Privacy Policy
1. Introduction and Scope
VIRTUOSOLABS LIMITED ("we") respects the privacy rights of users in the EU and strictly adheres to the General Data Protection Regulation (GDPR) and related EU privacy regulations. This policy applies to all personal data collected within the EU through our website (virtuospro.com), email ([email protected]), and business partnerships.
Even though our operating entities are located outside the EU, since we provide eyewear and sunglasses products and services to users in the EU, this policy also applies to our processing of personal data within the EU, pursuant to Article 3 of the GDPR. Any violation of the GDPR may result in a fine of up to €20 million or 4% of the company's global turnover in the preceding fiscal year, whichever is greater.
2. Data Collection Types and Methods
2.1 Categories of Data Collected
Website Interaction Data: This includes technical data such as IP address, browser type, and access history, as well as personal information such as name and email address submitted through contact forms.
Transaction Data: Data related to product purchases, such as order information, payment details, and shipping addresses.
Partnership Data: Data used for business transactions, such as contact information and company information of business partners.
Technical Data: Data such as website usage preferences collected using cookies and similar technologies.
2.2 Data Collection Methods
User-provided data (e.g., form submissions, order completions)
Automatically collected by the website (e.g., cookies and log files)
Necessary information collected during the course of business cooperation.
3. Legal Basis and Purpose of Data Processing
We process personal data only on the lawful bases permitted by the GDPR:
Performance of Contract: Processing of personal data necessary to fulfill contractual obligations, such as product sales and delivery.
User Consent: Processing of cookies with the user's explicit consent. Data and Marketing Information (Consent may be withdrawn at any time)
Legitimate Interest: Data analysis to improve our products and services, without prejudice to user rights
Legal Obligations: Comply with recordkeeping and reporting obligations required by applicable laws and regulations
Data is primarily used for:
Processing product orders and providing after-sales service
Optimizing website experience and product design
Sending business notifications and marketing information (requires separate consent)
Ensuring transaction security and preventing fraud
4. User Data Rights
Under GDPR, EU users have the following rights:
4.1 Right to Information
Users have the right to be informed of the types of data we collect, the purposes for processing, and the legal basis for such processing, as detailed in this Policy.
4.2 Right of Access
Users may request a copy of the personal data we store about them. Requests can be made to [email protected].
4.3 Right to Correction
Users have the right to request that we correct any inaccurate personal data. 4.4 Right to Erasure (Right to Be Forgotten)
Users have the right to request the erasure of their personal data in the following circumstances:
The data is no longer necessary for the purpose for which it was collected;
The user withdraws previously provided consent and there is no other basis for processing;
The user objects to the processing and there are no overriding legitimate grounds;
The processing is unlawful;
The data must be erased due to legal requirements.
4.5 Right to Restriction of Processing
Under certain conditions, users may request the restriction of the processing of their personal data.
4.6 Right to Data Portability
Users have the right to receive the personal data they have provided in a structured, commonly used format and to transmit it to another data controller.
4.7 Right to Object
Users have the right to object to processing based on our legitimate interests, and we will cease processing unless there are compelling legitimate grounds for objection.
You can exercise these rights by emailing [email protected], and we will respond within one month. If you are dissatisfied with the processing, you have the right to lodge a complaint with a supervisory authority within the EU.
5. Cookie Policy
Our website uses cookies and similar technologies in accordance with the ePrivacy Directive:
5.1 Cookie Types and Purposes
Necessary Cookies: Ensure basic website functionality, such as the shopping cart; no additional consent is required.
Analytical Cookies: Used to measure website visits and user behavior and optimize the website experience.
Marketing Cookies: Used for personalized recommendations and advertising.
5.2 Consent Mechanism
When users visit our website, we will notify them of the use of cookies through a pop-up window, allowing them to provide explicit consent by clicking a confirmation button. Users can manage or disable cookies at any time through their browser settings, but this may affect website functionality.
5.3 Third-Party Cookies
Our website may include social media plug-ins or advertising services. These third parties may set cookies, and their data processing is governed by their privacy policies.
6. Data Storage and Security
6.1 Storage Period
Personal data will be retained only for as long as necessary to fulfill the purposes for which it was collected:
Transaction data will be retained for 7 years after the contract has concluded (for tax recordkeeping purposes).
Marketing data will be deleted immediately upon the withdrawal of consent.
Technical data will be retained for no more than 12 months.
6.2 Security Measures
We implement multi-layered security measures to protect personal data:
Data transmissions are encrypted using SSL technology.
Access control mechanisms limit internal personnel's access to data.
Regular security audits and employee data protection training are provided.
Implementation of a data breach response plan.
7. Cross-border Data Transfers
Because our servers may be located outside the EU, cross-border data transfers are ensured through the following compliance measures:
Entering into EU Commission-approved Standard Contractual Clauses (SCCs) with non-EU data recipients.
For recipients located in EU "adequacy" countries, direct data transfers are conducted.
All cross-border transfers ensure the same level of protection for data subject rights.
8. Third-Party Data Sharing
We share personal data with the following third parties only when necessary:
Payment service providers (processing payment information)
Logistics and delivery companies (fulfilling product delivery)
Legal services (compliance and dispute resolution)
All third parties are required to sign a data processing agreement to ensure compliance with GDPR requirements.
9. Data Breach Notification
In the event of a personal data breach, we will notify the relevant data subjects and EU supervisory authorities within 72 hours of discovery, including the nature of the breach, the affected data, and recommended safeguards.
10. Policy Updates and Contact Information
This policy will be updated as necessary to reflect regulatory changes, and significant changes will be notified to users via website announcements.
For more information or to exercise your data rights, please contact:
Email: [email protected]