Privacy policy
Effective date / update: April 15, 2026
1. General Provisions
1.1.
This Privacy Policy (hereinafter referred to as the “Policy”) defines the procedure for collecting, using, storing, transferring, and protecting the personal data of users/customers (hereinafter referred to as the “User”, “Customer”) of the online store s.ofiarin_jew (hereinafter referred to as the “Store”, “Website”).
1.2.
This Policy has been developed taking into account the requirements of the Law of Ukraine “On Personal Data Protection” No. 2297-VI (in particular, the legal grounds for processing, the obligation to inform, and the rights of the data subject), the Law of Ukraine “On Electronic Commerce” No. 675-VIII (features of interaction in the field of e-commerce), as well as possible application of GDPR and ePrivacy requirements regarding cookies and similar technologies for users from the EU/EEA.
1.3.
By visiting the Website, placing an order, subscribing to a newsletter, sending us messages, or using other Website functions, the User confirms that they have read this Policy and understands its content.
1.4.
If the User does not agree with the terms of this Policy, they must stop using the Website and/or not provide data. At the same time, some functions (placing orders, payment, delivery) may be technically impossible without the necessary data.
2. Data Controller and Contact Information
2.1.
Data Controller:
Sole Proprietor (FOP) Dzhurynska Klavdiia Mykolaivna, seller s.ofiarin_jew.
2.2.
Contact details for inquiries regarding personal data and information security:
Email: sofiarinjew@gmail.com
Phone: +380681747793
Address: Velykodolynske settlement, Chornomorska Street 36B
Tax ID (RNOKPP): 2566919606
IBAN: UA083052990000026003014929810
2.3.
We determine the purpose of processing, the composition of data, and processing procedures, and we may involve processors/service providers (for example, an e-commerce platform, payment providers, delivery services, mailing and analytics services) to perform part of the operations on our behalf or as separate controllers within their own obligations.
3. Definitions
3.1.
Personal data – information or a set of information about a natural person who is identified or can be specifically identified.
3.2.
Processing of personal data – any actions (collection, registration, accumulation, storage, use, transfer, destruction, etc.).
3.3.
Consent of the personal data subject – a voluntary expression of will to allow the processing of personal data for a specified purpose; in the field of e-commerce, consent may be given, in particular, by ticking a checkbox provided that without such a checkbox the system does not allow processing.
3.4.
Recipient – a natural or legal person to whom personal data is provided (whether a third party or not).
4. What Data We Collect
4.1.
We collect only the data that is necessary for the purposes defined in this Policy and do not collect excessive data.
4.2. Data provided directly by the User:
- Full name (or first and last name)
- Contact phone number, email
- Delivery address / city / post office / postal code (depending on delivery method)
- Order data: product name, quantity, size, color, material, personalization parameters (if any), order comments
- Communication data: support requests, messages, correspondence history
4.3. Automatically generated data while using the Website:
- Technical data: IP address, browser type, language, date/time of visit, pages visited, cookie/pixel identifiers (if any), device information
- Analytics and measurement data (if enabled and with consent where required): page views, add-to-cart events, checkout actions, purchases, etc.
4.4. Payment-related data:
We may receive from the payment provider information about payment status, transaction/payment ID, amount, currency, date/time.
We do not store full payment card details (PAN) or CVV/CVC; card data entry and initial processing are performed on the side of the payment provider/payment system. Tokenization practice means replacing sensitive data with a unique token so that real card data is not used/stored in the merchant’s systems.
4.5. Delivery-related data:
Full name of recipient, phone number, address/branch/postal locker, city, postal code; sometimes additional attributes required for shipment processing (for example, courier comments).
Tracking number and delivery status.
5. Purposes of Processing Data
5.1. Main purposes:
- Processing and fulfilling orders (conclusion/performance of a sales contract)
- Receiving and processing payments, refunds (if necessary)
- Organizing delivery and providing status updates
- Communication with the Customer regarding the order (transactional emails: order confirmation, payment confirmation, etc.), fulfilling requirements for confirmation of electronic transactions
- Accounting, reporting, compliance with legal requirements (tax/accounting), handling claims and disputes
- Security, fraud prevention, and protection of legitimate interests
- Marketing (newsletters, personalized offers) only where consent is provided where required by law
- Analytics and improvement of Website performance (subject to cookies/consent rules)
6. Legal Grounds for Processing
6.1.
In Ukraine, legal grounds for processing include:
(a) consent of the data subject;
(b) conclusion and performance of a contract;
(c) protection of legitimate interests of the controller or a third party, etc.
6.2.
In e-commerce, consent may be given by ticking a checkbox (for example: “I agree with the Privacy Policy”, “I agree to receive newsletters”), provided that the system does not process data for this purpose before consent is given.
6.3.
For EU/EEA customers (if applicable), GDPR may apply, in particular when offering goods/services or monitoring behaviour. In such cases, we rely on typical GDPR legal bases: contract performance, legitimate interest, and consent (especially for marketing cookies and email marketing where opt-in is required).
7. Data Recipients and Third Parties
7.1. E-commerce platform (Shopify and infrastructure)
The Store operates on Shopify. Under Shopify’s Data Processing Agreement (DPA), the merchant is the controller, and Shopify acts as a processor regarding customer data (with certain exceptions). Shopify also applies rules for international transfers and subprocessors.
7.2. Payment providers / payment systems
Personal data necessary for payment processing (transaction information, payment status) is transferred to payment providers. PayPal’s Privacy Statement indicates that personal data is shared with payment service providers to complete transactions. Card data is processed by payment providers; tokenization reduces storage of sensitive card data in merchant systems.
7.3. Delivery services / postal operators
For delivery, we transfer necessary recipient data (name, phone, address) to the chosen shipping provider.
7.4. Transactional emails
After placing an order and/or successful payment, the Store may send transactional emails (order confirmation, payment confirmation). This is part of contract performance and/or confirmation of an electronic transaction.
7.5. Third-party tools and services
Depending on configuration, we may use:
- Analytics tools (e.g., Google Analytics)
- Email marketing/CRM providers
- Advertising pixels/conversion tracking tools
- Live chat/support tools
- Fraud prevention and anti-bot systems
8. International Data Transfers
Since Shopify is a global company, data may be transferred and/or stored outside Ukraine depending on Shopify infrastructure and subprocessors. Shopify describes its approach to international transfers and onward transfers and uses contractual mechanisms (DPA) to comply with different jurisdictions.
For GDPR-relevant processing, appropriate contractual and organizational safeguards are applied.
9. Data Retention Periods
We store personal data no longer than necessary for the purposes of processing. The principle of storage limitation applies.
Approximate retention periods:
- Order, payment, and accounting data: at least the statutory tax/accounting retention periods (at least 1095 days in Ukraine in certain cases)
- Communication data: 1–3 years depending on necessity
- Marketing data: until consent is withdrawn
- Cookies: according to their specific lifespan
10. Rights of the Data Subject and How to Exercise Them
10.1.
Under Ukrainian law, data subjects have the right to know sources of data collection, access their data, receive information about third parties, request correction or deletion, withdraw consent, file objections, and submit complaints.
10.2.
Response time: up to 30 calendar days for requests regarding personal data.
10.3. How to submit a request:
Send an email to: sofiarinjew@gmail.com with subject “Personal Data Request”.
Include:
- Full name and contact details
- Description of the request
- Identifiers (order number, email, phone, etc.)
We may request identity verification for security purposes.
10.4.
For EU/EEA users, we also follow GDPR transparency principles (Articles 12–15 GDPR).
11. Data Security
We implement organizational and technical security measures to protect data from unauthorized access, loss, destruction, alteration, or disclosure.
Examples include:
- Role-based access control
- Password protection and/or two-factor authentication
- HTTPS encryption
- Secure email access
- Regular software updates
- Shopify security infrastructure tools
12. Cookies and Similar Technologies
The Website may use cookies, pixels, and similar technologies for functionality, security, analytics, and marketing purposes.
Detailed information is provided in the Cookie Policy. EU/EEA cookie consent requirements (ePrivacy) may apply.
13. Changes to the Policy
We may update this Policy due to changes in legislation, technology, or business processes. The latest version is always published on the Website with the updated date.