Skip to Content

Privacy Policy

At StarGoldPro OÜ, we are committed to protecting your personal data and complying fully with the General Data Protection Regulation (EU) 2016/679 ("GDPR"). This Privacy Policy explains how we collect, use, share and protect your personal information when you interact with us, including through our website and services.

1. Who We Are

StarGoldPro OÜ

F. R. Kreutzwaldi tn 43b, Võru linn, 65610, Estonia

VAT: EE102795271

Email: Contact-us

We act as the Data Controller for the purposes of the GDPR.

2. What Information We Collect

We may collect and process the following data:

  • Identity and contact data (e.g. name, business name, professional role, VAT number, email address, phone number)
  • Account and transactional data (e.g. order history, delivery preferences, payment status)
  • Correspondence and support requests
  • Technical and usage data (e.g. IP address, browser type, pages visited – via cookies – see Cookie Policy)
  • Marketing preferences and interactions (if consent is given)

3. How We Use Your Data

We use the personal data we collect from you for legitimate business purposes, including but not limited to:

  • Creating and managing your professional account on StarGoldPro.com™
  • Processing and fulfilling your orders
  • Providing client service and responding to your enquiries
  • Managing payments, invoicing, and order history
  • Ensuring compliance with applicable laws and regulations

We may also collect and process personal data related to environmental or sustainability enquiries — for example, questions about packaging materials, recycling instructions, or our compliance with Extended Producer Responsibility (EPR) regulations. This data is used solely to respond to your request, fulfil our regulatory obligations, or improve our environmental practices. Such data is processed under our legitimate interest and is not used for marketing purposes.

We do not use your data for unsolicited marketing unless we have obtained your explicit consent. If you have subscribed to receive updates or communications, you may withdraw your consent at any time by contacting us.

4. Legal Bases for Processing

Under the GDPR, we rely on the following legal bases:

  • Performance of a contract – to process and deliver your orders
  • Legitimate interests – to improve our services, prevent fraud, and grow our business (provided your rights do not override ours)
  • Legal obligation – to meet our accounting, tax, or regulatory duties
  • Consent – for sending direct marketing emails or placing optional cookies (you may withdraw consent at any time)

5. Data Retention

We retain your personal data only as long as necessary for the purposes for which it was collected:

  • Client records and correspondence: up to 10 years (e.g. for product documentation and regulatory purposes)
  • Financial records: as required by law (e.g. Estonian tax laws)
  • Marketing preferences: until you unsubscribe or withdraw consent

6. Your Data Protection Rights

You have the following rights under GDPR:

  • Right of access – to know what personal data we hold about you
  • Right to rectification – to correct inaccurate or incomplete data
  • Right to erasure – to request deletion of your data under certain conditions
  • Right to restrict processing – to limit how we use your data
  • Right to object – to processing based on legitimate interests or for direct marketing
  • Right to data portability – to receive your data in a usable format
  • Right to withdraw consent – where processing is based on consent

To exercise any of these rights, Contact-us. You also have the right to lodge a complaint with your local Data Protection Authority.

7. Sharing Your Data

We do not sell your personal data.

We may share your data with:

  • Service providers (e.g. payment processors, IT and delivery services)
  • Regulatory authorities (e.g. for CPNP product notification or customs clearance)
  • Our professional advisors (e.g. accountants, legal counsel)

All third parties are bound by strict confidentiality and comply with applicable data protection laws.

8. International Data Transfers

Some of our service providers (e.g. Google Analytics, cloud platforms) may process or store data outside the European Economic Area (EEA), such as in the United States.

Where this occurs, we ensure that appropriate safeguards are in place, such as:

  • Transfers to countries with an adequacy decision from the European Commission; or
  • Use of Standard Contractual Clauses (SCCs) approved by the EU Commission

We take all reasonable steps to ensure your personal data remains secure and protected.

9. Cookies and Tracking Technologies

We use cookies to support your experience, analyse site usage, and enhance functionality. Some cookies are essential, while others are optional and only used with your consent.

You can control cookie preferences at any time through the cookie banner on our site. For full details, please see our Cookie Policy.

Note: We do not currently support “Do Not Track” signals due to the absence of a recognised industry standard.

10. Automated Decision-Making

We do not use your data for profiling or automated decision-making that has legal or significant effects on you.

11. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

  • HTTPS encryption and secure hosting
  • Access controls and permissions
  • Internal privacy training for staff
  • Regular backups and threat monitoring

12. Updates to This Policy

This policy may be updated to reflect legal, operational or technological changes.

Please check this page periodically to stay informed.

Version 1.0 – Effective April 2025