Privacy policy
1. Data controller & contact
Data controller: VERALYA LTD (trading as stimuloo)
Address: Suite A, 82 James Carter Road, Mildenhall, United Kingdom, IP28 7DE
Email: contact@stimuloo.com
Store number: 00447848109569
2. Scope & purpose of this policy
This policy describes how VERALYA LTD collects, uses, discloses and protects personal data in relation to the stimuloo website and services. It covers customers worldwide, with particular references to GDPR (EU), UK data protection law, and general US compliance principles.
3. Categories of personal data collected
We collect the following categories of personal data:
| Data category | Examples |
|---|---|
| Identity & Contact | Name, billing & shipping address, email, phone |
| Account data | Username, password (hashed), order history |
| Payment data | Payment card details (handled by payment processors; tokenised) |
| Transaction data | Order details, invoices |
| Technical data | IP address, device identifiers, browser, cookies |
| Usage data | Pages visited, clickstream, marketing interactions |
| Marketing preferences | Consent, subscription status |
| Sensitive data (rare) | Age for age-restricted items — only when necessary and with safeguards |
4. Purposes, legal bases & retention
We process personal data for the following purposes:
-
Order processing & contract performance: process and deliver orders, payment processing, invoicing. (Legal basis: performance of contract). Retention: transaction records retained for 6 years for tax/compliance, order details retained for customer service until account deletion or longer if required by law.
-
Customer service & communications: respond to queries, process returns. (Legal basis: contract performance / legitimate interest). Retention: until issue resolved + statutory limitation periods.
-
Marketing: send promotional materials where consent given or where legitimate interest applies; opt-out available. (Legal basis: consent / legitimate interest). Retention: until consent withdrawn or unsubscribe.
-
Analytics & site improvement: usage statistics, performance. (Legal basis: legitimate interests). Retention: aggregated or anonymised where possible; raw logs retained up to 24 months.
-
Fraud prevention & legal compliance: anti-fraud checks, KYC where needed, regulatory reporting. (Legal basis: legal obligation / legitimate interest). Retention: as needed per legal/regulatory obligations.
5. Cookies & tracking
We use cookies and similar technologies. Categories:
-
Essential cookies: required for site operation (cart, sessions). No opt-out.
-
Analytics cookies: Google Analytics etc. — used to improve site performance. Opt-out via cookie settings.
-
Marketing cookies: Facebook Pixel, advertising networks — used for targeted ads. Opt-out possible.
Cookie banner short text (for banner):
“stimuloo uses cookies to give you the best experience, to process orders and for analytics and marketing. Manage your preferences or accept.”
Extended cookie dialog template: include categories, purpose, retention, providers, and a link to opt-out and the privacy policy.
6. International transfers
Data may be transferred outside the EEA/UK (e.g., to Shopify Inc., payment processors, fulfilment partners). We use appropriate safeguards (Standard Contractual Clauses, adequate jurisdictions) or rely on processors’ safeguards. Where legal, transfers are based on EU Commission or UK adequacy decisions or SCCs.
7. Recipients & third parties
We share data with service providers: Shopify Inc. (hosting & payments), payment processors (e.g., Stripe/PayPal), shipping & fulfilment partners, analytics providers (e.g., Google), marketing providers (e.g., Facebook). We require processors to protect data under contract.
8. Data security
We implement reasonable technical and organisational measures (encryption, access controls, backups). However, no internet transmission is 100% secure—report incidents to contact@stimuloo.
9. Rights of data subjects (EU/UK residents)
You have rights under GDPR/UK law: access, rectification, erasure (“right to be forgotten”), restriction, data portability, object to processing (including profiling), withdraw consent, and lodge a complaint with a supervisory authority. To exercise rights, contact contact@stimuloo. We will verify identity and respond within statutory timelines (generally one month).
10. Automated decision-making
We do not rely on automated decision-making that produces legal or similarly significant effects. Where such processing occurs, we will provide information and rights.
11. Children’s data
Our products are for children but parents/guardians should supply personal data. We do not knowingly collect personal data from children under applicable legal thresholds without parental consent.
12. Retention periods
Specific retention: transactional data—up to 6 years for tax/compliance; marketing—until unsubscribe; analytics—up to 24 months; support tickets—until resolution + statutory retention.
13. Complaints / Supervisory authority
EU residents may complain to their local Data Protection Authority. For UK: ICO. Contact details for the ICO: https://ico.org.uk.
14. Contact
For privacy or data requests: contact@stimuloo.
Data processing table (compact)
| Purpose | Data categories | Legal basis | Retention |
|---|---|---|---|
| Order fulfilment | Identity, contact, payment, transaction | Contract | 6 years / tax |
| Customer service | Identity, contact, order history | Contract / Legitimate interest | Until resolution |
| Marketing | Contact, preferences | Consent / Legitimate interest | Until unsubscribe |
| Analytics | Technical, usage | Legitimate interest | 24 months |
| Fraud prevention | Identity, transaction | Legal obligation / Legitimate interest | As required |
For legal certainty, consult a qualified solicitor in your jurisdiction.