Privacy & Cookies

1. Overview

MLVaccaroStudio we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our webshop.

Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our Website. By accessing and using our Website, you acknowledge that you have read, understood, and agree to be bound by all the provisions of this Privacy Policy.

This Privacy Policy is compliant with the General Data Protection Regulation (GDPR), the Danish Data Protection Act, and other applicable EU data protection laws.

2. Information We Collect

2.1 Information You Provide Directly

During Account Creation (if applicable):

Full name
Email address
Phone number
Password (encrypted)

During Purchase:

Billing address
Shipping address
Payment method information (processed securely; we do not store full credit card details)
Order history and preferences

Through Customer Communications:

Emails and messages sent to us
Customer service inquiries
Feedback, reviews, and testimonials
Support tickets

Through Forms:

Newsletter signup forms
Contact forms
Feedback or complaint forms

2.2 Information Collected Automatically

Browser and Device Information:

IP address
Browser type and version
Operating system
Device type (mobile, desktop, tablet)
Pages visited and time spent on pages
Referring website

Cookies and Tracking:

Essential cookies (required for website functionality)
Analytics cookies (to understand how you use our Website)
Marketing cookies (if you consent)

See Section 7 (Cookies) for more details.

2.3 Information from Third Parties

Payment Processors:

We receive confirmation of successful transactions from our payment provider

Gelato (Our Manufacturer):

Delivery confirmation and tracking information

Analytics Services:

Aggregated usage data from analytics tools

3. Legal Basis for Processing Your Data

We process your personal data based on one of the following legal bases:

Contract Performance: Processing data necessary to fulfill your order and deliver your products (shipping address, payment information).

Legal Obligation: Processing data required by law (invoicing, VAT records, fraud prevention).

Consent: Processing data based on your explicit consent (marketing emails, non-essential cookies).

Legitimate Interests: Processing data where we have a legitimate business interest that is not overridden by your rights (analytics, fraud detection, customer service improvement).

You have the right to withdraw consent at any time by contacting us at mlvaccarostudio@gmail.com.

4. How We Use Your Information

Order Processing & Delivery

Fulfilling your purchase orders
Sending order confirmations and shipping updates
Managing returns and refunds
Providing customer service support

Communication

Responding to your inquiries
Sending order-related emails
Providing customer support
Processing complaints and feedback

Analytics & Improvement

Understanding how you use our Website
Improving Website functionality and user experience
Testing new features
Analyzing purchasing patterns (anonymized)

Legal & Security

Complying with legal obligations
Detecting and preventing fraud
Protecting against abuse
Maintaining Website security

Marketing (With Consent Only)

Sending newsletters (only if you opt-in)
Informing about product updates and promotions
Conducting surveys (only if you consent)

You can opt out of marketing communications at any time by clicking the "unsubscribe" link in any email or contacting us.

5. Who We Share Your Data With

Essential Sharing

Gelato (Manufacturing & Shipping Partner):

We share your name, address, and order specifications with Gelato to manufacture and ship your products
This is essential to fulfill your order
Gelato is a Data Processor under GDPR and is contractually obligated to protect your data

Payment Processors:

We share payment information with secure payment providers
These providers do not store full credit card details
All payment processing is encrypted

Legal Requirements

Law enforcement (if legally required)
Government agencies (if legally required)
Court orders or legal proceedings

We Do NOT Share Your Data For:

Marketing purposes (we do not sell your data)
Third-party advertising
Commercial purposes
Any purpose other than those outlined above

6. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes for which it was collected:

Order Data: Retained for 5 years (legal requirement for invoicing and tax purposes)

Account Information: Retained while your account is active; you may request deletion upon account closure

Marketing Preferences: Retained until you unsubscribe

Cookies: Varies by type (see Section 7)

Customer Communications: Retained for 2 years for customer service purposes

Payment Information: Processed and immediately encrypted; not retained on our servers

Upon request, we will delete your data, except where we are legally required to retain it.

7. Cookies

What Are Cookies?

Cookies are small text files stored on your device that help us recognize you and enhance your browsing experience.

Types of Cookies We Use

Essential Cookies:

Required for Website functionality (login, shopping cart, checkout)
Cannot be disabled without breaking core functionality
No consent required

Analytics Cookies:

Help us understand how you use our Website
Used for improvement purposes only
Opt-in consent required

Marketing Cookies:

Used to display targeted advertisements
Opt-in consent required

Cookie Management

You can control cookies through your browser settings:

Most browsers allow you to refuse cookies
You can delete cookies from your device
Please note: disabling essential cookies may limit Website functionality

Important: We will only deploy non-essential cookies after you have given explicit consent through our cookie banner.

8. Your Data Protection Rights

Under GDPR and Danish Data Protection Act, you have the following rights:

Right to Access

You can request a copy of the personal data we hold about you
We will provide this within 30 days
Email: mlvaccarostudio@gmail.com with subject "Access to Personal Data"

Right to Rectification

You can request that we correct inaccurate data
You can update your account information directly through your account settings

Right to Erasure ("Right to be Forgotten")

You can request deletion of your data in certain circumstances
We may retain data if required by law (invoicing, tax records)
Email: mlvaccarostudio@gmail.com with subject "Request Erasure of Personal Data"

Right to Restrict Processing

You can request that we limit how we use your data
Useful if you dispute accuracy or object to processing

Right to Data Portability

You can request your data in a structured, portable format
Useful if you want to transfer your data to another service

Right to Object

You can object to processing based on legitimate interests
You can opt out of marketing communications at any time
Unsubscribe link available in all marketing emails

Right to Lodge a Complaint

If you believe we have violated your data protection rights, you can file a complaint with the Danish Data Protection Authority (Datatilsynet)
Website: https://www.datatilsynet.dk/
Phone: +45 3319 3200

9. Data Security

Security Measures

All data transmissions are encrypted using SSL/TLS technology (HTTPS)
Payment information is processed through secure, PCI-compliant payment gateways
We do not store full credit card details on our servers
Access to customer data is restricted to authorized personnel only
Regular security audits and updates

Data Breaches

In the unlikely event of a data breach, we will:

Notify affected individuals within 72 hours (as required by GDPR)
Inform relevant authorities (Datatilsynet)
Take immediate action to secure the data

While we implement comprehensive security measures, no method of transmission over the internet is 100% secure. We encourage you to use strong passwords and keep your account information private.

10. International Data Transfers

Our Website is hosted and operated within the European Union. However, some third-party services (e.g., payment processors, analytics) may process data internationally.

For transfers outside the EU, we ensure:

Standard Contractual Clauses are in place
Adequacy decisions are established
Your data is protected to the same standard as EU law

11. Children's Privacy

Our Website is not intended for children under 13. We do not knowingly collect personal data from children under 13. If we become aware that a child under 13 has provided us with data, we will delete it immediately and notify the parent or guardian.

12. Third-Party Links

Our Website may contain links to third-party websites. We are not responsible for the privacy practices of external websites. We encourage you to review the privacy policies of any external sites before providing your information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the updated policy on our Website with an updated "Last Modified" date.

Your continued use of the Website after changes constitutes acceptance of the updated Privacy Policy.

14. Contact Us

If you have questions about this Privacy Policy, wish to exercise your data protection rights, or have privacy concerns:

Email: mlvaccarostudio@gmail.com
Response Time: Within 7 business days

Mailing Address:
MLVaccaroStudio
Copenhagen, Denmark

For data protection inquiries specifically:

Subject Line: "Data Protection Request"
Include: Your name, order number (if applicable), and specific request

15. Data Protection Officer

While we are not required to appoint a formal Data Protection Officer (DPO), we treat data protection with the utmost seriousness. All data protection inquiries are handled with priority and urgency.

Last updated: March 2026
Compliant with GDPR (EU 2016/679), Danish Data Protection Act, and Danish Cookie Law (Cookiebekendtgørelsen)