This Privacy Policy explains how Vengialis Ceramics collects, uses, stores, and protects your personal data when you visit our website, purchase a product, sign up for our newsletter, or get in touch with us.
We are committed to protecting your privacy in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation, GDPR) and applicable Lithuanian data protection law.
The data controller responsible for your personal data is:
Paulius Vengialis / Vengialis Ceramics - acting under individual activity agreement no. 1520643
Vilnius, Lithuania
Email: paulius@vengialis-ceramics.com
Website: https://www.vengialis-ceramics.com
If you have any questions or concerns about how your data is handled, you are welcome to contact us at the email address above at any time.
To process and fulfil your purchase of a physical product, we collect the following data through WooCommerce:
| Data | Purpose |
|---|---|
| Full name | Identify the buyer and address shipping documentation |
| Email address | Send order confirmation, shipping updates, and receipts |
| Billing/Shipping address (street, city, postcode, country) | Required for invoicing, shipping of purchased goods and fraud prevention |
| Phone number | Contact you in case of item delivery or issues |
| Payment details | Process your payment — handled exclusively by Stripe; we never see or store card numbers |
Legal basis: Article 6(1)(b) GDPR — processing is necessary for the performance of a contract with you.
Retention: Order records are retained for 10 years to comply with Lithuanian accounting and tax legislation (Lietuvos Respublikos buhalterinės apskaitos įstatymas). After this period, records are securely deleted.
When you send us a message through the contact form on our website, we collect your name, email address, and the content of your message. This information is used solely to respond to your enquiry. Form submissions are stored temporarily in our WordPress database via the Elementor Pro form widget and is sent to paulius@vengialis-ceramics.com email address.
Legal basis: Article 6(1)(f) GDPR — our legitimate interest in responding to communications directed to us.
Retention: Contact form submissions are retained for up to 2 years, or deleted sooner once your enquiry has been fully resolved.
If you opt in to our newsletter, we collect your email address and, optionally, your name. You will receive occasional emails about new ceramic work, glaze explorations, and shop updates. We write infrequently and only when there is something worth sharing.
Newsletters are sent using Hostinger Reach, a service operated by UAB Hostinger International, a company headquartered in Vilnius, Lithuania. Your subscription data is processed within the European Economic Area.
Legal basis: Article 6(1)(a) GDPR — your freely given, specific, and informed consent at the point of subscription.
Retention: Your data is held for as long as you remain subscribed. You may unsubscribe at any time using the link at the bottom of any newsletter email, or by contacting us directly. Upon unsubscribing, your data is removed from our mailing list without undue delay.
Like most websites, ours automatically collects certain technical data when you visit. This includes your IP address (anonymised before storage), browser type and version, device type, pages visited, time spent on each page, and the URL that referred you to us.
This data is collected through Google Analytics (GA4) to help us understand how visitors use our website and improve the user experience. Analytics cookies are only placed on your device after you have given your consent through our cookie banner, powered by WPConsent.
Legal basis: Article 6(1)(a) GDPR — your consent, which you can withdraw at any time.
Retention: Google Analytics retains user-level data for 26 months. You can adjust or withdraw your analytics consent at any time via the cookie settings link in our website footer.
We use cookies — small text files stored on your device — to ensure the website functions correctly and, with your consent, to collect analytics data.
When you first visit our website, you will be shown a cookie consent banner. Strictly necessary cookies are placed automatically as they are essential for the site to operate. All other cookies require your consent before being set.
| Category | Purpose | Consent required? |
|---|---|---|
| Strictly Necessary | Maintain your shopping cart, manage your session, remember your cookie preferences (WPConsent), ensure secure checkout | No — essential for site functionality |
| Analytics | Collect anonymised data about website usage via Google Analytics (GA4) | Yes — only placed after your consent |
You can manage, adjust, or withdraw your cookie consent at any time by clicking the cookie settings link in our website footer.
We do not sell, rent, or trade your personal data. We share it only with the following trusted service providers, each of whom acts as a data processor on our behalf and is bound by appropriate data protection obligations:
| Processor | Role | Location | Privacy Policy |
|---|---|---|---|
| Stripe | Payment processing — card payments, Google Pay, Apple Pay | USA / EU | stripe.com/privacy |
| Google (GA4) | Website analytics | USA | policies.google.com/privacy |
| Hostinger Reach | Newsletter email delivery | EU | hostinger.com/privacy-policy |
| Hostinger | Website and database hosting | EU | hostinger.com/privacy-policy |
When you follow links to our social media pages on Facebook or Instagram, you are navigating to third-party platforms governed by their own privacy policies. We do not share your personal data with Meta unless you interact with those platforms directly.
Hostinger Reach and Hostinger's hosting infrastructure are based within the European Economic Area, so those transfers remain within the EEA and do not require additional safeguards.
For Stripe and Google Analytics, your data may be transferred to the United States. Both companies participate in mechanisms that ensure adequate protection for such transfers. At the time of writing, these transfers are carried out under Standard Contractual Clauses (SCCs) approved by the European Commission pursuant to Article 46(2)(c) GDPR.
You can find details of the transfer mechanisms applied by each provider in their respective privacy policies linked in Section 4 above.
As a data subject in the European Union, you have the following rights, which you may exercise at any time by contacting us at paulius@vengialis-ceramics.com:
1. Right of access (Art. 15) — You may request confirmation of whether we hold personal data about you, and a copy of that data.
2. Right to rectification (Art. 16) — You may ask us to correct inaccurate or complete incomplete personal data.
3. Right to erasure (Art. 17) — You may request deletion of your personal data where it is no longer necessary for the purpose it was collected, or where you withdraw consent. Please note that we may be required to retain certain records by law (e.g. financial records for 10 years).
4. Right to restrict processing (Art. 18) — You may ask us to pause processing your data in certain circumstances, for example while a dispute is being resolved.
5. Right to data portability (Art. 20) — Where processing is based on consent or contract, you may request a copy of your data in a structured, commonly used, machine-readable format.
6. Right to object (Art. 21) — You may object at any time to processing based on our legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.
7. Right to withdraw consent (Art. 7(3)) — Where we rely on your consent (newsletter, analytics cookies), you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing that took place before withdrawal.
We will respond to all requests within 30 days. Where requests are complex, we may extend this period by a further two months, in which case we will notify you within the initial 30-day period and explain the reason for the extension.
We take appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or misuse. Our website uses HTTPS encryption throughout. Payment data is processed exclusively by Stripe, which is certified to PCI DSS Level 1, the highest level of payment security. We do not store payment card details, CVV codes, or full card numbers on our servers at any point.
While we take every reasonable precaution, no transmission of data over the internet can be guaranteed to be completely secure. If you have reason to believe your interaction with us has been compromised, please contact us immediately.
Our website and services are intended for adults. We do not knowingly collect personal data from individuals under the age of 16. If you believe a child has submitted personal data to us, please contact us and we will delete it promptly.
Our website may contain links to external websites, including our social media profiles on Facebook and Instagram. This Privacy Policy applies solely to vengialis-ceramics.com. We are not responsible for the privacy practices of third-party websites and encourage you to read their policies before providing any personal information.
We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable law. The "Last updated" date at the top of this page will always indicate when the most recent revision was made. Where changes are material, we will take reasonable steps to notify you — for example, via a notice on our website or in our newsletter.
If you are not satisfied with how we have handled your personal data and we have been unable to resolve your concern, you have the right to lodge a complaint with the Lithuanian supervisory authority:
State Data Protection Inspectorate
Valstybinė duomenų apsaugos inspekcija (VDAI)
L. Sapiegos g. 17, Vilnius LT-10312, Lithuania
Website: https://vdai.lrv.lt
Email: ada@ada.lt
Phone: +370 5 279 1445
You also have the right to lodge a complaint with the supervisory authority of the EU member state in which you are habitually resident or in which the alleged infringement occurred.
For any questions, requests, or concerns relating to this Privacy Policy or the handling of your personal data, please contact:
Paulius Vengialis / Vengialis Ceramics
Email: paulius@vengialis-ceramics.com
Website: https://vengialis-ceramics.com/contact