Privacy Policy
Last Revised: June 24, 2025
1. Who We Are
VlandEu (the "Store") is operated by VlandEu, company code 1389609 ("we", "us", "our").
We are the data controller for personal information collected through vlandeu.com and any related services (collectively, the "Services").
- Contact Information:
Email: [email protected] - Supervisory Authority:
Valstybinė duomenų apsaugos inspekcija (VDAI)
L. Sapiegos g. 17, 10312 Vilnius
Email: [email protected]
2. What Data We Collect & Why
We collect different types of personal data for specific purposes, always with a valid legal basis under GDPR:
- Identity & Contact Information
What we collect: Name, postal address, email address, phone number
Why: To process and deliver your orders, create and manage your account
Legal basis: Contract performance (GDPR Art. 6(1)(b)) - Order & Payment Information
What we collect: Product details, order totals, billing address, last 4 digits of payment card
Why: For invoicing, processing refunds, and maintaining accounting records
Legal basis: Contract performance (GDPR Art. 6(1)(b)) and legal obligation (GDPR Art. 6(1)(c)) - Account Credentials
What we collect: Username and securely hashed passwords
Why: To provide secure login access to your account
Legal basis: Contract performance - Customer Support Communications
What we collect: Email correspondence, chat logs, support tickets
Why: To provide customer care and resolve disputes
Legal basis: Legitimate interest (GDPR Art. 6(1)(f)) - Technical & Usage Data
What we collect: IP address, browser version, device information, pages viewed
Why: To ensure site security and improve user experience through analytics
Legal basis: Legitimate interest (GDPR Art. 6(1)(f)) - Marketing Preferences
What we collect: Newsletter subscription preferences, cookie consent choices
Why: To send promotional offers and personalize advertising
Legal basis: Consent (GDPR Art. 6(1)(a))
Important: We never collect special category ("sensitive") personal data such as health information, political opinions, or religious beliefs.
3. Cookies & Analytics
We use two types of cookies on our website:
- Essential Cookies
Necessary for website functionality, including shopping cart and secure checkout. These are automatically placed and do not require your consent. - Optional Cookies
Used for analytics and advertising, including Google Analytics 4 and Meta Pixel. Optional cookies are only activated after you provide explicit consent through our cookie banner.
For a complete list of cookies we use, please visit: vlandeu.com/cookies
Managing Your Cookie Preferences:
- Withdraw consent at any time by clicking "Cookie Settings" in our website footer
- Clear cookies directly through your browser settings
4. Who Processes Your Data
We work with trusted third-party processors to provide our services:
| Processor | Role | Safeguards |
|---|---|---|
| Stripe Payments Europe Ltd. | Credit card payment processing | Standard Contractual Clauses + PCI-DSS compliance |
| Klaviyo Ltd. (Optional) | Email marketing services | Standard Contractual Clauses |
| Delivery Partners | Order fulfillment and shipping (EU/local couriers) | Local/EU operations |
Limited Disclosure: We only share your data with other parties when you explicitly request it (e.g., PayPal payments), when required by law, or in the event of a business transfer.
5. International Data Transfers
Some of our service providers operate in countries outside the European Economic Area (EEA) that do not have an EU adequacy decision, including:
- Stripe Inc. (United States)
- Standard Contractual Clauses approved by the European Commission
- Additional technical and organizational security measures
6. Data Retention
We retain your personal data only as long as necessary for the purposes outlined in this policy:
| Data Type | Retention Period | Reason |
|---|---|---|
| Orders & Invoices | 10 years | Lithuanian Accounting Act requirement |
| Customer Service | 24 months after last contact | Customer support purposes |
| Marketing Lists | Until unsubscription + 2 years | Marketing compliance |
| Analytics Data | 26 months | Google Analytics 4 default setting |
When retention periods expire or legal bases no longer apply, we will securely delete or anonymize your data.
7. Your Rights
Under GDPR, you have the following rights regarding your personal data:
- Access Right: Request a copy of the personal data we hold about you.
- Rectification Right: Request correction of inaccurate or incomplete personal data.
- Erasure Right: Request deletion of your personal data (subject to legal retention requirements).
- Restriction Right: Request limitation of processing based on legitimate interest.
- Data Portability Right: Request transfer of data you provided to us in a structured, machine-readable format.
- Objection Right: Object to processing based on legitimate interest.
- Consent Withdrawal: Withdraw consent for marketing communications and optional cookies at any time.
- Complaint Right: Lodge a complaint with VDAI if you're unsatisfied with our data handling.
- Email us at: [email protected]
- We will respond within 30 days
- We may need to verify your identity before processing requests
- All requests are processed free of charge
8. Security Measures
We implement appropriate technical and organizational measures to protect your personal data:
- Technical Safeguards
HTTPS encryption for all data transmission
Secure, access-controlled administrative panels
Encryption of data both in transit and at rest - Organizational Safeguards
Limited access to personal data on a need-to-know basis
Regular security training for our team
Incident response procedures
Your Responsibility: Please keep your account password confidential and contact us immediately if you suspect unauthorized access to your account.
Limitation: While we implement robust security measures, no method of data transmission or storage is 100% secure. We cannot guarantee absolute security.
9. Children's Privacy
Our Services are designed for users aged 14 and older. We do not knowingly collect personal data from children under 14 years of age.
If you are a parent or guardian and believe your child under 14 has provided us with personal data, please contact us immediately at [email protected]. We will promptly delete such information from our systems.
10. Policy Updates
We may update this Privacy Policy from time to time to reflect:
- Changes in applicable laws and regulations
- Updates to our services or business practices
- Improvements to our data protection measures
- Major changes will be announced prominently on our homepage
- Significant updates may be communicated via email to registered users
- The "Last Revised" date at the top of this policy indicates the most recent version
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.
Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us:
- Email: [email protected]
We aim to respond to all inquiries within 30 days and are committed to resolving any concerns you may have about your privacy and data protection.