Privacy Policy

Last Updated: 12 May 2026

This Privacy Policy explains how Whisperal (“we”, “us”, “our”) collects, uses, stores, and protects your personal data when you visit or use https://whisperal.com (the “Website”), place an order, contact us, or otherwise interact with our services.

We are committed to protecting your privacy and processing personal data in accordance with applicable data protection laws, including:

Regulation (EU) 2016/679 (General Data Protection Regulation — GDPR);
applicable Lithuanian data protection laws;
the EU ePrivacy framework and cookie requirements.

By using the Website, you acknowledge that you have read this Privacy Policy.

1. Data Controller

Whisperal | Part of the CoWork Brand Portfolio

Operated by: Jurgita Žemaitė

Individual Activity Certificate No.: 1513788

Trading as: Whisperal

Registered Address: Vanagupes str. 50-14, LT-00173 Palanga, Lithuania

Email: info@whisperal.com

For the purposes of applicable data protection laws, Whisperal acts as the data controller of your personal data.

2. Personal Data We Collect

We may collect and process the following categories of personal data.

2.1 Information You Provide Directly

When you place an order, create an account, subscribe to emails, or contact us, we may collect:

full name;
billing address;
shipping address;
email address;
phone number;
account login details;
order history;
communications and messages;
information submitted through forms or customer support.

2.2 Payment Information

Payments are processed securely by third-party payment providers such as Stripe, PayPal, Apple Pay, Klarna, or similar services.

We do not store complete payment card details on our servers.

Payment providers process personal data according to their own privacy policies and security standards.

2.3 Information Collected Automatically

When you use the Website, certain technical and usage data may be collected automatically, including:

IP address;
browser type and version;
device identifiers;
operating system;
language settings;
referring URLs;
pages visited;
time spent on pages;
click and interaction data;
cookie identifiers;
analytics and performance information.

3. How We Use Personal Data

We process personal data for the following purposes:

processing and fulfilling orders;
shipping and delivery;
customer support and communication;
account management;
fraud prevention and security monitoring;
payment verification;
legal and accounting compliance;
improving Website functionality and performance;
analytics and statistics;
marketing communications where permitted by law;
protecting our legal rights and business interests.

4. Legal Bases for Processing

Under the GDPR, we rely on one or more of the following legal bases:

Contract Performance

Processing necessary to fulfill orders, deliver products, process payments, provide customer support, or manage accounts.

Legal Obligations

Processing required for tax, accounting, fraud prevention, consumer protection, and other legal obligations.

Legitimate Interests

Processing necessary for:

Website security;
fraud prevention;
business administration;
analytics;
service improvements;
defending legal claims.

We ensure that such interests do not override your fundamental rights and freedoms.

Consent

Where required by law, we rely on your consent for:

marketing emails;
non-essential cookies;
advertising and tracking technologies.

You may withdraw consent at any time.

5. Marketing Communications

If you subscribe to our newsletter or consent to marketing communications, we may send you:

promotional emails;
product updates;
offers and campaigns;
abandoned cart reminders;
brand-related communications.

You may unsubscribe at any time using the unsubscribe link in emails or by contacting us.

We do not send marketing communications where prohibited by law.

6. Cookies and Tracking Technologies

The Website uses cookies and similar technologies to:

ensure proper Website functionality;
remember user preferences;
analyze Website traffic;
improve user experience;
measure advertising performance;
personalize content and marketing.

Cookies may include:

essential cookies;
analytics cookies;
functionality cookies;
advertising and targeting cookies.

Where required by law, non-essential cookies are used only after obtaining user consent.

Users may manage cookie preferences through the cookie banner or browser settings.

Detailed information is available in our Cookie Policy.

7. Analytics and Advertising Technologies

We may use third-party analytics and advertising services, including:

Google Analytics;
Meta Pixel (Facebook Pixel);
Instagram advertising tools;
TikTok Pixel;
email marketing platforms;
WooCommerce analytics tools.

These providers may collect information about Website usage, interactions, and advertising performance.

Some providers may process data outside the European Economic Area (EEA) subject to appropriate safeguards.

8. Sharing of Personal Data

We may share personal data with trusted third-party service providers where necessary for business operations, including:

payment processors;
shipping and logistics companies;
hosting providers;
cloud service providers;
IT and security providers;
analytics providers;
marketing platforms;
accounting, legal, and professional advisors.

We may also disclose personal data:

where required by law;
to comply with legal obligations;
to protect rights, property, or safety;
to prevent fraud or abuse.

We do not sell personal data.

9. International Data Transfers

Some service providers may process personal data outside the European Economic Area (EEA).

Where international transfers occur, we implement appropriate safeguards, including:

European Commission adequacy decisions;
Standard Contractual Clauses (SCCs);
contractual and technical protection measures.

10. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy or as required by law.

Retention periods may vary depending on the type of data and legal obligations.

Examples include:

order and invoice records — retained as required by tax and accounting laws;
customer support communications — retained as reasonably necessary;
marketing data — retained until consent is withdrawn or objection is made;
analytics and cookie data — retained according to applicable cookie settings and retention periods.

When personal data is no longer required, it will be securely deleted or anonymized.

11. Data Security

We implement appropriate technical and organizational security measures designed to protect personal data against:

unauthorized access;
accidental loss;
misuse;
disclosure;
destruction or alteration.

Security measures may include:

SSL encryption;
restricted data access;
secure payment processing;
hosting security protections;
software and security updates.

However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

12. Your Rights Under GDPR

Subject to applicable law, you may have the following rights:

right of access;
right to rectification;
right to erasure (“right to be forgotten”);
right to restriction of processing;
right to data portability;
right to object to processing;
right to withdraw consent at any time;
right not to be subject solely to automated decision-making where applicable.

To exercise your rights, please contact:

info@whisperal.com

We may request verification of identity before responding to requests.

13. Complaints and Supervisory Authorities

If you believe that your personal data has been processed unlawfully, you have the right to lodge a complaint with a supervisory authority.

You may contact:

State Data Protection Inspectorate of the Republic of Lithuania (Valstybinė duomenų apsaugos inspekcija)

Website: https://vdai.lrv.lt/

You may also contact the supervisory authority in your country of residence within the European Union.

14. Third-Party Links

The Website may contain links to third-party websites, services, or applications.

We are not responsible for the privacy practices, content, or security of third-party services.

Users should review the privacy policies of third-party websites before providing personal data.

15. Children’s Privacy

The Website is not intended for children under the age of 16.

We do not knowingly collect personal data from children.

If we become aware that personal data has been collected from a child without appropriate consent, we will take reasonable steps to delete the data.

16. Automated Decision-Making

We do not use fully automated decision-making processes that produce legal or similarly significant effects on users within the meaning of Article 22 GDPR.

Certain automated systems may be used for fraud prevention, analytics, advertising optimization, or recommendation purposes.

17. Data Breach Procedures

In the event of a personal data breach likely to result in a risk to users’ rights and freedoms, we will take appropriate measures in accordance with applicable law, including notifications where legally required.