VILSONS LAMPAS

Privacy Policy

Last updated: 2026-03-19

[LAWYER REVIEW REQUIRED] This document is a working draft and does not constitute legal advice. Contents must be reviewed by a qualified legal professional before publication.

Data Controller

The data controller responsible for your personal data is the shop operator ("Seller") whose products you are purchasing. The platform is operated by EthoLabs. For data protection inquiries, contact us at privacy@etholabs.eu.

Information We Collect

  • Account & Order Data: name, email address, shipping address, and phone number provided during checkout.
  • Device & Usage Data: IP address, browser type, operating system, pages visited, and referring URLs collected automatically when you browse the site.
  • Payment Data: payment transactions are processed by Stripe. We do not store credit card numbers on our servers. Stripe acts as an independent data controller for payment data.
  • Cookie Data: information collected via cookies and similar technologies. See our Cookie Policy for details.

How We Use Your Data

  • Order fulfillment: processing your order, arranging delivery, and sending order confirmations (legal basis: performance of contract, GDPR Art. 6(1)(b)).
  • Service improvement: analyzing site usage to improve functionality and user experience (legal basis: legitimate interest, GDPR Art. 6(1)(f)).
  • Marketing: sending promotional emails, only with your explicit consent (legal basis: consent, GDPR Art. 6(1)(a)). You may withdraw consent at any time.
  • Legal obligations: retaining order and tax records as required by applicable law (legal basis: legal obligation, GDPR Art. 6(1)(c)).

Data Recipients

We share your data only with service providers necessary to operate the platform:

  • Stripe (payment processing, Ireland/USA)
  • Supabase (database hosting, EU)
  • Resend (transactional email, USA)
  • Vercel (web hosting, EU/USA)
  • Sentry (error monitoring, USA)

Where data is transferred outside the EEA, we rely on Standard Contractual Clauses (SCCs) or adequacy decisions to ensure equivalent data protection.

Data Retention

Order data is retained for 5 years after the last transaction to comply with tax and accounting obligations. Account data is deleted within 30 days of account deletion. Analytics data is anonymized after 26 months.

Your Rights (GDPR)

Under the General Data Protection Regulation, you have the right to:

  • Access your personal data (Art. 15)
  • Rectify inaccurate data (Art. 16)
  • Erase your data ("right to be forgotten", Art. 17)
  • Restrict processing (Art. 18)
  • Data portability (Art. 20)
  • Object to processing (Art. 21)
  • Withdraw consent at any time, without affecting the lawfulness of prior processing

To exercise your rights, contact privacy@etholabs.eu. You also have the right to lodge a complaint with the Latvian Data State Inspectorate (dvi.gov.lv) or your local supervisory authority.

Children

Our services are not directed to individuals under 18. We do not knowingly collect personal data from children.

Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or a prominent notice on the site.