PROCESSING OF PERSONAL DATA

Privacy Policy

Last updated: May 11, 2026

1. Data Controller

The controller of personal data for this online shop is:

Ristiku Stuudio OÜ / Registry code: 14641174 / Address: Ristiku 21/1, Tallinn, 10611, Estonia / Email: virgostudiocollections@gmail.com

This Privacy Policy explains how personal data is collected, used, stored and protected when you visit or make a purchase from www.virgostudio.eu (“Website”).

We reserve the right to update this Privacy Policy from time to time in order to reflect changes in legal requirements, technology, or our business operations. Any updates will be published on this page together with the revised “Last updated” date.

2. What Personal Data We Collect

We may collect and process the following categories of personal data:

Information you provide directly

• Name

• Billing and delivery address

• Email address

• Phone number

• Order details and purchase history

• Customer support communications

Payment information

Payments are securely processed by third-party payment providers such as Stripe and PayPal. We do not store or have direct access to your full payment card information.

Depending on the payment method used, payment data is processed by:

• Stripe

• PayPal

Our website is hosted on Squarespace. Squarespace may receive limited payment-related information such as:

• last four digits of the payment card,

• card expiry date,

• country of issuance.

All payment processing providers comply with applicable PCI-DSS security standards.

You can read their privacy policies here:

• Stripe: Stripe Privacy Policy

• PayPal: PayPal Privacy Statement

• Squarespace: Squarespace Privacy Policy

Automatically collected information

When you use the Website, certain technical information may be collected automatically, including:

• IP address

• Browser type

• Device information

• Website usage statistics

• Cookies and similar technologies

3. Why We Process Personal Data

We process personal data for the following purposes:

• To process and deliver orders

• To provide customer support

• To manage returns, refunds and complaints

• To maintain accounting and tax records

• To improve our products, services and website

• To prevent fraud and ensure website security

• To analyse customer preferences and purchasing behaviour

• To send marketing communications where consent has been given

• To comply with legal obligations

4. Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), we process personal data on the following legal bases:

• Performance of a contract – when processing is necessary to fulfil an order or provide services

• Legal obligation – for accounting, tax and consumer protection requirements

• Legitimate interests – for fraud prevention, website security and business improvement

• Consent – for email marketing, analytics cookies and other optional technologies where required by law

You may withdraw your consent at any time.

5. Recipients of Personal Data

We may share personal data with trusted third parties where necessary, including:

• Payment service providers

• Delivery and logistics companies

• Website hosting and IT service providers

• Accounting and bookkeeping service providers

• Analytics and marketing providers

• Public authorities, regulators or law enforcement where required by law

All service providers process personal data under contractual obligations and are required to implement appropriate security measures.

6. International Data Transfers

Some of our service providers may process personal data outside the European Economic Area (EEA).

Where personal data is transferred outside the EEA, we ensure that appropriate safeguards are in place in accordance with GDPR requirements, including:

• adequacy decisions issued by the European Commission,

• Standard Contractual Clauses (SCCs),

• or other lawful transfer mechanisms.

7. Data Security

We implement appropriate technical, organisational and administrative security measures to protect personal data against:

• unauthorised access,

• disclosure,

• alteration,

• loss,

• misuse or destruction.

Access to personal data is limited to persons who require it for legitimate business purposes.

8. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy, including:

• fulfilling orders,

• complying with legal obligations,

• resolving disputes,

• enforcing agreements.

Certain data may be retained longer where required by accounting, tax or consumer protection laws.

9. Your Rights Under GDPR

You have the following rights regarding your personal data:

Right of access

You may request a copy of the personal data we hold about you.

Right to rectification

You may request correction of inaccurate or incomplete personal data.

Right to erasure

You may request deletion of your personal data where there is no lawful basis for continued processing.

Right to restrict processing

You may request restriction of processing under certain circumstances.

Right to data portability

You may request transfer of your data in a structured, commonly used and machine-readable format.

Right to object

You may object to processing based on legitimate interests or direct marketing.

Right to withdraw consent

Where processing is based on consent, you may withdraw consent at any time.

To exercise your rights, contact us at:
virgostudiocollections@gmail.com

We may request proof of identity before responding to certain requests.

10. Direct Marketing

We may send newsletters or marketing communications if you have provided your consent.

You can unsubscribe at any time by:

• clicking the unsubscribe link in emails, or

• contacting us at virgostudiocollections@gmail.com

We do not send marketing communications without a lawful basis where consent is required.

11. Cookies

Our Website uses cookies and similar technologies to improve functionality, analyse website traffic and enhance user experience.

Cookies may include:

• essential cookies,

• functional cookies,

• analytics cookies,

• marketing cookies.

Where required by law, non-essential cookies are used only with your consent.

You can manage cookie preferences through your browser settings or cookie banner.

For more information about Squarespace cookies:
Squarespace Cookies Information

12. Links to Third-Party Websites

Our Website may contain links to third-party websites. We are not responsible for the privacy practices or content of external websites.

We encourage users to review the privacy policies of any third-party websites they visit.

13. Complaints and Supervisory Authority

If you believe your personal data has been processed unlawfully, please contact us first so we can attempt to resolve the issue.

You also have the right to lodge a complaint with the Estonian Data Protection Inspectorate:

Estonian Data Protection Inspectorate

Email: info@aki.ee