Privacy policy

PRIVACY POLICY

Last updated: February 20, 2026

ILVIO OÜ (“ILVIO”, “we”, “us”, or “our”) operates this website, online store, and related services (the “Services”). ILVIO OÜ is registered in Estonia and acts as the data controller for the personal data described in this Privacy Policy.

This Privacy Policy explains how we collect, use, process, disclose, and safeguard your personal data when you access or use our Services.

By using our Services, you acknowledge that you have read and understood this Privacy Policy.

1. DATA CONTROLLER

ILVIO OÜ
Järve 35
11314 Tallinn
Estonia

Email: ilvio.magicmirror@gmail.com

2. PERSONAL DATA WE COLLECT

We collect personal data necessary to operate our business and provide our Services.

2.1 Information You Provide Directly

• Full name
• Billing and shipping address
• Email address
• Phone number
• Account credentials
• Payment-related details (processed securely by payment providers)
• Customer support communications
• Reviews and submitted content

2.2 Transaction Data

• Products viewed
• Items added to cart or wishlist
• Orders placed
• Returns, exchanges, cancellations
• Purchase history

2.3 Device and Usage Data

• IP address
• Browser and device information
• Operating system
• Unique identifiers
• Cookies and similar tracking technologies
• Interaction data (pages visited, time spent, navigation patterns)

2.4 AI and Personalization Data

Where applicable, we may process:

• Style preferences
• Usage frequency data
• Wardrobe interaction metrics
• Resale or lifecycle engagement information

This processing supports personalization, garment lifecycle management, and circular fashion functionality.

3. LEGAL BASES FOR PROCESSING (GDPR ART. 6)

We process personal data only where a lawful basis applies.

3.1 Contractual Necessity

Processing required to:
• Fulfill orders
• Process payments
• Provide account functionality
• Deliver products
• Provide customer support

3.2 Legal Obligation

Processing required to:
• Comply with accounting and tax laws
• Respond to lawful government requests
• Maintain statutory records

3.3 Legitimate Interests

We rely on legitimate interests to:
• Improve Services
• Prevent fraud
• Ensure security
• Analyze performance
• Provide personalization and AI recommendations
• Support circular resale optimization

We process such data only where our legitimate interests are not overridden by your fundamental rights and freedoms.

3.4 Consent

We rely on consent where required by law, including:
• Marketing communications
• Non-essential cookies
• Targeted advertising

You may withdraw consent at any time.

4. AUTOMATED DECISION-MAKING & PROFILING

We may use automated systems to analyze user behavior, preferences, and interactions to:

• Provide personalized recommendations
• Improve styling suggestions
• Optimize resale lifecycle positioning
• Enhance product relevance

These systems do not produce legal or similarly significant effects within the meaning of Article 22 GDPR.

You have the right to object to profiling at any time.

5. HOW WE USE PERSONAL DATA

We use personal data to:

• Operate and maintain our store
• Process transactions
• Deliver products
• Provide customer support
• Improve Services
• Enable personalization features
• Facilitate circular resale functionality
• Prevent fraud and abuse
• Comply with legal obligations

6. HOW WE SHARE PERSONAL DATA

We share personal data only where necessary.

6.1 Service Providers

• Shopify (hosting and infrastructure)
• Payment processors
• Shipping partners
• IT service providers
• Cloud storage providers
• Analytics providers

All service providers process data under appropriate contractual safeguards.

6.2 Marketing & Advertising Partners

Where permitted by law and based on consent, we may share limited data for targeted advertising.

6.3 Legal and Corporate Transactions

We may disclose personal data:
• To comply with law
• To enforce our rights
• In connection with a merger, acquisition, or sale

7. INTERNATIONAL TRANSFERS

Where personal data is transferred outside the European Economic Area (EEA) or United Kingdom, we rely on:

• European Commission Standard Contractual Clauses
• Adequacy decisions
• Equivalent lawful safeguards

8. DATA RETENTION

We retain personal data only as long as necessary.

Typical retention periods:

• Order and financial records: 7 years (Estonian accounting law)
• Account data: until deletion request or prolonged inactivity
• Marketing consent data: until consent is withdrawn
• Customer service communications: up to 3 years
• Analytics data: according to service provider configurations

Data may be retained longer where required by law.

9. COOKIES AND TRACKING

We use cookies and similar technologies to:

• Operate the store
• Analyze traffic
• Personalize experience
• Support marketing efforts

Non-essential cookies are used only with consent, where required by law.

You may manage cookie preferences via our cookie banner or browser settings.

10. DATA SECURITY

We implement appropriate technical and organizational measures to protect personal data.

However, no transmission or storage system can guarantee absolute security.

11. YOUR RIGHTS (EEA / UK USERS)

You have the right to:

• Access your personal data
• Rectify inaccurate data
• Erase data (“right to be forgotten”)
• Restrict processing
• Object to processing
• Data portability
• Withdraw consent
• Lodge a complaint with a supervisory authority

Supervisory Authority (Estonia):

Andmekaitse Inspektsioon
https://www.aki.ee

We may verify your identity before fulfilling requests.

12. CHILDREN

Our Services are not directed to individuals under 16 years of age.

We do not knowingly collect personal data from children.

13. CHANGES TO THIS POLICY

We may update this Privacy Policy to reflect operational, legal, or regulatory changes.

Updated versions will be published with a revised date.

14. CONTACT

For questions or data rights requests: