Privacy Policy

Last updated: February 26, 2026


Maintaining the security of your personal data is important to us at Frellio. We are committed to respecting your privacy rights and handling your data fairly, lawfully, and transparently at all times.
This Privacy Policy applies to users in the European Union the United Kingdom, and the United States.
By accessing or using our Store, you acknowledge that you have read and understood this Privacy Policy.

I. DEFINITIONS

GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 concerning the protection of natural persons regarding the processing of personal data and the free movement of such data.
UK GDPR – The retained EU law version of the GDPR as incorporated into United Kingdom law.
Personal Data – Any information relating to an identified or identifiable natural person.
Administrator (Controller)  -  Frellio, Brīvības iela 55A, Ogre, 5001, Latvia.
Policy - This Privacy Policy document.
Store  - The online e-commerce store operated via the Shopify platform.
User  - Any person visiting or purchasing from the Store.

II. CONTROLLER INFORMATION

Frellio acts as the data controller for personal data collected through the Store.
Our Store is hosted by Shopify Inc.. Shopify provides the online e-commerce platform that allows us to sell products to you. Shopify processes certain personal data as our data processor and may also process data for its own legitimate business purposes as described in Shopify’s privacy documentation.

III. PURPOSES AND LEGAL BASIS FOR DATA PROCESSING

1. GENERAL USE OF THE STORE

The Administrator processes the personal data of all Store visitors (including IP addresses, device identifiers, and cookie data) for the following purposes:
Provision of Electronic Services: To make the Store's content accessible and provide interactive features (e.g., contact forms). The legal basis is the necessity to perform a contract 
Guest Checkout: To process purchases made without creating a registered account. The legal basis is the necessity to perform a contract.
Complaint Handling: To manage and resolve customer issues. The legal basis is the necessity to perform a contract 
Analytics and Statistics: To analyze User activity and preferences to enhance the Store's functionality. The legal basis is the Administrator’s legitimate interest 
Legal Defense: To establish, pursue, or defend against legal claims. The legal basis is the Administrator’s legitimate interest.
Legal bases:

  • For EU users: Art. 6(1)(b) GDPR (contract)
  • For EU users: Art. 6(1)(f) GDPR (legitimate interest)
  • For UK users: Article 6 UK GDPR
  • For U.S. users: Processing is based on contractual necessity
  • and legitimate business purposes under applicable state laws.
2. PLACING ORDERS

When a User places an order, providing mandatory data is required for the fulfillment of the purchase. Failure to provide this data will prevent the order from being processed.
We collect:

  • Name
  • Billing and shipping address
  • Email
  • Phone number required for delivery
  • Payment information (processed securely via payment providers)
Order Fulfillment:

To process and ship the purchased goods. The legal basis is the necessity to perform a contract (Art. 6(1)(b) GDPR).

Statutory Obligations:

To comply with tax, accounting, and consumer rights legislation. The legal basis is compliance with a legal obligation (Art. 6(1)(c) GDPR).

Fraud Prevention:

We may process order data to prevent fraud and abuse (Art. 6(1)(f) GDPR – legitimate interest).

3. COMMUNICATIONS

We process communications for responding to inquiries and maintaining customer service records.
Inquiry Resolution: To identify the sender and respond to their request. The legal basis is the necessity to perform a service contract or take steps prior to entering a contract (Art. 6(1)(b) GDPR).
Data Minimization: We request that you do not submit sensitive personal data (e.g., Government Identifiers, health data) through contact forms.

IV. MARKETING AND PROFILING

1. Email marketing

If you subscribe, we process:

  • Email address
  • Name (if provided)
  • Interaction data (opens, clicks)
  • We use email marketing tools such as:
  • Klaviyo


You may unsubscribe at any time.

2. Google Advertising & Analytics

We use:

  • Google LLC services including:
  • Google Analytics
  • Google Ads
  • Google Remarketing
  • Google Enhanced Conversion
  • Enhanced Conversions Disclosur
  • Where enabled, hashed customer data (such as email address) may be securely transmitted to Google to improve conversion measurement accuracy.

Legal basis (EU/UK): Consent (Art. 6(1)(a) GDPR) for marketing cookies.

3. Meta (Facebook & Instagram) Advertising

We use:
Meta Platforms Ireland Limited tools including:

  • Meta Pixel
  • Conversion API

Joint Controller Notice:
When using Meta Pixel, Frellio and Meta may act as joint controllers for certain data processing activities under Art. 26 GDPR.
You can adjust ad preferences within your Meta account.

V. SOCIAL MEDIA INTEGRATIONS

The Store features integrated social media plugins. If a User interacts with these plugins while logged into their respective social media accounts, the platform providers may link this activity to the User's profile.


Data transfers to U.S. providers rely on:

  • EU Standard Contractual Clauses (SCCs)
  • EU-US Data Privacy Framework (where applicable)

We encourage reviewing third-party privacy policies.

Platforms used include:

  • Meta Platforms Ireland Limited , ; http://www.facebook.com/policy.php further information . Meta Platforms has joined the "Privacy Shield" agreement between the EU and the US, https://www.privacyshield.gov/EU-US-Framework;
  • Pinterest Europe Ltd. , https://policy.pinterest.com/pl/privacy-policy
  • Google LLC (YouTube), www.privacyshield.gov/EU-US-Framework.
  • X Corp.ks. https://x.com/en/privacy 

VI. COOKIES AND TRACKING TECHNOLOGIES

Cookies are small text files stored on the User's device to facilitate smooth navigation and website functionality.

1. ESSENTIAL "SERVICE" COOKIES 

These are critical for the Store to function properly. They include session identifiers, authentication cookies, security tracking, and shopping cart memory. They do not require User consent as they are necessary to provide the requested service.

2. ANALYTICS COOKIES 

To gather statistical data, the Administrator utilizes Google Analytics. This helps us understand how Users navigate the Store. Users can block this tracking by installing the Google Analytics Opt-out Browser Add-on.

3. MARKETING COOKIES 

(Google Ads & Facebook Pixel) We use marketing cookies to measure ad conversion and deliver targeted campaigns.

  • Google Ads: Utilizes conversion tracking to show us if an advertisement led to a purchase, without personally identifying the User.
  • Facebook Pixel: Allows Meta Platforms to identify Store visitors and display relevant Frellio advertisements on their social feeds. Users can manage or disable these tracking features through their personal Google or Facebook ad preference settings.

For users in Germany, cookie use complies with the German Telecommunications-Telemedia Data Protection Act (TTDSG).
Non-essential cookies are only set after explicit consent via our cookie banner.
Users may withdraw consent at any time.

VII. DATA RETENTION PERIODS

  • Order data: retained for 10 years (tax law compliance – EU requirement).
  • Marketing data: until consent is withdrawn.
  • Analytics data: up to 26 months (Google Analytics default).

VIII. USER RIGHTS AND ENTITLEMENTS

EU & UK customers have rights under GDPR and UK GDPR.
For EU users, you may lodge complaints with: The Data State Inspectorate of Latvia (Datu valsts inspekcija).
For UK users: The Information Commissioner’s Office (ICO).

Under the GDPR, data subjects are granted the following rights:

  • Right to Information Access: To know what data is being processed and obtain a copy.
  • Right to Rectification: To correct inaccurate or incomplete personal data.
  • Right to Erasure ("Right to be Forgotten"): To request the deletion of data when it is no longer strictly necessary.
  • Right to Restriction of Processing: To temporarily halt data processing under specific disputes.
  • Right to Data Portability: To receive data in a structured, machine-readable format.
  • Right to Object: To object to processing based on legitimate interests or for direct marketing.
  • Right to Withdraw Consent: To revoke previously granted consent without affecting the legality of prior processing.
  • Right to Lodge a Complaint: To escalate concerns to the relevant national Data Protection Authority.
  • U.S. PRIVACY RIGHTS (INCLUDING CALIFORNIA)

If you are a resident of California, you may have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including:

  • Right to know what personal information we collect
  • Right to delete personal information
  • Right to correct inaccurate data
  • Right to opt-out of the sale or sharing of personal information
  • Right to limit use of sensitive personal information

We do not sell personal information in the traditional sense.
However, certain advertising practices may qualify as “sharing” under California law.

Exercising Your Rights:

Requests regarding your data rights should be submitted to the Administrator:

  • By Mail: Frellio, Brīvības iela 55A, Ogre, 5001, LV
  • By Email: support@frellio.com

We will respond to all requests within one month of receipt.

IX. DATA RECIPIENTS

To facilitate Store operations and order fulfillment, personal data may be securely disclosed to trusted third-party service providers:
Includes:

  • Shopify Inc.
  • PayPal Holdings Inc.
  • Stripe Inc.
  • Klarna Bank AB
  • Shipping partners such as:
    a. DHL Group
    b. United Parcel Service
    c. Fedex

Frellio reserves the right to disclose necessary information to competent legal authorities if legally compelled to do so.

X. INTERNATIONAL DATA TRANSFERS

Frellio prioritizes keeping personal data within the European Economic Area (EEA). However, because we utilize global infrastructure (like Shopify and Google), data may be transferred internationally. 
Tansfers outside the EEA/UK rely on:

  • Standard Contractual Clauses (SCCs)
  • EU-US Data Privacy Framework
  • UK International Data Transfer Agreement (IDTA)

XI. AUTOMATED DECISION-MAKING

We do not carry out fully automated decision-making that produces legal or similarly significant effects on users.
Profiling for advertising purposes does not have legal consequences.

XII. CHILDREN’S DATA

Our Store is not directed at children under 16 (EU/UK) or under 13 (USA).
We do not knowingly collect personal data from children.

XIII. DATA SECURITY

The Administrator continually conducts risk analyses to ensure data is processed securely. We implement robust encryption (SSL/TLS) and strict access controls, ensuring that personal data is only accessible to authorized personnel who require it to perform their duties. We also vet our subcontractors to ensure they maintain equivalent security standards.

XIV. CONTACT DETAILS

Frellio
Brīvības iela 55A
Ogre, 5001, Latvia
Email: support@frellio.com