Privacy Policy
Effective date: 1 Jul 2026 Last updated: 16 Jul 2026
At Valen Sey, your skin's story is personal — and so is your data. This policy explains, in plain terms, what we collect, why we collect it, who ever sees it, and the choices you have at every step. If a section feels dense, that's the law's fault, not ours — we've kept it as short as it can legally be.
1. Who We Are
Valen Sey ("we," "us," "our," or "the Company") operates the website thevalensey.com (the "Site") and is the data controller responsible for your personal information under this policy.
Business operator: Vytautas Žukauskas, trading as Valen Sey Registered trading address: 133 R. Kalantos g., Kaunas, Lithuania Contact email: contact@thevalensey.com Contact form: thevalensey.com/pages/contact
For any privacy question, correction, or rights request, email is the fastest route — we do not publish a support phone line, to keep your contact channel to us secure and to keep us reachable through one accountable, logged inbox rather than scattered channels.
2. What Personal Data We Collect
We collect only what we need to run your order, your account, and your experience on the Site. Broadly, this falls into six buckets:
| Category | Examples | When it's collected |
|---|---|---|
| Identity & contact data | Name, email, phone (if you provide one), shipping/billing address | Checkout, account creation, contact form |
| Order & transaction data | Products purchased, order value, order history, returns/refund records | Every purchase |
| Payment data | Card type and last 4 digits, billing address, payment method selected | Checkout (full card details are handled directly by our payment processors — see Section 5) |
| Skin profile data | Answers to the Skin Assessment (skin type, stated concerns, product preferences) | When you voluntarily use the Skin Assessment tool |
| Technical & usage data | IP address, browser type, device type, pages viewed, referral source, cookies | Automatically, while browsing |
| Marketing preference data | Email/SMS opt-ins, campaign engagement (opens, clicks) | When you subscribe to marketing communications |
A note on the Skin Assessment
Our Skin Assessment is a short, interactive quiz about how your skin currently looks and feels (for example, whether it feels tight, looks dull, or reacts easily). It is a styling and product-matching tool, not a diagnostic or medical questionnaire, and it does not ask about diagnosed skin conditions.
Your answers are processed only to show you a result and a short list of suggested products at the end of the quiz. They are not linked to your name, email, account, or order history, are not stored in any profile associated with you, and are discarded once your session ends. Because the responses aren't tied to your identity, they don't require — and don't receive — a separate consent flow beyond your choice to take the quiz.
We do not knowingly collect government ID numbers, biometric identifiers, precise geolocation, or health/medical data.
3. How and Why We Use Your Data
We only process personal data where we have a valid legal basis to do so. Here's the honest mapping:
| Purpose | What we do | Legal basis (GDPR) |
|---|---|---|
| Process and fulfil your order | Share necessary details with payment processors and fulfillment partners | Performance of a contract |
| Customer support | Respond to your emails and requests | Performance of a contract / legitimate interest |
| Skin Assessment recommendations | Show a real-time result and product suggestions during your quiz session (answers not stored or linked to your identity) | Legitimate interest in providing a tool you've chosen to use |
| Marketing emails/SMS | Send offers, product launches, restock alerts | Consent (opt-in) |
| Fraud prevention & security | Monitor for suspicious transactions | Legitimate interest |
| Legal & tax compliance | Retain order/invoice records | Legal obligation |
| Site analytics & improvement | Understand traffic patterns, fix bugs, improve UX | Legitimate interest / consent (for non-essential cookies) |
We never use your data to make automated decisions with legal or similarly significant effect on you (e.g., automated credit or pricing decisions based on profiling).
4. Cookies & Tracking Technologies
Our Site uses cookies and similar technologies (pixels, local storage) to keep your cart working, remember your preferences, and understand how the Site is used.
- Strictly necessary cookies (cart, checkout, security) run automatically — the Site cannot function without them.
- Analytics and marketing cookies (site analytics, ad retargeting, email pixel tracking) run only after you consent via our cookie banner. You can withdraw consent at any time by revisiting your cookie settings, accessible via the link in the site footer, or by adjusting your browser settings.
If you decline non-essential cookies, your core shopping experience is unaffected.
5. Who We Share Your Data With
We do not sell your personal data. Full stop — no exceptions. We share data only with parties who need it to keep your order and the Site running:
- Payment processors (e.g., Shopify Payments, PayPal, Klarna, and other checkout options offered at purchase) — to securely process your payment. These providers are independent data controllers for the payment data they handle, and are themselves regulated (PCI-DSS certified). We never see or store your full card number.
- Our manufacturing and logistics partners — your name, shipping address, and order contents are shared solely to produce, pack, and ship your order. For orders shipped within the EU, fulfillment takes place at an EU-based facility; for orders shipped to the United States, fulfillment may take place at a US-based facility to shorten delivery times. In either case, this partner is contractually bound to use your data only for fulfillment and nothing else.
- Website & e-commerce infrastructure providers (our e-commerce platform host and related app integrations) — to operate the Site, cart, and checkout.
- Email/SMS marketing platforms — only if you've opted in, to send the communications you've requested.
- Analytics providers — aggregated or pseudonymised usage data, only where you've consented to non-essential cookies.
- Legal & regulatory authorities — only where required by law, court order, or to protect our legal rights, safety, or property.
We conduct due diligence on every processor before working with them and require data-processing agreements consistent with GDPR Article 28 where applicable.
6. International Data Transfers
Because we work with global payment, hosting, and fulfillment partners, your data may be processed outside your home country — including in the United States or other countries outside the European Economic Area (EEA).
Where we transfer personal data from the EEA/UK to a country not deemed to offer an adequate level of protection, we rely on appropriate safeguards, primarily the European Commission's Standard Contractual Clauses (SCCs), and where relevant, the UK International Data Transfer Addendum. You can request more detail on the specific safeguard used for any given transfer by contacting us.
7. Data Retention
We keep personal data only as long as necessary for the purposes it was collected:
- Order and invoice records: retained for the period required by applicable tax and accounting law (typically up to 10 years in the EU, shorter in most other jurisdictions).
- Account data: retained while your account remains active, and for a reasonable period after inactivity in case you return.
- Marketing data: retained until you unsubscribe or withdraw consent, after which we suppress your details from future campaigns.
- Skin Assessment data: not retained. Your answers exist only for the duration of your quiz session, are not stored against your identity, and are discarded once your result is shown.
- Customer support correspondence: retained for a reasonable period to handle any follow-up, warranty, or dispute matters.
When data is no longer needed, we delete or irreversibly anonymise it.
8. Your Rights
If you're in the EU/EEA or UK (GDPR / UK GDPR)
You have the right to:
- Access — request a copy of the personal data we hold about you.
- Rectification — correct inaccurate or incomplete data.
- Erasure — request deletion of your data ("right to be forgotten"), subject to legal retention obligations.
- Restriction — limit how we use your data in certain circumstances.
- Portability — receive your data in a structured, machine-readable format.
- Object — object to processing based on legitimate interest or for direct marketing at any time.
- Withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior lawful processing.
- Lodge a complaint — with your national data protection authority. As we are based in Lithuania, our lead supervisory authority is the State Data Protection Inspectorate (Valstybinė duomenų apsaugos inspekcija), though you may also contact the authority in your own country of residence.
If you're in California (CCPA/CPRA)
You have the right to:
- Know what personal information we collect, use, and disclose.
- Delete personal information we've collected from you, subject to certain exceptions.
- Correct inaccurate personal information.
- Opt out of the "sale" or "sharing" of personal information — noting again that we do not sell your data, and any "sharing" for advertising purposes only occurs through cookies you've separately consented to.
- Non-discrimination — we will never deny you service, charge you a different price, or provide a different quality of service because you exercised a privacy right.
For everyone else
Regardless of where you live, you can email us at contact@thevalensey.com to request access, correction, or deletion of your data, and we will honour reasonable requests in line with applicable law, generally within 30 days.
To exercise any of these rights, contact us via thevalensey.com/pages/contact or email contact@thevalensey.com. We may need to verify your identity before processing certain requests, to protect your data from being accessed by someone impersonating you.
9. Children's Privacy
Our Site and products are not directed at children. You must be at least 16 years old to use the Site independently (the GDPR's default age of consent for information society services); if you are between 13–15, you may use the Site only with a parent or guardian's involvement, depending on your country's specific age threshold. We do not knowingly collect personal data from children under 13. If we learn we've inadvertently collected such data, we will delete it promptly — contact us if you believe this has occurred.
10. Data Security
We apply technical and organisational safeguards appropriate to the sensitivity of the data involved, including encrypted data transmission (TLS/SSL), restricted internal access to personal data, and PCI-DSS-compliant payment handling through our checkout providers. No method of transmission or storage is 100% secure, but we continuously review our practices to reduce risk.
In the unlikely event of a data breach affecting your personal data, we will notify affected individuals and relevant authorities without undue delay, in line with GDPR's 72-hour notification requirement where applicable.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The "Last updated" date at the top reflects the most recent revision. For material changes, we will provide more prominent notice, such as a Site banner or an email to registered accounts, where appropriate.
12. Contact Us
Questions, requests, or concerns about this policy or your data:
Valen Sey 133 R. Kalantos g., Kaunas, Lithuania
Email: contact@thevalensey.com
Contact form: thevalensey.com/pages/contact
This policy is provided for informational purposes as part of Valen Sey's commitment to transparency and does not constitute legal advice. We recommend periodic legal review to ensure ongoing compliance as regulations evolve.
