Clear and trackable delivery Real guarantees on every order Fast help when you need it
Villalta Home Co.

Privacy Policy

How Villalta Home Co. collects, uses and protects the personal information of visitors and customers, and how to exercise your rights under the UK GDPR and the Data Protection Act 2018.

Who is responsible for your data

Villalta Home Co. is operated as an individual online retailer trading from the United Kingdom. References to "we", "us" and "our" refer to the operator of villaltaco.uk acting as the data controller for the personal information collected through this website.

The data protection contact is support@villaltaco.uk. Use this address for any privacy enquiry, data subject request or formal complaint before escalating to the regulator.

What personal data we collect

We only collect the personal data needed to operate the store, fulfil orders and respond to customer support. Categories of data include:

  • Account and contact details: name, email address, phone number when provided, postal address used for delivery and billing.
  • Order information: items purchased, prices, payment status and tracking references. Card details are never stored on our servers; payments are processed directly by Stripe.
  • Communications: messages you send to support, with their attachments and metadata.
  • Technical data: IP address, browser, device type, pages viewed, referring URL and timestamps. Captured via server logs and analytics or marketing cookies, only when you have given consent.
  • Marketing data: cookie consent flags, advertising identifiers (such as the Meta _fbp / _fbc cookies) and aggregated audience signals, only when you have accepted marketing cookies.

Why we process your data (lawful basis)

Each processing activity has a lawful basis under Article 6 of the UK GDPR:

  • Performance of a contract: to take and fulfil orders, handle returns and provide post-sales support.
  • Legal obligation: to keep accounting and tax records and to respond to lawful requests from authorities.
  • Legitimate interests: to keep the website secure, prevent fraud and improve our products and services.
  • Consent: for analytics cookies, marketing cookies and any optional newsletter or commercial communication. You can withdraw consent at any time from the cookie banner or by emailing support@villaltaco.uk.

Who we share data with

We share personal data only with service providers who help us operate the store, and only to the extent strictly necessary. Current categories of recipients are:

  • Payment processor: Stripe Payments Europe (handles checkout, card data and fraud prevention).
  • Email and order communications providers used to send order confirmations, shipping updates and review requests.
  • Logistics and supplier partners that prepare and ship the products you order. Only the data needed to deliver the order (name, address, phone, items) is shared.
  • Analytics and advertising providers (such as Meta and Google) when you have accepted analytics or marketing cookies, for measurement and audience building.
  • Hosting and infrastructure providers that store and serve the website and the backing databases.

International transfers

Some of our service providers (including payment, advertising and supplier networks) operate from countries outside the United Kingdom or the European Economic Area. When that is the case, transfers are protected by the safeguards required by the UK GDPR, such as Standard Contractual Clauses, the UK International Data Transfer Addendum or an adequacy decision recognised by the UK government.

How long we keep your data

We keep personal data only for as long as needed for the purpose it was collected, plus the periods that UK law requires us to retain it. Typical retention windows are:

  • Order and accounting records: at least 6 years from the end of the relevant tax year, as required by HMRC.
  • Customer accounts: while the account is active, plus up to 24 months of inactivity unless you ask us to delete it earlier.
  • Support tickets: up to 24 months from the last message, to handle warranty and follow-up enquiries.
  • Marketing audiences and analytics: as long as the relevant cookie is valid, or until consent is withdrawn.

Your rights

Under the UK GDPR you have the following rights regarding your personal data. We will respond to a verified request within one calendar month.

  • Right of access: ask for a copy of the data we hold about you.
  • Right to rectification: ask us to correct inaccurate or incomplete information.
  • Right to erasure: ask us to delete your data when there is no legal reason to keep it.
  • Right to restriction: ask us to pause processing in some circumstances.
  • Right to data portability: receive your data in a structured, commonly used format.
  • Right to object: object to processing based on legitimate interests, including direct marketing.
  • Right to withdraw consent: withdraw consent for cookies or marketing at any time, without affecting prior lawful processing.
  • Right to lodge a complaint: contact the UK Information Commissioner's Office at https://ico.org.uk if you believe your rights have not been respected.

Security and changes to this policy

The website runs over HTTPS with industry-standard security controls. Access to personal data is restricted on a need-to-know basis. No system is 100 percent secure, but we work continuously to reduce risk and respond to incidents.

We may update this policy when our processing activities change or when legislation evolves. The current version is always available at this URL. Material changes will be highlighted on the homepage or by email when appropriate.

Contact

If you need a legal clarification or want to exercise your rights, email us at support@villaltaco.uk.