Privacy Policy

 

PROCESSING OF PERSONAL DATA

The controller of the personal data of the online shop is Ristiku Stuudio OÜ (registry code 14641174), located at Ristiku 21/1, Tallinn, 10611, Estonia, email contact@virgostudio.eu.

Virgo Ceramics understand your privacy is important and we treat any information you give to us with as much care as possible. This Privacy Policy ("Policy") explains what information we collect, process and store on www.virgostudio.eu ("Website"), how and when it is collected and what we use it for.

We reserve the right to revise or amend this Policy at any time to reflect changes to our business or changes in the law. Where these changes are significant we will endeavour to let you know. However, we recommend that you check this Policy regularly – for ease of reference the top of this Policy indicates the date on which it was last updated.

What personal data is processed

  • The information you provide to us by filling out forms on our website, such as the details you give us when placing an order: name, phone number, email address and delivery address.

  • Cost of goods and services and data related to payments (purchase history).

  • Customer support data.

Your payment information is held securely on our third-party payment providers’ server and cannot be accessed by us. Depending on which method of payment you use, the relevant payment provider will be Stripe or PayPal. Our Website is hosted on Squarespace.com. Squarespace obtains limited information about your payment card from our payment processor, such as the last four digits, the country of issuance and the expiration date. Currently, our payment processor is Stripe. Stripe uses and processes your complete payment information in accordance with Stripe’s privacy policy. See the following link for PayPal’s privacy policy: https://www.paypal.com/uk/ webapps/mpp/ua/privacy-full

All direct payment gateways offered by Squarespace.com payment processor Stripe and used by our company adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.

Why personal data is processed

We gather this information to allow us to provide the services requested. This includes the following purposes:

  • Personal data is used to manage customer’s orders and deliver goods or handle any issues relating to the provision of goods and services (customer support).

  • Purchase history details (date of purchase, goods, quantity, customer’s data) are used for preparing summaries of goods and services purchased and for analysing customer preferences.

  • The bank details are used to reimburse payments to the customer.

  • To keep records for our administration, accounting and tax purposes, and to improve our business.

  • The IP address or other web identifiers of a user of the online shop are processed for the provision of the online shop as an information society service and for web use statistics.

Legal grounds

Personal data is processed for the purpose of performing a contract concluded with the customer.

Personal data is processed for performing legal obligations (such as accounting and the settlement of consumer complaints).

Recipients of personal data

  • Personal data is shared with our service providers (such as our payment providers and delivery companies).

  • The government or our regulators – if we are required to do so by law or to assist with their investigations, and with the police and any lawful authority – if we are required to do so to assist with the investigation and prevention of crime.

  • In order to enforce or apply our website's Terms and Conditions or to protect the rights, property, or safety of our company, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

  • If the accounts of the web shop are kept by a service provider, the personal data are transmitted to the service provider for performing accounting operations.

  • Personal data may be transmitted to IT service providers if this is necessary for ensuring the functionality of the online shop or for data hosting.

Security and access to data

Personal data are stored in the servers of Elion, which are located on the territory of a member state of the European Union or states of the European Economic Area. Data may be transferred to the countries whose data protection levels have been assessed as adequate by the European Commission and to the companies in the USA who have joined the Privacy Shield framework.

Personal data can be accessed by the staff of the online shop in order to settle technical issues related to the use of the online shop and to provide customer support.

The online shop takes appropriate physical, organisational and IT security measures to protect personal data against accidental or unlawful destruction, loss, alteration or unauthorised access and disclosure. Personal data are transmitted to the data processors of the online shop (such as the providers of transport and data hosting services) and processed under contracts concluded between the online shop and the processors. The processors must ensure appropriate safeguards when processing personal data.

Storage

We will hold your personal data only for so long as it is necessary to provide you with the services you have requested or to perform the purpose for which it was originally collected, after which it will be deleted, unless it is necessary for us to continue to process it in order to comply with any legal obligations to which we are subject or for another legitimate and lawful purpose or for the settlement of consumer disputes.

Your rights

Your Right to Access

You may, at any time, request access to the personal data that we hold which relates to you.

Please note that this right generally entitles you to receive a copy of the personal data that we hold about you. It is not a right that allows you to request personal data about other people, or a right to request specific documents from us that do not relate to your personal data.

You can exercise this right at any time by writing to us: contact@virgostudio.eu and telling us that you are making a subject access request. You do not have to fill in a specific form to make this kind of request.

Your Right to Rectification and Erasure

You may, at any time, request that we correct personal data that we hold about you which you believe is incorrect or inaccurate. You may also ask us to erase personal data if you do not believe that we need to continue retaining it.

Please note that we may ask you to verify any new data that you provide to us and may take our own steps to check that the new data you have supplied us with is accurate. Further, we are not always obliged to erase personal data when asked to do so; if for any reason we believe that we have a good reason not to erase your data, we will tell you what that reason is at the time we respond to your request.

You can exercise this right at any time by writing to us: contact@virgostudio.eu and telling us that you are making a request to have your personal data rectified or erased and on what basis you are making that request. If you want us to replace inaccurate data with new data, you should tell us what that new data is. You do not have to fill in a specific form to make this kind of request.

Your Right to Restrict Processing

Where we process your personal data on the basis of a legitimate interest (see the sections of this Policy which explain how and why we use your information) you are entitled to ask us to stop processing it in that way if you feel that our continuing to do so impacts on your fundamental rights and freedoms or if you feel that those legitimate interests are not valid.

You may also ask us to stop processing your personal data: (a) if you dispute the accuracy of that personal data and want us verify that data's accuracy; (b) where it has been established that our use of the data is unlawful but you do not want us to erase it; and (c) where we no longer need to process your personal data (and would otherwise dispose of it) but you wish for us to continue storing it in order to enable you to establish, exercise or defend legal claims.

Please note that if we believe that we have a good reason to continue processing personal data that you ask us to stop processing, we will tell you what that reason is, either at the time we first respond to your request or after we have had the opportunity to consider and investigate it.

Your Right to Portability 

Where you wish to transfer certain personal data that we hold about you, which is processed by automated means, to a third party you may write to us and ask us to provide it to you in a commonly used machine-readable format.

Because of the kind of work that we do and the systems that we use, we do not envisage this right being particularly relevant to the majority of individuals with whom we interact. However, if you wish to transfer your data from us to a third party we are happy to consider such requests.

Exercising your rights

When you write to us making a request to exercise your rights we are entitled to ask you to prove that you are who you say you are. We may ask you to provide copies of relevant ID documents to help us to verify your identity.

It will help us to process your request if you clearly state which right you wish to exercise and, where relevant, why it is that you are exercising it. The clearer and more specific you can be, the faster and more efficiently we can deal with your request. If you do not provide us with sufficient information then we may delay actioning your request until you have provided us with additional information (and where this is the case we will tell you).

Direct marketing messages

Email address and phone number are used for sending direct marketing messages if the customer has given the respective consent. If the customer does not want to receive direct marketing messages, the customer should select the relevant link at the footer of the email or contact customer service.

Where personal data are processed for direct marketing purposes (profiling), the customer has the right to object at any time both to the initial and further processing of his/her personal data, including profiling related to direct marketing by notifying customer support thereof via email: contact@virgostudio.eu (the respective information must be submitted clearly and separately from any other information).

Cookie policy

Just like many other websites, we use cookies to help us gather information about visitors to our website. Cookies are small data files that our server sends to your browser when you visit our website, which further helps us to analyse data about web page traffic and improve our website in order to tailor it to customer needs, likes and dislikes.

What are the cookies used for?

There are two main purposes for which we use cookies on our Website:

  • For technical purposes essential to effective operation of our Website;

  • To enable us to collect information about the browsing activities of visitors, browsers and devices used to access the Website as well as pages visited.

Squarespace uses some necessary cookies because they allow visitors to navigate and use key features on the site. The following cookies are set on our website, read more here.

  • Functional and Required Cookies

  • Analytics and Performance cookies

Links to other websites

Our website may contain links to other public or private entities' websites. Ristiku Stuudio OÜ is not responsible for the privacy practices or the content of those websites. It is recommended that users read the individual privacy policy statements of each website they visit.

Dispute resolution

Disputes concerning the processing of personal data are settled through customer support (contact@virgostudio.eu). The supervisory authority is the Estonian Data Protection Inspectorate (info@aki.ee).