortiasundials.com or @ateliernortia.com address, we receive whatever you sent: your email address, your name (if you include it), and the content of your message. Legal basis: legitimate interest in answering you (GDPR Art. 6(1)(f)).
What we do NOT collect
- Cookies for analytics, advertising, or tracking — see our Cookie Notice;
- Any user account data — we offer guest checkout only, with no accounts to create;
- Your social-media identity, friends list, contacts, or location beyond what's necessary for shipping;
- Sensitive categories of data (health, ethnicity, political views, etc.).
3. Who we share your data with
We share your data only with the people we have to in order to fulfil your order:
| Recipient | Purpose | Country / region |
|---|---|---|
| Stripe | Payment processing and fraud prevention | EU (Ireland), with affiliates in the US under standard contractual clauses |
| Cloudflare | Website hosting, security, and DDoS protection | US, EU edge locations |
| Bulgarian Posts (Български пощи), Speedy, or another carrier we select | Delivering physical orders to you | Bulgaria, then the destination country |
| Our accountant and the Bulgarian National Revenue Agency (НАП) | Tax compliance and bookkeeping | Bulgaria |
| Email providers (Google Workspace and similar) | Sending order confirmations and replying to your messages | EU/US under standard contractual clauses |
We do not sell, rent, or trade your data with anyone. We do not share it with advertisers or marketing partners.
4. How long we keep your data
| Data | Retention |
|---|---|
| Server access logs | As set by Cloudflare's default (a few days for raw logs). |
| Order records (customer name, email, address, items, prices, VAT, payment reference) | 10 years from the end of the calendar year in which the order was placed — the period Bulgarian tax law (ЗКПО, ЗДДС) requires us to keep commercial records. |
| Email correspondence | Up to 24 months from your last message, unless we need it longer to resolve an outstanding issue. |
| Withdrawal-right waiver records (digital purchases) | Same as order records — 10 years. |
| Marketing data | We do not run a marketing list. |
5. Where your data is stored
The order database lives on infrastructure operated by Cloudflare (Workers KV and R2). Cloudflare uses storage primarily within the EU and may replicate for redundancy to its global network under appropriate safeguards. Stripe stores payment-related data in its own infrastructure. Our email is handled by standard EU/US providers under the EU Standard Contractual Clauses for international transfers.
When data must cross outside the EEA, we rely on the safeguards listed in GDPR Chapter V, primarily Standard Contractual Clauses.
6. Your rights
Under the GDPR and equivalent laws, you have the right to:
- Access — ask us what personal data we hold about you, and receive a copy.
- Rectification — have inaccurate data corrected.
- Erasure — have your data deleted, subject to our legal obligation to keep order records for the tax-retention period above. Email correspondence and any data we no longer need can be deleted at your request.
- Restriction — limit how we process your data while a dispute is resolved.
- Objection — object to processing based on legitimate interest.
- Portability — receive your data in a machine-readable format.
- Complaint — lodge a complaint with the Bulgarian Commission for Personal Data Protection (cpdp.bg) or the supervisory authority in your EU country of residence.
To exercise any of these, write to hello@ateliernortia.com. We will respond within 30 days. We may ask you to confirm your identity before acting on the request.
7. Children
The shop is not directed at children. We do not knowingly collect personal data from anyone under 16. If you are under 16, please ask a parent or guardian to place any order on your behalf.
8. Automated decisions and profiling
We do not use any automated decision-making or profiling that produces legal or similarly significant effects for you. Stripe applies its own fraud-detection logic during payment authorisation; that is governed by Stripe's policy, not ours.
9. Security
We secure your data with industry-standard practices: HTTPS on the whole site, payment processing isolated to Stripe, hosting on Cloudflare's secured infrastructure, and access controls on our internal systems. No system can be guaranteed perfectly secure; if a personal-data breach occurs that is likely to result in a risk to your rights, we will notify the supervisory authority within 72 hours as required by GDPR Art. 33, and notify you directly without undue delay where required by GDPR Art. 34.
10. Changes to this policy
If we change this policy, we will update the effective date at the bottom and, for material changes, post a notice at the top of the page for at least 30 days. Changes that materially expand our processing will not apply retroactively to data already collected without your further consent where required.
11. Governing language
The English version of this policy is the governing version. Translations, if any, are provided for convenience.
12. Contact
BWE Ltd. (trading as Nortia Sundials) Reg. No. 204048699 · VAT BG204048699 Varna, Bulgaria hello@ateliernortia.com
Effective 22 May 2026.