Privacy policy

Last updated: [11/12/2025]

This Privacy Policy describes how TWO CHAPTERS STUDIOS OÜ (brand name Yelvio) processes personal data when you visit or make a purchase from our online store www.yelvio.com (hereinafter the Online Store).

We process personal data in accordance with the General Data Protection Regulation (GDPR), the Personal Data Protection Act of the Republic of Estonia, and other applicable legislation.

By using our Online Store, you agree to the terms described in this Privacy Policy.

1. GENERAL PROVISIONS

1.1. This Privacy Policy regulates the principles of collection, processing and storage of personal data by TWO CHAPTERS STUDIOS OÜ (registry code: 16311506, address: Katusepapi tn 16b, 11412 Tallinn, Harju maakond, Estonia) (hereinafter the Controller, we, or Yelvio).

1.2. A data subject is any natural person whose personal data is processed by the Controller.

1.3. A customer is any person who purchases goods or services from the Online Store or creates an account.

1.4. The Controller processes personal data lawfully, fairly and securely. We confirm that all processing activities comply with GDPR and relevant Estonian legislation.

2. COLLECTION, PROCESSING AND STORAGE OF PERSONAL DATA

2.1. Personal data is primarily collected electronically through the Online Store and by email.
(We do not collect personal data on paper unless explicitly required for customer service.)

2.2. By submitting personal data on the Online Store, the data subject authorises the Controller to process such data for the purposes described in this Privacy Policy.

2.3. The data subject is responsible for ensuring that the personal data they provide is accurate and up to date. Providing false or misleading data constitutes a breach of this Privacy Policy.

2.4. The Controller is not liable for damage caused by the data subject’s submission of incorrect or false data.

3. TYPES OF PERSONAL DATA WE PROCESS

3.1. Yelvio may process the following personal data categories:

• First name and surname
  
  
• Email address
  
  
• Telephone number
  
  
• Delivery address
  
  
• Billing address
  
  
• Payment method (bank link provider, card type — we do not store full card details)
  
  
• Bank account number (only when issuing refunds)
  
  
• Purchase history
  
  
• Device and session data (via Shopify analytics cookies)

3.2. We may also collect publicly available information necessary for verifying identity in case of fraud prevention or legal obligations.

3.3. Legal bases for processing (GDPR Article 6(1)):

• (a) Consent — marketing communications
  
  
• (b) Contract — processing orders, delivery, refunds
  
  
• (c) Legal obligation — accounting, tax requirements
  
  
• (f) Legitimate interest — fraud prevention, service improvement, dispute resolution

4. PURPOSE OF PROCESSING AND RETENTION PERIODS

We process personal data for the following purposes:

4.1. Security and safety

Retention: According to periods specified by Estonian law (e.g. server logs, security logs).

4.2. Order processing and fulfilment

Includes order confirmation, delivery, returns and refunds.
Retention: 3 years (general civil claim limitation period under Estonian law).

4.3. Operation of the Online Store

Includes managing user sessions, Shopify analytics, and technical functioning.
Retention: According to Shopify’s default operational periods (1–36 months, depending on cookie type).

4.4. Customer relationship management

Handling inquiries, complaints, and warranty claims.
Retention: 3 years from last customer interaction.

4.5. Accounting and financial reporting

Retention: 7 years, as required by Estonian accounting law.

4.6. Marketing (newsletters, promotions)

Retention: Until the data subject withdraws consent or unsubscribes.

5. DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES

5.1. Personal data may be shared with the following categories of third parties:

• Payment service provider:
  Personal data necessary for executing payments is transferred to the authorised processor, Maksekeskus AS.
  
  
• Shipping and logistics partners:
  Omniva, Itella Smartpost, DPD, Unisend, or other carriers selected at checkout.
  
  
• Accounting services providers
  (only necessary financial and invoice data).
  
  
• Email and marketing platform providers
  (if applicable, e.g. Shopify Email).
  
  
• Shopify, as the e-commerce platform hosting the Online Store.
  
  

5.2. We do not sell personal data to third parties.

5.3. Data is transferred only within the EU/EEA or to countries with adequate data protection standards (e.g. via Shopify’s GDPR-compliant framework).

6. DATA STORAGE AND SECURITY

6.1. Yelvio implements technical and organisational measures to protect personal data against accidental or unlawful destruction, alteration, loss, unauthorised access, or unlawful processing.

6.2. Access to data is restricted to employees and service providers who need the information to perform their duties.

6.3. Data is stored only for the periods defined in section 4 and deleted or anonymised thereafter.

7. RIGHTS OF THE DATA SUBJECT

A data subject has the following rights under GDPR:

7.1. Right to access

Request a copy of the personal data processed about them.

7.2. Right to rectification

Request correction of inaccurate or incomplete data.

7.3. Right to erasure (“right to be forgotten”)

Request deletion of personal data under certain conditions.

7.4. Right to restrict processing

Request limitation of processing activities.

7.5. Right to data portability

Receive personal data in a machine-readable format.

7.6. Right to object

Object to processing performed on the basis of legitimate interest.

7.7. Right to withdraw consent

Unsubscribe from marketing communications at any time.

7.8. How to exercise your rights

Contact: support@yelvio.com

We respond within 30 days of receiving the request.

7.9. Right to file a complaint

If a customer considers their rights violated, they may contact:

Estonian Data Protection Inspectorate (AKI)
Email: info@aki.ee
Website: https://www.aki.ee

8. COOKIES AND ANALYTICS

8.1. The Online Store uses Shopify’s default analytics cookies to ensure proper functioning of the site and to analyse user behaviour.

8.2. A detailed cookie policy will be provided separately in the Cookie Policy page.

9. CHILDREN’S DATA

We do not knowingly collect personal data from children under 16. If such data is discovered, it will be deleted promptly.

10. AMENDMENTS TO THE PRIVACY POLICY

10.1. Yelvio may update this Privacy Policy to reflect changes in operations or legal requirements.

10.2. Updates will be published in the Online Store, and the “Last updated” date will be adjusted accordingly.

11. CONTACT INFORMATION

For questions about this Privacy Policy or personal data processing, please contact:

TWO CHAPTERS STUDIOS OÜ

Brand: Yelvio

Store support: support@yelvio.com
Business Email: info@twochapterstudios.com
Address: Katusepapi tn 16b, 11412 Tallinn, Harju maakond, Estonia

Phone: (+372) 53717219