Our Privacy Policy
Privacy Policy
Last updated: 31 August 2025
This document provides general information about how Umbrella Co. handles personal data on umbrella-co.eu. Adjust details to match your actual practices and legal obligations.
1. Who We Are (Data Controller)
Umbrella Co. (“we”, “us”) operates the website umbrella-co.eu and acts as the data controller for the processing activities described in this policy.
Legal entity name: Umbrella Co. (or applicable company name)
Registered address: [ADDRESS]
Company number / OIB: [NUMBER]
Contact email for privacy matters: privacy@umbrella-co.eu
Contact phone: [PHONE]
2. Scope
This policy applies to the website umbrella-co.eu and related services such as contact forms, client inquiry workflows, and any e-commerce or membership features made available on the site.
3. Personal Data We Collect
- Account and profile data: name, email address, password hash, user role, and profile details when you create an account.
- Contact data: details you provide in forms or messages, including name, email, phone, company, and message content.
- Order and transaction data (if applicable): billing and shipping details, items purchased, amounts, taxes, timestamps, and order notes.
- Payment data (if applicable): payment tokens and limited card details processed by payment providers. Full card numbers are not stored by us.
- Fulfilment data (if applicable): order contents, sizes, colours, and recipient details needed to manufacture and deliver orders.
- Usage and device data: IP address, device and browser type, pages visited, time on page, and referring sources collected via cookies or similar technologies.
- Marketing preferences: newsletter opt-ins, consent choices, unsubscribes, and campaign interactions.
- User-generated content: comments, reviews, uploads, and support attachments you submit.
We collect data directly from you, automatically from your device, and from service providers supporting our operations.
4. Purposes and Legal Bases
| Purpose | Examples | Legal basis |
|---|---|---|
| Provide and operate the website and services | Account creation, contact handling, content delivery | Contract performance; legitimate interests |
| Process orders and payments (if applicable) | Checkout, invoicing, fraud prevention | Contract performance; legitimate interests; legal obligations |
| Fulfilment and customer support | Production, shipping, returns, user assistance | Contract performance; legitimate interests |
| Analytics and performance | Traffic measurement, troubleshooting | Consent where required; legitimate interests for strictly necessary analytics |
| Marketing communications | Newsletters and updates where permitted | Consent; legitimate interests for permitted direct marketing |
| Legal compliance and security | Tax, accounting, regulatory requests, security monitoring | Legal obligations; legitimate interests |
5. Retention
- Order and invoice records: retained for the period required by accounting and tax laws.
- Account data: retained while your account is active; deleted or anonymised within a reasonable time after closure unless a longer period is required by law.
- Marketing data: retained until you unsubscribe or object, after which your details are suppressed for marketing purposes.
- Analytics data: retained for the period configured in the analytics tool or as otherwise necessary for the stated purposes.
6. Recipients and Processors
We share personal data with trusted service providers to operate the site and deliver services. These may include hosting and infrastructure, content management and plugins, payment processors, fulfilment and logistics partners, analytics services, email and marketing platforms, communications and support tools, professional advisors, and public authorities where legally required. Processors act under contracts that include data protection obligations.
7. International Transfers
Where data is transferred outside the EEA or the UK, we rely on appropriate safeguards such as adequacy decisions or standard contractual clauses, with supplementary measures where necessary.
8. Your Rights
Subject to conditions under applicable law, you may have the right to request access, rectification, erasure, restriction, and portability of your personal data, as well as the right to object to certain processing including direct marketing. Where processing is based on consent, you may withdraw your consent at any time.
To exercise these rights or to make a complaint to us, contact the privacy email listed above. We may need to verify your identity to process your request.
9. Security
We apply technical and organisational measures to protect personal data, including access controls and encryption in transit, taking into account the risks and the nature of processing. No method of transmission or storage is completely secure.
10. Children’s Privacy
The website is not directed to children under 16 years of age, and we do not knowingly collect personal data from children.
11. Automated Decision-Making
We do not use automated decision-making that produces legal or similarly significant effects about you.
12. Changes to This Policy
We may update this policy from time to time to reflect changes in our practices or legal requirements. The latest version will be indicated by the “Last updated” date above.
13. Contact
For any questions or requests regarding this policy or your personal data, contact: privacy@umbrella-co.eu or write to the address shown in Section 1.