Last updated: 7 July 2025
Sotuland Studio (“Sotuland”, “we”, “us”, “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains what information we collect, how we use it, and the rights you have under the EU General Data Protection Regulation (“GDPR”) and other applicable laws.
1. Who We Are
Schotter Studio OÜ
Mustamäe tee 6b, 10621 Tallinn, Estonia
Registry code 11484292
Email: privacy@sotuland.com
Website: https://sotuland.com
2. Data We Collect
| Category | What we collect | When / how |
|---|---|---|
| Account & Order Data | Name, postal address, billing address, email, phone, order history | Account registration, checkout, customer support |
| Payment Data | Last four digits of card, payment token, transaction ID | At checkout (processed by Stripe, PayPal, EveryPay) |
| Usage Data | IP address, browser type, OS, referring pages, time-stamps | When you browse our site (server logs, analytics cookies) |
| Marketing Preferences | Newsletter opt-in status, email-opens, link-clicks | When you subscribe or interact with emails |
| Support Content | Messages, attachments, feedback | When you email or fill in contact forms |
We do not intentionally collect special-category (sensitive) personal data.
3. How & Why We Use Your Data
| Purpose | Legal basis (Art. 6 GDPR) |
|---|---|
| Process and ship orders | Contract performance |
| Provide customer support | Legitimate interest |
| Send order updates & transactional emails | Contract performance |
| Send newsletters & promotions | Consent (you may unsubscribe at any time) |
| Prevent fraud and secure our services | Legitimate interest |
| Comply with tax, accounting, and legal obligations | Legal obligation |
4. Cookies & Analytics
We use essential cookies for the shopping cart and login, plus analytics cookies to understand site performance. You can disable non-essential cookies via the banner or your browser settings. Blocking cookies may impair site functionality.
5. Third-Party Sharing
We do not sell or rent your personal data. We only share it with trusted partners as needed:
- Payment processors — Stripe, PayPal, EveryPay (card and bank-link payments). These PCI-DSS–compliant providers handle full card details; Sotuland never sees or stores your complete card number.
- Manufacturing & Shipping — Printful (print-on-demand production, fulfilment, logistics).
- Couriers — postal and express carriers engaged by Printful for last-mile delivery.
- Cloud services — EU/US-based hosting, email, and backup providers under GDPR-compatible standard contractual clauses.
- Law enforcement & regulators — when required to comply with legal obligations or to protect our rights.
6. International Transfers
Some partners are located outside the European Economic Area. Whenever data is transferred internationally, we rely on:
- Adequacy decisions by the European Commission, or
- Standard Contractual Clauses and additional safeguards.
7. Data Retention
We keep:
- Order records — 7 years (Estonian Accounting Act).
- Inactive accounts — deleted after 5 years of inactivity.
- Newsletter data — until you unsubscribe.
- Server logs — up to 24 months for security.
When retention ends, data is securely deleted or anonymised.
8. Your Rights
Under GDPR you may:
- Access the data we hold about you.
- Rectify inaccurate or incomplete data.
- Erase your data (“right to be forgotten”) in certain cases.
- Restrict or object to processing.
- Port your data to another service.
- Withdraw consent at any time (for marketing emails).
- Lodge a complaint with your supervisory authority (Estonian Data Protection Inspectorate or your local authority).
Contact us at privacy@sotuland.com to exercise these rights. We respond within 30 days.
9. Data Security
- HTTPS encryption across the site
- PCI-DSS card handling (via payment processors)
- Access controls and MFA for admin accounts
- Regular backups and vulnerability patching
Despite safeguards, no online service is 100 % secure; please use unique, strong passwords.
10. Children
Our services are not directed to children under 16. If we learn we have collected data from a minor without parental consent, we will delete it promptly.
11. Changes to This Policy
We may update this notice to reflect changes in law or our practices. The “Last updated” date appears at the top. Significant changes will be announced on our website or via email.
12. Contact
For privacy questions, reach out to privacy@sotuland.com or write to the postal address above.