Effective date: 12 August 2025

This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you visit our website or purchase from our online store.

1) Who we are (Data Controller)

• Controller: SIA "stigmaticego''

• Registered in: Latvia

• Registered address: Avotu iela 4A-3; LV-1011

• Email: contact@riskynegotiations.com

This policy applies to the website and online store operated by board of SIA ''stigmaticego''

2) What personal data we collect

We collect and process the following categories of data, depending on your interactions with us:

• Identity & Contact Data: name, company, billing and delivery address, email, phone.

• Order & Transaction Data: products purchased, order totals, VAT details, delivery preferences, returns.

• Payment Data: payment method, payment status, and anti‑fraud checks. We do not store full card numbers. Card data is processed by our payment providers.

• Account Data: username, passwords (hashed), order history, saved addresses, preferences.

• Communications: messages you send us (email, contact forms, chat), survey responses, support tickets.

• Usage & Device Data: IP address, device/browser type, pages viewed, referring/exit pages, timestamps, approximate location (based on IP), and cookie identifiers.

• Marketing Data: your marketing preferences, consent records, and interactions with our emails.

• User‑Generated Content: product reviews, comments, photos you upload.

We do not intentionally collect special categories of data (e.g., health, biometric, religious beliefs) or data about children.

3) Why we process your data and legal bases (GDPR)

We use your data for the following purposes and under these legal bases:

• To provide the Store and fulfill your orders (create/confirm orders, deliver products, process returns) — Article 6(1)(b) contract.

• Customer support and communications — contract and/or legitimate interest to respond to inquiries.

• Payments and fraud prevention — legitimate interest in keeping the Store secure and legal obligation to prevent fraud.

• Account management (if you create an account) — contract.

• Marketing communications (newsletters, offers) — consent (opt‑in), and for existing customers legitimate interest to promote similar products, subject to your right to opt out at any time.

• Analytics and personalization (to understand performance and improve the Store) — consent where required by law (e.g., non‑essential cookies), otherwise legitimate interest.

• Compliance with legal obligations (tax, accounting, consumer protection) — legal obligation.

4) Sharing and disclosure

We share personal data with:

• Shopify (our ecommerce platform provider) to operate the Store and checkout.

• Payment providers (e.g., card processors, PayPal, etc.) for payments and fraud checks.

• Fulfilment and logistics partners (warehouses, couriers, national postal services) to deliver orders and handle returns.

• IT and service providers (email, cloud hosting, analytics, customer support tools) who process data on our behalf under data‑processing agreements.

• Professional advisors and authorities (accountants, auditors, regulators, law enforcement) when required by law or to defend legal claims.

• Business transfers (if we reorganize, merge, or sell parts of our business, data may transfer under appropriate safeguards).

We do not sell your personal data.

5) International transfers

Some recipients may be located outside the EEA/UK (for example, Shopify and certain service providers). Where personal data is transferred internationally, we ensure appropriate safeguards, such as:

• an adequacy decision by the European Commission; and/or

• Standard Contractual Clauses (SCCs) and additional safeguards where necessary.

You can request a copy of relevant safeguards by contacting us.

6) Cookies and similar technologies

We use cookies and similar technologies to run the Store, keep your session, perform analytics, and (if you consent) for marketing/ads.

Types we use:

• Strictly necessary (essential for site and checkout to function)

• Performance/analytics (e.g., to measure traffic and conversions)

• Functional (to remember choices and improve experience)

• Advertising/retargeting (to show relevant ads, if enabled)

Managing cookies: On your first visit we present a consent banner. You can change your preferences at any time via the banner or your browser settings. Disabling certain cookies may affect site functionality.

Optional: insert a cookie table here if you maintain one. Example

Cookie	Purpose	Provider	Duration
_shopify_y	Analytics	Shopify	1 year

7) Data retention

We keep personal data only as long as necessary for the purposes described and to comply with legal obligations.

• Orders & invoices: retained for the period required by Latvian tax and accounting laws (up to 10 years in practice).

• Customer accounts: retained while your account is active; we delete or anonymize after inactivity for a reasonable period.

• Marketing data: retained until you withdraw consent or opt out.

• Support tickets: retained as needed to resolve your issue and for our records.

We will securely delete or anonymize data when retention expires.

8) Your rights (EEA/Latvia)

Under the GDPR, you have the right to:

• Access your personal data and receive a copy;

• Rectify inaccurate or incomplete data;

• Erase your data (“right to be forgotten”);

• Restrict processing in certain cases;

• Data portability (receive data in a structured, machine‑readable format and transmit it to another controller);

• Object to processing based on legitimate interests, including profiling; and object to direct marketing at any time;

• Withdraw consent at any time where processing is based on consent.

You also have the right to lodge a complaint with Latvia’s Data State Inspectorate (Datu valsts inspekcija).

9) How to exercise your rights

To exercise your rights or make a privacy request, email us at contact@riskynegotiations.com (or use [your contact form]). We may need to verify your identity. We aim to respond within one month (extendable by two months for complex requests as permitted by law).

10) Minors

Our Store is not intended for children under the age required by applicable law (typically 16 in the EU). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us to delete it.

11) Automated decision‑making

We do not make decisions based solely on automated processing that produce legal effects concerning you (e.g., credit decisions). We may use automated tools for fraud detection; you can request human review and an explanation of such decisions.

12) Changes to this Policy

We may update this Policy from time to time. If changes are material, we will notify you (for example, via a notice on the Store). The latest version will always show the effective date at the top

13) Contact

Questions about this Policy or our data practices?

• Email: contact@riskynegotiations.com

• Postal address: Latvia; Rīga; Avotu iela 4A-3 ; LV-1011