Privacy policy
Last updated: February 17, 2026
ISLAYA.ECO (the “Store”) is operated by Gabrielius Zauragas (“we”, “us”, “our”).
For the purposes of the EU General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) and other applicable European data protection laws, Gabrielius Zauragas is the data controller of your personal data.
This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you visit or make a purchase from the Store or otherwise interact with us (the “Services”).
1. DATA CONTROLLER INFORMATION
Data Controller: Gabrielius Zauragas
Contact Email: info@islaya.eco
If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us at the email above.
2. PERSONAL DATA WE COLLECT
We collect personal data necessary to operate the Store and fulfill orders.
2.1 Information You Provide Directly
When you place an order, create an account, or contact us, we may collect:
- Full name
- Billing address
- Shipping address
- Email address
- Phone number
- Order details
- Account login credentials (if applicable)
- Customer support messages
2.2 Payment Information
Payments are processed securely via Shopify and its integrated payment providers. We do not store full payment card numbers.
Payment providers may collect:
- Payment card details
- Transaction identifiers
- Payment confirmation data
2.3 Automatically Collected Information
When you visit the Store, we may automatically collect:
- IP address
- Browser type and version
- Device information
- Pages viewed
- Time spent on pages
- Referring URLs
- Interaction data
- Cookies and similar technologies
3. HOSTING
Our Store is hosted by Shopify Inc., which provides the online e-commerce platform.
Shopify processes personal data on our behalf as a data processor and may also process certain data for its own legitimate purposes, such as platform security, fraud detection, and service improvements.
You can read Shopify’s Privacy Policy here:
https://privacy.shopify.com
4. LEGAL BASES FOR PROCESSING (GDPR)
Under GDPR, we rely on the following legal bases:
4.1 Performance of a Contract
We process your personal data to:
- Fulfill orders
- Deliver products
- Process payments
- Manage returns and refunds
- Provide customer support
4.2 Legal Obligations
We may retain and process data to:
- Comply with tax and accounting laws
- Respond to lawful authority requests
- Maintain transaction records
4.3 Legitimate Interests
We may process data to:
- Improve the Store
- Prevent fraud and abuse
- Secure our systems
- Analyze performance
- Respond to customer inquiries
We ensure such processing does not override your fundamental rights.
4.4 Consent
Where required by law, we rely on consent for:
- Marketing emails
- Non-essential cookies
- Targeted advertising technologies
You may withdraw consent at any time.
5. HOW WE USE YOUR DATA
We use your personal data to:
- Process and ship orders
- Communicate about orders
- Provide customer service
- Improve our Store
- Prevent fraud
- Comply with legal requirements
- Send marketing communications (if you opt in)
6. COOKIES AND TRACKING TECHNOLOGIES
We use cookies and similar technologies to:
- Enable essential website functions
- Store cart information
- Analyze website usage
- Improve performance
- Support marketing (where applicable)
For visitors in the EU:
Non-essential cookies are only placed after your consent.
You may withdraw your consent at any time via our cookie settings tool.
7. DATA SHARING
We may share personal data with:
7.1 Service Providers
Including:
- Shopify (hosting platform)
- Payment processors
- Shipping carriers
- IT and security providers
- Analytics providers
All service providers process data under contractual safeguards.
7.2 Legal Authorities
If required by law or to protect rights and safety.
We do not sell personal data.
8. INTERNATIONAL TRANSFERS
Some service providers (including Shopify) may process personal data outside the European Economic Area (EEA).
Where personal data is transferred internationally, appropriate safeguards are applied, including:
- Standard Contractual Clauses approved by the European Commission
- Adequacy decisions
- Other legally recognized mechanisms
9. DATA RETENTION
We retain personal data only as long as necessary.
Typical retention periods:
- Order and accounting data: up to 7–10 years (tax compliance)
- Customer inquiries: up to 3 years
- Marketing data: until you withdraw consent
- Account data: until account deletion or 3 years of inactivity
After this period, data is securely deleted or anonymized.
10. YOUR RIGHTS UNDER GDPR
If you reside in the EU or EEA, you have the right to:
- Access your personal data
- Correct inaccurate data
- Request erasure (“right to be forgotten”)
- Restrict processing
- Object to processing
- Data portability
- Withdraw consent at any time
- Lodge a complaint with your local data protection authority
To exercise your rights, contact:
info@islaya.eco
We may request identity verification before fulfilling your request.
11. DATA SECURITY
We implement appropriate technical and organizational measures to protect personal data, including:
- Secure hosting via Shopify
- Encrypted payment processing
- Restricted administrative access
- Security monitoring
However, no online system is completely secure.
12. CHILDREN
The Store is not intended for individuals under 16 years of age.
We do not knowingly collect personal data from children.
13. CHANGES TO THIS POLICY
We may update this Privacy Policy from time to time.
The “Last updated” date will reflect the latest revision.
14. CONTACT
For privacy-related inquiries:
Email: info@islaya.eco
