Privacy policy
Effective date: 03.10.2025 Vintage Visual respects your privacy. This policy explains how we collect, use, share, and protect personal data on our websites. It does not cover third-party websites or apps.
Contents
- Who we are
- Scope
- How we collect data
- Personal data we process
- Purposes and legal bases
- Cookies and similar technologies
- How we share data
- International transfers
- Retention
- Your rights
- Marketing choices
- Children
- Security
- Automated decision-making
- Changes to this policy
- Contact
- Annex A: Key processors
- Annex B: Definitions
Who we are
Controller: Vintage Visual OÜ, trading as “Vintage Visual” Registered address: Vahi, Purila küla, Raplamaa, ESTONIA 79661 Email: info@vintagevisual.eu
Scope
This policy covers personal data processed through our websites, and related customer support, sales, and marketing. It does not apply to third-party services we do not control.
How we collect data
- Directly from you: account registration, checkout, support, forms, email, phone.
- Automatically: via cookies, pixels, SDKs, and logs when you use our sites.
- From third parties: payment providers, logistics partners, analytics and advertising partners, anti-fraud tools, and social platforms where you interact with us.
Personal data we process
- Identity and contact: name, email, phone, billing and shipping address, company, VAT.
- Account: login, roles, preferences, communication choices.
- Order and warranty: products, serial numbers, delivery details, invoices, returns.
- Payment: payment method, status, and limited details. We do not store full card numbers.
- Usage and device: IP address, identifiers, device/app info, pages viewed, actions, error logs.
- Marketing and communications: newsletter status, consent records, campaign interactions.
- Support: messages, attachments, repair and service notes.
Purposes and legal bases
We process personal data only when a legal basis applies. Where we rely on legitimate interests, we perform and document a balancing test.
| Purpose | Examples | Data | Legal basis |
|---|---|---|---|
| Operate sites | Load pages, keep sessions, remember settings | Usage, device, necessary cookies | Legitimate interests; necessary for service |
| Create and manage accounts | Registration, authentication, preferences | Identity, contact, account | Contract or steps prior to contract |
| Process orders and deliver products | Cart, checkout, payments, shipping, returns, warranty | Identity, contact, order, payment | Contract; legal obligation for tax/accounting |
| Customer support | Answer requests, troubleshooting, repairs | Identity, contact, support | Contract; legitimate interests |
| Security and fraud prevention | Detect abuse, protect accounts, rate-limit | Usage, device, logs | Legitimate interests; legal obligation where applicable |
| Analytics and improvement | Measure usage, fix bugs, plan capacity | Usage, device, analytics cookies/SDKs | Consent for non-essential cookies/SDKs; limited aggregated metrics under legitimate interests where permitted |
| Marketing | Newsletters, product updates, offers | Identity, contact, marketing interactions | Consent (withdraw anytime) |
| Abandoned cart reminders | Single reminder limited to pending order | Identity, contact, cart contents | Legitimate interests with easy opt-out; if broader promotions are included, we rely on consent |
| B2B outreach | Distribution and sales emails to business contacts | Work contact details | Legitimate interests with opt-out |
| Legal compliance | Tax, accounting, regulatory requests | Order, payment, identity | Legal obligation |
| Business operations | Mergers, acquisitions, audits | Relevant data as needed | Legitimate interests |
Cookies and similar technologies
We use cookies, pixels, and SDKs.
- Strictly necessary: cart, checkout, security. Always on.
- Functional: preferences.
- Analytics: performance and usage. Requires consent.
- Advertising/remarketing: ads and measurement. Requires consent.
You can set or change choices any time in the Cookie Preferences panel. Browser settings may also limit cookies. Blocking some cookies may reduce functionality.
How we share data
- Service providers: hosting, payments, logistics, email delivery, customer support, analytics, advertising, anti-fraud, IT security. Bound by contracts and confidentiality.
- Business partners: distributors and resellers to fulfill purchases or warranty.
- Authorities: when required by law.
- Business transfers: if we are involved in a merger, sale, or reorganization, data may transfer under this policy.
International transfers
If data is transferred outside the EEA/UK, we use legal safeguards such as European Commission Standard Contractual Clauses, the UK Addendum, or adequacy decisions, and apply supplementary measures where needed.
Retention
We keep data only as long as needed for the stated purposes or legal duties, then delete or anonymize it.
| Data category | Typical retention |
|---|---|
| Account data | For the life of the account and up to 24 months after last activity, unless you request deletion |
| Orders, invoices, warranty | Warranty term and statutory tax/accounting periods |
| Customer support records | Up to 36 months after case closure, unless needed for legal claims |
| Marketing consent records | While subscribed and 24 months after withdrawal to demonstrate compliance |
| Analytics data | Configured in the analytics tool, typically 14–26 months, or sooner if consent is withdrawn |
| Security logs | 12 months, longer if needed to investigate incidents |
Your rights
Subject to law, you can:
- Access your data
- Correct inaccurate data
- Erase data
- Restrict processing
- Object to processing based on legitimate interests or to direct marketing
- Withdraw consent at any time
- Port your data
- Lodge a complaint with a supervisory authority
To exercise rights, email support@vintagevisual.eu. We may request verification. We respond within one month. Fees apply only if a request is manifestly unfounded or excessive.
Marketing choices
- Email marketing: sent only with consent. Unsubscribe using the link in each email or by contacting us.
- Abandoned cart: we may send a single reminder limited to your pending order under legitimate interests. Each message includes an opt-out. If we include broader promotions, we rely on consent.
- B2B messages: you can object at any time.
Children
Our services are not directed to children under 16. We do not knowingly collect their data. If you believe a child provided data, contact us to delete it.
Security
We apply technical and organizational measures including encryption in transit, access controls, least-privilege, secure development practices, backups, and vendor due diligence. No system is perfectly secure.
Automated decision-making
We do not use automated decision-making that produces legal or similarly significant effects without human review.
Changes to this policy
We will update this policy when needed.
Contact
Data controller: Vintage Visual OÜ Email: support@vintagevisual.eu Postal address: Tatari 64-301, Tallinn 10134, Estonia You can also complain to your local supervisory authority. If our main establishment is in Estonia, the authority is the Estonian Data Protection Inspectorate.
Annex A: Key processors
We use processors to deliver services. They process data only under our instructions and are bound by contracts and confidentiality.
- Cloud hosting and CDN: infrastructure and content delivery. Region: EU with global CDN. Safeguard: SCCs or adequacy.
- Payment processor: payments and fraud prevention. Region: EU/US. Safeguard: SCCs.
- Email delivery and marketing: transactional email and newsletters. Region: EU/US. Safeguard: SCCs.
- Analytics platform: site analytics. Region: EU/US. Safeguard: SCCs.
- Logistics and repair partners: shipping, returns, and service. Region: EU.
Annex B: Definitions
Personal data is any information about an identified or identifiable person. Processing is any operation on personal data. Other terms follow Article 4 GDPR.