When you buy from Ledger's shop, your personal data (name, address, payment information, and email) is collected and processed to fulfill your order — Ledger's privacy policy governs how this data is used.
Personal data including your name, shipping address, and email collected during a Ledger purchase may be shared with third-party service providers for order fulfillment — given Ledger's prior data breach history, consumers should use a dedicated email and shipping address where possible.
Cross-platform context
See how other platforms handle Personal Data Processing for Sales Transactions and similar clauses.
Compare across platforms →Your purchase data is processed by Ledger and may be shared with third-party logistics, payment processors, and potentially global delivery partners, so understanding how your data flows is important especially given Ledger's 2020 data breach that exposed customer information.
(1) REGULATORY FRAMEWORK: Processing of personal data for sales transactions is governed by GDPR (Regulation 2016/679) Art. 6(1)(b) (processing necessary for performance of a contract) as the primary legal basis. Data transfers to third-party logistics and payment providers constitute data sharing under GDPR Art. 28, requiring data processing agreements. International data transfers outside the EEA must comply with GDPR Chapter V (standard contractual clauses or adequacy decisions). UK GDPR applies equivalent requirements for UK customers. California customers benefit from CCPA §1798.100 et seq. rights including the right to know what data is collected and to request deletion. Enforcement authority: French CNIL (lead supervisory authority for Ledger as a French entity under GDPR one-stop-shop), ICO (UK), California AG and CPPA. (2)
Compliance intelligence locked
Regulatory citations, enforcement risk, and due diligence action items.
Watcher: regulatory citations. Professional: full compliance memo.