Privacy policy

Vintage Visual OÜ

Effective date: 8 June 2026

Vintage Visual respects your privacy. This policy explains how we collect, use, share, and protect personal data on our websites. It does not cover third-party websites or apps.

Contents

  1. Who we are
  2. Scope
  3. How we collect data
  4. Personal data we process
  5. Purposes and legal bases
  6. Cookies and similar technologies
  7. How we share data
  8. International transfers
  9. Retention
  10. Your rights
  11. Marketing choices
  12. Children
  13. Security
  14. Automated decision-making
  15. Changes to this policy
  16. Contact
  17. Annex A: Key processors
  18. Annex B: Definitions

1. Who We Are

Controller: Vintage Visual OÜ, trading as "Vintage Visual" (registry code 14999266)
Registered address: Vahi, Purila küla, Raplamaa, 79661, Estonia
Email: support@vintagevisual.eu

2. Scope

This policy covers personal data processed through our websites, and related customer support, sales, and marketing. It does not apply to third-party services we do not control.

3. How We Collect Data

  • Directly from you: account registration, checkout, support, forms, email, phone.
  • Automatically: via cookies, pixels, SDKs, and logs when you use our sites.
  • From third parties: payment providers, logistics partners, analytics and advertising partners, anti-fraud tools, and social platforms where you interact with us.

4. Personal Data We Process

  • Identity and contact: name, email, phone, billing and shipping address, company, VAT.
  • Account: login, roles, preferences, communication choices.
  • Order and warranty: products, serial numbers, delivery details, invoices, returns.
  • Payment: payment method, status, and limited details. We do not store full card numbers.
  • Usage and device: IP address, identifiers, device/app info, pages viewed, actions, error logs.
  • Marketing and communications: newsletter status, consent records, campaign interactions.
  • Support: messages, attachments, repair and service notes.

5. Purposes and Legal Bases

We process personal data only when a legal basis applies. Where we rely on legitimate interests, we perform and document a balancing test.

Purpose Examples Data Legal basis
Operate sites Load pages, keep sessions, remember settings Usage, device, necessary cookies Legitimate interests; necessary for service
Create and manage accounts Registration, authentication, preferences Identity, contact, account Contract or steps prior to contract
Process orders and deliver products Cart, checkout, payments, shipping, returns, warranty Identity, contact, order, payment Contract; legal obligation for tax/accounting
Customer support Answer requests, troubleshooting, repairs Identity, contact, support Contract; legitimate interests
Security and fraud prevention Detect abuse, protect accounts, rate-limit Usage, device, logs Legitimate interests; legal obligation where applicable
Analytics and improvement Measure usage, fix bugs, plan capacity Usage, device, analytics cookies/SDKs Consent for non-essential cookies/SDKs; limited aggregated metrics under legitimate interests where permitted
Marketing Newsletters, product updates, offers Identity, contact, marketing interactions Consent (withdraw anytime)
Abandoned cart reminders Up to two reminders about items left in your cart, which may include a limited promotion Identity, contact, cart contents Consent (sent only to marketing subscribers); withdraw anytime via the opt-out in each message
B2B outreach Distribution and sales emails to business contacts Work contact details Legitimate interests with opt-out
Legal compliance Tax, accounting, regulatory requests Order, payment, identity Legal obligation
Business operations Mergers, acquisitions, audits Relevant data as needed Legitimate interests

6. Cookies and Similar Technologies

We use cookies, pixels, and SDKs.

  • Strictly necessary: cart, checkout, security. Always on.
  • Functional: preferences.
  • Analytics: performance and usage. Requires consent.
  • Advertising/remarketing: ads and measurement. Requires consent.

You can set or change choices any time in the Cookie Preferences panel. Browser settings may also limit cookies. Blocking some cookies may reduce functionality.

7. How We Share Data

  • Service providers: hosting, payments, logistics, email delivery, customer support, analytics, advertising, anti-fraud, IT security. Bound by contracts and confidentiality.
  • Business partners: for B2B customers only, we may share business contact details with distributors or resellers where needed to fulfill a wholesale order or warranty claim. We do not share consumer order data with distributors.
  • Authorities: when required by law.
  • Business transfers: if we are involved in a merger, sale, or reorganization, data may transfer under this policy.

8. International Transfers

If data is transferred outside the EEA/UK, we use legal safeguards such as European Commission Standard Contractual Clauses, the UK Addendum, or adequacy decisions, and apply supplementary measures where needed.

9. Retention

We keep data only as long as needed for the stated purposes or legal duties, then delete or anonymize it.

Data category Typical retention
Account data For the life of the account and up to 24 months after last activity, unless you request deletion
Orders, invoices, warranty Warranty term and statutory tax/accounting periods
Customer support records Up to 36 months after case closure, unless needed for legal claims
Marketing consent records While subscribed and 24 months after withdrawal to demonstrate compliance
Analytics data Configured in the analytics tool, typically 14–26 months, or sooner if consent is withdrawn
Security logs 12 months, longer if needed to investigate incidents

10. Your Rights

Subject to law, you can:

  • Access your data
  • Correct inaccurate data
  • Erase data
  • Restrict processing
  • Object to processing based on legitimate interests or to direct marketing
  • Withdraw consent at any time
  • Port your data
  • Lodge a complaint with a supervisory authority

To exercise rights, email support@vintagevisual.eu. We may request verification. We respond within one month. Fees apply only if a request is manifestly unfounded or excessive.

11. Marketing Choices

  • Email marketing: sent only with consent. Unsubscribe using the link in each email or by contacting us.
  • Abandoned cart: if you have consented to marketing, we may send up to two reminders about items left in your cart, and these can include a limited promotion. Each message includes an opt-out.
  • B2B messages: you can object at any time.

12. Children

Our services are not directed to children under 16. We do not knowingly collect their data. If you believe a child provided data, contact us to delete it.

13. Security

We apply technical and organizational measures including encryption in transit, access controls, least-privilege, secure development practices, backups, and vendor due diligence. No system is perfectly secure.

14. Automated Decision-Making

We do not use automated decision-making that produces legal or similarly significant effects without human review.

15. Changes to This Policy

We will update this policy when needed. The effective date at the top of the policy will reflect the latest version. Material changes will be communicated through our website or by email where appropriate.

16. Contact

Data controller: Vintage Visual OÜ (registry code 14999266)
Registered address: Vahi, Purila küla, Raplamaa, 79661, Estonia
Office and correspondence address: Tatari 64-301, 10134 Tallinn, Estonia
Email: support@vintagevisual.eu

You can also complain to your local supervisory authority. In Estonia, this is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon, aki.ee).

Annex A: Key Processors

We use processors to deliver services. They process data only under our instructions and are bound by contracts and confidentiality.

  • Cloud hosting and CDN: infrastructure and content delivery. Region: EU with global CDN. Safeguard: SCCs or adequacy.
  • Payment processor: payments and fraud prevention. Region: EU/US. Safeguard: SCCs.
  • Email delivery and marketing: transactional email and newsletters. Region: EU/US. Safeguard: SCCs.
  • Analytics platform: site analytics. Region: EU/US. Safeguard: SCCs.
  • Logistics and repair partners: shipping, returns, and service. Region: EU.

Annex B: Definitions

Personal data is any information about an identified or identifiable person. Processing is any operation on personal data. Other terms follow Article 4 GDPR.