Privacy Policy — Alta Ritual Limited

Last updated: 21 November 2025

Controller: Alta Ritual Limited
Company number (CRO): 795070
Registered address: 6 Fern Road, Sandyford, Dublin, Ireland, D18 FP98
Data protection / rights contact: contact@alta-ritual.com

Alta Ritual Limited (“we”, “us”, “our”) operates the website https://alta-ritual.com (the “Website”). This Privacy Policy explains how we collect, use, disclose and protect personal data when you visit the Website, create an account, place an order or otherwise interact with us.

This policy implements the information requirements of the EU General Data Protection Regulation (GDPR) and relevant Irish guidance. We provide the information required by Article 13 GDPR at the time we collect personal data.

1. What personal data we collect

We collect and process personal data in several ways:

A. Device & technical data (automatically collected): browser type and version, IP address (may be pseudonymised), time zone, cookie identifiers, pages and products viewed, referrer URL, and interaction data (clicks, forms). We call this “Device Information.”

B. Account & contact data (provided by you): name, billing and shipping address, email address, telephone number, and any other information you provide when registering or contacting us.

C. Order & payment data: details required to process orders (products ordered, delivery address, order history). Payment card details are not stored by Alta Ritual — payment processing is handled by third-party PSPs (PayPal, Stripe) and their privacy/security terms apply.

D. Marketing & communications: marketing preferences and email subscription status (newsletter sign-ups).

E. User content and support: comments, product reviews, chat transcripts, and messages you send to our support team.

F. Security logs & fraud detection: logs related to authentication, access, and suspected fraud incidents.

2. Why we process personal data and the lawful basis

We only process personal data that is necessary for the purposes set out below. Where we list a lawful basis, that is the legal ground we rely on under the GDPR:

  • To perform a contract with you (processing necessary to fulfil your order, deliver goods, process returns and payments). (Lawful basis: performance of a contract).
  • To comply with legal obligations (accounting, tax, record keeping). For statutory accounting and tax records we retain the relevant data for the periods required by law. (Lawful basis: legal obligation).
  • For our legitimate interests (improving the Website, fraud prevention, network and information security, handling customer service enquiries). We only rely on legitimate interests where the processing does not override your rights and freedoms; we document balancing tests for such cases. (Lawful basis: legitimate interests).
  • On the basis of your consent for marketing communications and non-essential cookies/tracking (analytics, advertising/remarketing). You can withdraw consent at any time. (Lawful basis: consent).

A clear category-by-category table of the types of personal data, purposes and lawful bases is published in the extended Privacy Policy section on the Website (see “Detailed Data Processing Table”).

3. Cookies and tracking

We use cookies and similar technologies to operate the Website and improve your experience. Under Irish rules and e-Privacy regulations, user consent is required for most cookies; consent must be a clear, affirmative act that is freely given, specific and informed. We follow the DPC guidance on cookies and tracking.

Key points about our cookie practice:

  • No non-essential cookie is set before you consent. Our cookie banner (Hostinger banner) blocks non-essential scripts until you provide explicit consent. We log consent (time, purpose categories) so we can evidence lawful consent.
  • You will be offered a granular choice of cookie purposes (e.g. Strictly necessary, Functional, Analytics, Marketing) and you can change or withdraw your consent at any time via the Cookie Settings link on the website.
  • A full Cookie Table listing cookie name, provider, purpose and lifetime appears on the Website cookie settings page (placeholder included below — fill in real cookie names once the site is live).

4. Payment processing & card data

We accept payments via PayPal and Stripe. When you pay using these providers, card details are processed by the PSP and are not stored on Alta Ritual servers. Please review PayPal’s and Stripe’s privacy policies for details of how they process payment data. We may receive limited transaction metadata from the PSPs required to administer your order (e.g. transaction ID, payment status).

5. Recipients / Service providers (processors)

We use third-party processors to provide the Website and services. These include (examples of common e-commerce processors we use): Hostinger (hosting, cookie banner), Google (analytics, Maps, Tag Manager), Meta (advertising/Meta Pixel), PayPal and Stripe (payment processing). We have or will enter into Data Processing Agreements (DPAs) with our processors to ensure they process data only on our instructions and provide adequate security measures.

Where a processor acts as a sub-processor or transfers data outside the EEA, we require appropriate safeguards (for example Standard Contractual Clauses) or rely on an adequacy decision when applicable. The European Commission’s Standard Contractual Clauses (SCCs) are an approved mechanism for transfers outside the EEA.

6. International transfers

Some processors (for example, advertising networks, analytics providers or payment providers) may transfer or access data outside the European Economic Area (EEA) (for example to the United States or Canada). When we or a processor transfer personal data to countries outside the EEA we will ensure a lawful transfer mechanism is in place (adequacy decision, SCCs, or other lawful mechanism) and document those safeguards in the Privacy Policy annex. See the EU guidance on SCCs for transfers to third countries.

7. Data retention

We retain personal data only as long as necessary to fulfil the purposes described and to meet our legal obligations. In particular:

  • Accounting, invoices and tax records: retained for at least six (6) years in accordance with Irish statutory record-keeping requirements.
  • Order and delivery information: retained for 6 years (to support accounting and any after-sales matters).
  • Customer account data: retained for 6 years after last activity, unless you request earlier deletion.
  • Marketing consents and proof of consent: retained while consent is valid and for up to 6 years for audit / compliance purposes.
  • Security logs / fraud detection records: retained for up to 2 years unless needed longer for legal claims or investigations.

If you want a personal data category to be erased earlier, you may request erasure (subject to statutory retention obligations and any legitimate interests we rely on). Where legal obligations require longer retention (e.g. tax law), we will not be able to erase the relevant records until the statutory retention period expires.

8. Your rights under GDPR

If you are in the EU, you have the following rights in relation to your personal data:

  • Right to be informed (this Privacy Policy).
  • Right of access to your personal data.
  • Right to rectification of inaccurate personal data.
  • Right to erasure (‘right to be forgotten’) subject to statutory exceptions.
  • Right to restriction of processing.
  • Right to data portability (where processing is by automated means and based on consent or contract).
  • Right to object to processing based on legitimate interests or direct marketing.
  • Rights in relation to automated decision-making and profiling (if used).

To exercise any right, contact us at: contact@alta-ritual.com. We will verify identity before responding to ensure we only disclose personal data to the correct person. We will respond within the legal time limits (generally one month, extension permitted in complex cases). If you remain unhappy you may lodge a complaint with the Irish Data Protection Commission (Data Protection Commission, Ireland).

9. How to exercise your rights — practical steps

  1. Email: contact@alta-ritual.com with the subject line “Data subject request” and indicate the right you wish to exercise (access, rectification, erasure, etc.).
  2. Provide proof of identity as requested (e.g. copy of a government ID plus proof of current address) to avoid disclosure to a third party.
  3. We will acknowledge your request promptly and respond within one month (extensions where legally permitted).
  4. If we refuse (in whole or part), we will explain the reasons and the available remedies (including complaint to the supervisory authority).

10. Data security & personal data breaches

We implement appropriate technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. Examples include access controls, password policies, encryption where appropriate and secure cloud hosting with our provider.

In the unlikely event of a personal data breach that is likely to result in a risk to individuals’ rights and freedoms, we will notify the Irish Data Protection Commission without undue delay and, where required, within 72 hours of becoming aware of the breach. Where a breach is likely to result in a high risk to the rights and freedoms of affected individuals we will also communicate the breach to those individuals without undue delay.

11. Children and age limits

Our Website and services are intended for adults (18+). We do not knowingly collect personal data from children or minors. If you believe a child has provided personal data to us, please contact contact@alta-ritual.com and we will take steps to delete the information.

12. Automated decision-making and profiling

We do not currently carry out decisions based solely on automated processing including profiling that would produce legal effects concerning you or similarly significantly affect you. If that changes we will notify you and explain the logic involved, the significance and the envisaged consequences, and provide the means to obtain human intervention.

13. Links to other websites

Our Website may contain links to other websites maintained by third parties. This Privacy Policy does not apply to external sites. We encourage you to review the privacy policies of those third-party sites.

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time (for example if services change or new legal requirements appear). Any material changes will be published on the Website with an updated “Last updated” date. We encourage you to review the Privacy Policy regularly.

15. Contact & supervisory authority

If you have questions, requests or complaints about this Privacy Policy or our processing of your personal data, contact:

Email: contact@alta-ritual.com
Postal: Alta Ritual Limited, 6 Fern Road, Sandyford, Dublin, D18 FP98, Ireland

You also have the right to lodge a complaint with the Irish Data Protection Commission: see the DPC website for contact details and complaint forms.

Alta Ritual Limited (CRO 795070) processes your personal data to provide the Website and to fulfil your orders. For details about what we collect, how we use it and your rights, see our Privacy Policy. Contact: contact@alta-ritual.com.