Privacy Policy

PRIVACY POLICY

1) ABOUT THIS POLICY, PERSONAL DATA & WHO CONTROLS IT

1.1 We’re glad you’re visiting our website and appreciate your interest. This Privacy Policy explains how we handle personal data when you browse, shop, or interact with our site. “Personal data” means any information that can identify you directly or indirectly.

1.2 For the purposes of the General Data Protection Regulation (GDPR), the data controller for this website is Victoria Whitmore Atelier (“we”, “us”, “our”). The controller is the person or organization that decides why and how personal data is processed, whether alone or together with others.

1.3 Our website uses SSL/TLS encryption to help protect the transmission of confidential information (for example, orders or messages). You can usually recognize a secure connection by “https://” and a padlock icon in your browser.

1.4 We do not use automated decision-making (including profiling) that produces legal effects or similarly significant impacts on you within the meaning of Article 22 GDPR.

2) DATA WE COLLECT WHEN YOU VISIT OUR WEBSITE

If you visit our site purely to view content (without creating an account, placing an order, or submitting information), we only collect what your browser automatically sends to our server (often called server log data). This may include:

  • Pages or files requested

  • Date and time of your visit

  • Data volume transferred

  • Referring page/source (referrer URL)

  • Browser type and version

  • Operating system

  • IP address (where applicable, processed in a reduced/anonymized form)

We process this information under Article 6(1)(f) GDPR based on our legitimate interests in operating, securing, and improving our website. We do not use this data to identify you personally, but we may review log data if there are concrete signs of misuse or unlawful activity.

3) COOKIES AND SIMILAR TECHNOLOGIES

To make our website easier to use and to enable certain functions, we use cookies and comparable technologies on some pages. Cookies are small text files stored on your device.

3.1 Types of cookies we use

  • Session cookies: removed automatically when you close your browser.

  • Persistent cookies: remain on your device for a defined period so your browser can be recognized on a later visit.

  • Third-party cookies: set by partners we work with (for example, for advertising or analytics).

Depending on the cookie, data processed can include technical identifiers, browser details, approximate location signals, and, in some cases, IP information.

3.2 Why we use cookies
Some cookies are necessary to run core features (like a shopping cart). Others help us:

  • remember your preferences,

  • improve site performance,

  • measure marketing effectiveness,

  • show relevant ads.

If cookies process personal data, we rely on:

  • Article 6(1)(b) GDPR (to perform a contract or provide a requested service), and/or

  • Article 6(1)(f) GDPR (legitimate interest in operating and optimizing our website), and/or

  • Article 6(1)(a) GDPR (consent), where required.

3.3 Cookie choices
When you first visit our website, you’ll see a cookie notice that lets you accept or manage non-essential cookies. You can also control cookies in your browser settings (for example, receiving alerts, allowing them case-by-case, or blocking them entirely). If you disable cookies, parts of the website may not work as intended.

4) CONTACTING US

If you reach out to us (for example, via a contact form or email), we will process the personal data you provide to respond to your message and manage the related administration.

  • Legal basis: our legitimate interest in responding to enquiries (Article 6(1)(f) GDPR).

  • If your message relates to an order or potential order, we may also process data to take steps at your request or perform a contract (Article 6(1)(b) GDPR).

  • We delete contact data once the request is resolved, unless legal retention obligations apply.

5) CUSTOMER ACCOUNTS AND ORDER/CONTRACT PROCESSING

When you create an account or place an order, we process the personal data you enter in order to:

  • set up and manage your account,

  • process and deliver orders,

  • provide customer support,

  • handle returns/refunds where applicable.

Legal basis: Article 6(1)(b) GDPR (contract performance).

You can request deletion of your customer account at any time by contacting us. After account deletion or completion of an order, we store information only as required for legal, tax, or accounting purposes. If you have given explicit consent for additional use, or where permitted by law, we may process data further as described in this policy.

6) USING YOUR DATA FOR DIRECT MARKETING

6.1 Newsletter subscription

If you sign up for our email newsletter, we will send you updates about new arrivals, offers, and brand news. The only required detail is your email address; any additional information is optional and used for personalization.

We use a double opt-in method. This means you will receive a confirmation email and must confirm your subscription via a link before we begin sending newsletters.

  • Legal basis: your consent (Article 6(1)(a) GDPR).

  • We may store sign-up information (such as registration time and IP address) to document consent and protect against misuse.

You can unsubscribe at any time using the link in our emails or by contacting us. After you unsubscribe, we will remove your address from the mailing list unless we are permitted to retain it for another lawful purpose.

6.2 Marketing emails to existing customers

If you provided your email address while purchasing from us, we may send you emails about similar products or offers, where permitted by law.

  • Legal basis: legitimate interest in direct marketing (Article 6(1)(f) GDPR).
    You can object at any time by contacting us, and we will stop using your email for this purpose. You won’t be charged for this beyond basic transmission costs.

7) DATA SHARING FOR SHIPPING AND PAYMENTS

7.1 Shipping and payment processing

To fulfill your order, we may share personal data with service providers such as:

  • shipping and logistics partners (to deliver your items),

  • payment providers and banks (to process transactions),
    but only to the extent necessary.

Legal basis: Article 6(1)(b) GDPR.

7.2 Payment providers

PayPal
If you choose PayPal (including card via PayPal, direct debit, or other PayPal-supported methods), your payment details will be processed by:
PayPal (Europe) S.à r.l. et Cie, S.C.A., 22–24 Boulevard Royal, L-2449 Luxembourg.
Processing is required to complete payment (Article 6(1)(b) GDPR).

PayPal may perform risk or credit checks for certain payment methods. This may be based on PayPal’s legitimate interests (Article 6(1)(f) GDPR). For more information, please refer to PayPal’s privacy documentation on their website.

You can object to PayPal’s processing; however, PayPal may still need to process data to complete a transaction.

SOFORT (Klarna Group)
If you select SOFORT, payment processing is handled by:
SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany (part of Klarna Bank AB, Sveavägen 46, 11134 Stockholm, Sweden).
Order and transaction information is shared as required for payment completion (Article 6(1)(b) GDPR). For more details, see SOFORT/Klarna’s privacy information on their websites.

8) REVIEW REMINDERS (ONE-TIME EMAIL)

If you give explicit permission during or after checkout, we may use your email address to send a single reminder asking you to review your purchase.

  • Legal basis: consent (Article 6(1)(a) GDPR).
    You may withdraw your consent at any time by contacting us.

9) SOCIAL MEDIA FEATURES (SOCIAL PLUGINS)

We may use social media buttons or embedded elements from platforms such as Facebook, Instagram, or similar networks.

To reduce unnecessary data sharing, these elements may be implemented as simple links or privacy-friendly integrations rather than loading full plugins automatically. If you click a social button, your browser may open a new window and connect directly to the relevant platform.

The social networks process data under their own responsibility. For information about how they use your data and how to manage your privacy settings, please refer to the privacy policies of the relevant providers.

10) ONLINE ADVERTISING AND MEASUREMENT

We may use marketing and measurement tools to understand performance and show relevant advertising. These tools may use cookies or similar identifiers.

Examples can include:

  • ad delivery and frequency control,

  • conversion measurement,

  • remarketing/retargeting,

  • analytics to understand how the website is used.

Where required, we will ask for your consent before enabling non-essential marketing or analytics tools (Article 6(1)(a) GDPR). Otherwise, we rely on legitimate interests in marketing and optimizing our services (Article 6(1)(f) GDPR) where legally permitted.

You can manage cookie preferences via our cookie banner and can also adjust browser settings at any time.

11) YOUR RIGHTS UNDER THE GDPR

Depending on your circumstances, you may have the following rights:

  • Access (Article 15): request information about the personal data we process about you.

  • Rectification (Article 16): correct inaccurate or incomplete data.

  • Erasure (Article 17): request deletion where legal conditions are met.

  • Restriction (Article 18): request limited processing in specific situations.

  • Notification (Article 19): be informed about recipients where relevant.

  • Data portability (Article 20): receive certain data in a usable format or request transfer.

  • Withdraw consent (Article 7(3)): withdraw consent at any time (future effect).

  • Complain (Article 77): lodge a complaint with a supervisory authority.

11.2 Right to object

If we process your personal data based on legitimate interests (Article 6(1)(f) GDPR), you can object at any time for reasons related to your particular situation. If your objection relates to direct marketing, you can object at any time and we will stop using your data for that purpose.

12) HOW LONG WE KEEP PERSONAL DATA

We keep personal data only for as long as necessary for the purposes described in this policy, and in line with applicable legal retention rules (including tax and accounting obligations). Once retention periods end, data is deleted or anonymized unless we are legally required or permitted to keep it longer.

13) CONTACT

If you have questions about this Privacy Policy or want to exercise your rights, contact us at:

Victoria Whitmore Atelier
Email: info@victoriawhitmoreatelier.com