Privacy Policy

1. Data controller

The data controller responsible for personal data processed through this website is ShinyVerse I.K.E., trading as ShinyVerse.

2. Scope of this Policy

This Policy applies to personal data processed when you use our website, create or manage an account, place an order, purchase products, participate in live shop activity, contact support, subscribe to communications, or otherwise interact with ShinyVerse.

This Policy does not apply to third-party websites, platforms, payment pages, social media services, shipping portals or external services that we do not control. Those services may have their own privacy policies.

3. Personal data we collect

Depending on how you use the website, we may collect the following categories of data:

• Account data: username, name, email address, password hash, account settings, login history and profile information.
• Order data: products purchased, order number, order value, VAT/tax information, payment status, shipping method, fulfilment status and order history.
• Contact and shipping data: full name, email address, telephone number, shipping address, billing details where applicable and delivery instructions.
• Payment-related data: payment confirmation, payment provider reference, transaction status and fraud-screening indicators. We do not store full credit or debit card numbers.
• Support data: emails, contact form messages, order enquiries, return requests, dispute information and customer service communications.
• Live shop data: live purchase queue information, buyer display label, purchased live products, order status and fulfilment information.
• Technical data: IP address, browser type, device information, operating system, pages visited, timestamps, cookies, session identifiers, security logs and error logs.
• Marketing data: communication preferences, consent status, newsletter subscription status and campaign interaction data where applicable.
• Legal and compliance data: tax records, invoices, accounting records, fraud prevention information, chargeback documentation and legal correspondence.

4. Data you provide and data collected automatically

Some data is provided directly by you, for example when you create an account, enter an address, place an order or contact us. Other data is collected automatically when you use the website, such as device information, cookies, logs and security-related information.

We may also receive limited information from third parties involved in providing our services, such as payment processors, shipping carriers, fraud-prevention providers, hosting providers or analytics tools.

5. Purposes of processing

We process personal data for the following purposes:

• To operate the website and provide our services.
• To create and manage customer accounts.
• To process orders, payments, refunds, returns and customer support requests.
• To calculate shipping, arrange delivery and provide tracking or fulfilment updates.
• To manage preorders, live shop purchases and stock availability.
• To issue receipts, invoices and accounting records.
• To prevent fraud, abuse, chargeback misuse, unauthorised access and security incidents.
• To communicate with you about your account, orders, support requests and service updates.
• To improve website performance, user experience, product presentation and operational reliability.
• To comply with legal, tax, accounting, regulatory and consumer protection obligations.
• To send marketing communications where we have a valid legal basis, such as your consent where required.

6. Legal bases for processing

We rely on one or more of the following legal bases under the GDPR:

• Contract: when processing is necessary to provide products, accounts, checkout, shipping, support or other services you request.
• Legal obligation: when processing is required for tax, accounting, invoicing, consumer protection, law enforcement or regulatory compliance.
• Legitimate interests: for fraud prevention, website security, business administration, service improvement, dispute handling and protection of our rights, provided your rights do not override those interests.
• Consent: for optional marketing communications, non-essential cookies or other processing where consent is legally required.
• Legal claims: where processing is necessary to establish, exercise or defend legal claims.

7. Payment processing

Payments are processed by third-party payment providers such as Stripe, PayPal or other providers available at checkout. Payment providers process payment information according to their own legal obligations and privacy policies.

We receive payment confirmations, transaction identifiers, payment status, limited billing information and fraud-screening signals where necessary. We do not store full card numbers, card security codes or full payment credentials on our servers.

8. Shipping and fulfilment

To fulfil your order, we may share necessary delivery information with shipping carriers, postal operators, logistics providers, customs brokers or fulfilment partners. This may include your name, delivery address, telephone number, email address, order reference and shipment details.

For international shipments, data may be processed for customs, import/export, tax or regulatory purposes.

9. Cookies and similar technologies

We use cookies and similar technologies to operate the website, maintain sessions, secure accounts, remember preferences, enable checkout, understand website performance and improve user experience.

• Essential cookies: required for login, cart, checkout, CSRF protection, security and website functionality.
• Preference cookies: used to remember choices such as display currency or interface preferences where applicable.
• Analytics cookies: used to understand website usage and improve performance, where implemented and where legally permitted.
• Marketing cookies: used only where implemented and where we have the required consent.

You can control cookies through your browser settings. Blocking essential cookies may prevent parts of the website, including cart or checkout, from working properly.

10. Who we share data with

We do not sell your personal data. We may share personal data with:

• Payment processors and fraud-prevention providers.
• Shipping carriers, postal operators, logistics providers and customs partners.
• Hosting providers, cloud infrastructure providers and technical service providers.
• Email, communication, customer support and notification service providers.
• Analytics, performance and security providers where applicable.
• Accountants, auditors, legal advisers, tax consultants and insurance providers.
• Public authorities, courts, regulators, tax authorities or law enforcement where legally required or necessary to protect our rights.
• Business successors if we undergo a merger, restructuring, sale of assets, financing, acquisition or similar business transaction, subject to applicable law.

11. International data transfers

Some service providers may process data outside the European Economic Area. Where personal data is transferred internationally, we rely on appropriate safeguards where required, such as adequacy decisions, Standard Contractual Clauses, contractual protections, or other mechanisms recognised under applicable data protection law.

12. Data retention

We keep personal data only for as long as necessary for the purposes described in this Policy, unless a longer retention period is required or permitted by law.

• Order, invoice and accounting records: retained for the period required by tax and accounting law, commonly up to 7 years or longer where required.
• Account data: retained while your account remains active and for a reasonable period afterwards for security, legal and operational purposes.
• Support communications: retained as needed to handle enquiries, disputes, warranty issues, fraud prevention and legal claims.
• Marketing data: retained until you unsubscribe, withdraw consent, or the data is no longer needed.
• Security logs: retained for a limited period unless needed for investigation, fraud prevention or legal claims.

13. Security

We use technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, alteration or disclosure. These measures may include HTTPS, access controls, password hashing, limited administrative access, security monitoring, backups and provider-level infrastructure protections.

No website or transmission method is completely secure. You are responsible for keeping your login credentials confidential and for using secure devices and networks when accessing your account.

14. Your GDPR rights

Subject to applicable law and any relevant limitations, you may have the following rights:

• The right to be informed about how your data is used.
• The right of access to your personal data.
• The right to rectification of inaccurate or incomplete data.
• The right to erasure in certain circumstances.
• The right to restriction of processing in certain circumstances.
• The right to data portability where applicable.
• The right to object to processing based on legitimate interests or direct marketing.
• The right to withdraw consent at any time where processing is based on consent.
• The right not to be subject to certain solely automated decisions with legal or similarly significant effects, where applicable.

To exercise your rights, contact us at info@shinyverse.eu. We may need to verify your identity before responding. We will respond within the timeframe required by applicable data protection law.

15. Marketing communications

We may send marketing communications where we have a valid legal basis, such as consent where required. You can unsubscribe from marketing emails using the unsubscribe link where provided or by contacting us.

Even if you opt out of marketing, we may still send non-marketing communications relating to your account, orders, payments, shipping, legal notices or service updates.

16. Children and minors

Our website is not intended for children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe that a child has provided us with personal data, contact us and we will take appropriate steps to delete it where required.

17. Data breach response

If a personal data breach occurs, we will assess the incident and, where legally required, notify the competent supervisory authority and affected individuals within the required timeframe.

18. Third-party links and services

Our website may link to third-party websites, social media pages, payment providers, shipping tracking pages or external services. We are not responsible for the privacy practices, content or security of third-party services. You should review their privacy policies before using them.

19. Complaints and supervisory authority

If you have a privacy concern, please contact us first at info@shinyverse.eu so that we can try to resolve it. You also have the right to lodge a complaint with a competent data protection authority.

In Greece, the competent authority is the Hellenic Data Protection Authority.

20. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our operations, legal requirements, service providers or website functionality. The updated version will be posted on this page with a revised “Last updated” date.

21. Contact

For questions, requests or complaints about this Privacy Policy or our processing of personal data, contact:

ShinyVerse I.K.E.
Agathoupoleos 8, 11257, Athens, Greece
Email: info@shinyverse.eu