1. General Provisions

1.1. This Privacy Policy describes how Laura Anspoka, operating under the brand Novaliss Bridal (hereinafter referred to as the “Data Controller”), collects, processes, and stores personal data from visitors and customers of the website www.novalissbridal.com (hereinafter referred to as the “Data Subject” or “You”).

1.2. Personal data refers to any information that identifies or can identify an individual (e.g., name, contact details, purchase history). Processing refers to any action performed on personal data, such as collection, storage, and deletion.

1.3. The Data Controller complies with the General Data Protection Regulation (EU) 2016/679 (GDPR) and other applicable Latvian and European data protection laws.

2. Collection, Processing, and Storage of Personal Data

2.1. Personal data is primarily collected through the website, email, or other direct interactions (e.g., purchases, inquiries).

2.2. By using the website and its services, you agree that your personal data will be processed as described in this Privacy Policy.

2.3. You are responsible for ensuring that the personal data you provide is accurate and up to date. Providing false information is considered a violation of this Privacy Policy.

3. Categories of Personal Data Processed

3.1. The Data Controller may process the following personal data:

  • Identification Data: Name, surname

  • Contact Information: Email, phone number

  • Transaction Data: Purchased products, billing/delivery address, payment details

  • Other Data: Any additional details provided voluntarily (e.g., order notes, special requests)

3.2. Personal data may be verified using publicly available sources to ensure accuracy.

3.3. The legal basis for processing personal data is based on:

  • The necessity to fulfil a contract (e.g., order processing);

  • Compliance with legal obligations (e.g., tax laws);

  • Legitimate interests (e.g., business operations, customer service);

  • Consent (e.g., marketing communications).

3.4. Personal data is retained for as long as necessary for the purposes stated above, or as required by law.

4. Sharing of Personal Data

4.1. To fulfil services, personal data may be shared with:

  • Payment processors

  • Shipping and courier services

  • IT service providers (e.g., website hosting)

  • Legal or regulatory authorities (if required by law)

4.2. Third-party service providers process data according to legal requirements and contractual obligations.

5. Your Rights

As a Data Subject, you have the right to:

  • Access your personal data and request information about its processing;

  • Correct inaccurate or incomplete data;

  • Request deletion of your personal data (“right to be forgotten”);

  • Withdraw consent for marketing communications at any time;

  • Object to data processing under legitimate interests;

  • Lodge a complaint with the Latvian Data Protection Authority (Datu valsts inspekcija).

To exercise your rights, contact [email protected].

6. Security of Your Data

The Data Controller implements technical and organizational measures to protect personal data from unauthorized access, loss, or misuse.

7. Changes to the Privacy Policy

The Data Controller reserves the right to update this Privacy Policy at any time. Changes will take effect upon publication on the website.