VIRTUS · virtus.gift

Privacy Policy

GDPR-Compliant · Last updated: May 2026

01Data Controller

The data controller responsible for your personal data is:

SZILÁGYI ALAJOS ÎNTREPRINDERE INDIVIDUALĂ
Sat. Ciumani, Comuna Ciumani, Nr. 1445/A, 537050 Județul Harghita, Romania
CUI: 36040634
Email: info@virtus.gift

This Privacy Policy explains how VIRTUS (virtus.gift) collects, uses, stores, and protects your personal data in accordance with Regulation (EU) 2016/679 (the General Data Protection Regulation, “GDPR”) and applicable Romanian data protection law.

By using our website and services, you acknowledge that you have read and understood this policy. If you do not agree, please do not use virtus.gift.

02Data We Collect

Account & Purchase Data

When you create an account or place an order, we collect:

Your name and email address
Your billing address (if applicable)
Order details: product purchased, tier, quantity, price
Payment reference number (not card data — see Stripe below)

Medal & Dedication Content

To mint your digital medal, we collect and process:

The recipient’s name as entered by you
Your personal dedication text (up to 500 characters)
The occasion selected
Names of any co-signers you invite and their optional messages
Co-signers’ email addresses (used solely to send the signing invitation)

Important: The recipient’s name, dedication text, and all co-signer names are permanently recorded on the Cardano blockchain and displayed publicly on the memorial page. Please read Section 5 carefully before submitting any content.

Technical & Usage Data

IP address and approximate geolocation
Browser type and version, operating system
Pages visited, time spent, referral source
Cookie and session data (see Section 10)

Communications

Emails you send us via info@virtus.gift
Newsletter subscription data (name, email) if you subscribe to Virtue Alerts

03Legal Basis for Processing

Processing Activity	Legal Basis (GDPR Art. 6)
Processing your order and minting the medal	Art. 6(1)(b) — Performance of a contract
Generating and hosting the memorial page	Art. 6(1)(b) — Performance of a contract
Sending order confirmation and medal delivery email	Art. 6(1)(b) — Performance of a contract
Issuing invoices and tax compliance	Art. 6(1)(c) — Legal obligation
Sending newsletter / marketing emails	Art. 6(1)(a) — Consent
Analytics and website improvement	Art. 6(1)(f) — Legitimate interest
Fraud prevention and platform security	Art. 6(1)(f) — Legitimate interest
Responding to support enquiries	Art. 6(1)(f) — Legitimate interest
Co-signer invitation emails	Art. 6(1)(b) — Performance of a contract

04How We Use Your Data

We use the personal data we collect for the following purposes:

To process your order, mint your medal on the Cardano blockchain, and generate the recipient’s memorial page
To send order confirmation, medal delivery notification, and invoice by email
To send co-signing invitations on your behalf to the email addresses you provide
To issue legally compliant invoices under Romanian and EU tax law
To respond to your customer support enquiries
To send you newsletters and product updates, if you have subscribed and consented
To improve our website, detect errors, and prevent fraudulent activity
To comply with our legal obligations under Romanian and EU law

We do not use your data for automated individual decision-making or profiling that produces legal or similarly significant effects.

05Public Nature of Medal Data & Blockchain Permanence

Please read this section carefully before purchasing.

By its nature, a VIRTUS digital medal is a public tribute. When you place an order, the following data is permanently and publicly recorded:

The recipient’s name as entered by you
Your dedication message
The names of all co-signers
The virtue medal type and occasion
A unique transaction reference on the Cardano blockchain

This data is displayed on the publicly accessible memorial page at virtus.gift/medal/[unique-slug] and is permanently inscribed on the Cardano blockchain — a distributed public ledger.

Blockchain records cannot be deleted or modified, even upon request. Once a medal has been minted, VIRTUS has no technical ability to remove data from the Cardano blockchain. We can remove or restrict the memorial page on virtus.gift upon a valid legal request, but the blockchain record will remain permanent.

Do not include sensitive personal information such as home addresses, phone numbers, financial details, or health information in your dedication text or recipient name fields.

By completing a purchase, you confirm that you have obtained any consent necessary to include the recipient’s name and any co-signers’ names in a public, permanent digital tribute.

06Data Sharing & Third Parties

We do not sell your personal data. We share data only with the trusted service providers necessary to operate the platform:

Service Provider	Purpose	Location
Stripe Payments Europe Ltd	Payment processing. Stripe processes card transactions on our behalf. We never receive or store your full card details.	Ireland (EU)
NMKR GmbH	Cardano blockchain minting infrastructure. Medal metadata (recipient name, virtue, dedication) is transmitted to NMKR for minting.	Germany (EU)
Brevo (Sendinblue SAS)	Email delivery for order confirmations, medal notifications, and newsletter (if subscribed). Your name and email are stored in Brevo.	France (EU)
Google LLC	SMTP email routing and analytics. Google Analytics may collect anonymised usage data. We use Google Site Kit.	USA (SCCs)
ArDrive / Arweave network	Permanent decentralised storage of medal artwork and metadata. Data stored on Arweave is public and permanent.	Decentralised
Cardano Blockchain	Public distributed ledger on which medal tokens are minted. All on-chain data is publicly accessible worldwide.	Global / decentralised

All EU-based processors are bound by GDPR. Non-EU processors are subject to appropriate safeguards (Standard Contractual Clauses where applicable).

We may also disclose data to law enforcement or regulatory authorities where required by law.

07International Data Transfers

Some of our service providers (Google, Arweave, Cardano blockchain) operate outside the European Economic Area (EEA). Where data is transferred to countries that do not provide an equivalent level of data protection, we rely on:

Standard Contractual Clauses (SCCs) approved by the European Commission
Adequacy decisions where applicable

Note that data recorded on the Cardano blockchain is by nature global and cannot be geographically restricted. By consenting to medal minting, you acknowledge this inherent characteristic of blockchain technology.

08Data Retention

Data Category	Retention Period
Order and invoice data	10 years (Romanian accounting and tax law requirement)
Account data (name, email)	Duration of account + 2 years after last activity
Dedication and medal content	Indefinitely on the blockchain; memorial page active while VIRTUS operates
Co-signer email addresses	Deleted 30 days after the co-signing deadline passes
Newsletter subscriber data	Until you unsubscribe or withdraw consent
Support correspondence	2 years from the date of resolution
Analytics and log data	13 months (Google Analytics standard retention)

09Your Rights Under GDPR

As a data subject under the GDPR, you have the following rights:

Right of access (Art. 15): You may request a copy of the personal data we hold about you.
Right to rectification (Art. 16): You may request correction of inaccurate or incomplete personal data.
Right to erasure (Art. 17): You may request deletion of your personal data where there is no overriding legal basis for retention. Note: data already recorded on the Cardano blockchain cannot be erased for technical reasons (Art. 17(3)(e) GDPR).
Right to restriction (Art. 18): You may request that we restrict processing of your data in certain circumstances.
Right to data portability (Art. 20): You may request your data in a structured, machine-readable format.
Right to object (Art. 21): You may object to processing based on legitimate interests or for direct marketing purposes.
Right to withdraw consent: Where processing is based on consent (e.g. newsletter), you may withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at info@virtus.gift. We will respond within 30 days. We may need to verify your identity before processing your request.

If you are unsatisfied with our response, you have the right to lodge a complaint with the Romanian supervisory authority, ANSPDCP (dataprotection.ro), or the supervisory authority of your EU member state of residence.

10Cookies

We use cookies and similar technologies to operate the website, process orders, and analyse usage. Our cookie management is handled through the WP Consent API, which allows you to manage your consent preferences.

For full details of the cookies we use, their purpose, and how to manage them, please see our Cookie Policy.

11Children’s Privacy

VIRTUS services are not directed at children under the age of 16. We do not knowingly collect personal data from individuals under 16 without verified parental consent. If you believe we have inadvertently collected data from a minor, please contact us immediately at info@virtus.gift and we will delete the data promptly.

12Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify registered users of material changes by email and will update the “Last updated” date at the top of this page. Continued use of virtus.gift after changes are posted constitutes your acceptance of the updated policy.

13Contact & Complaints

For any questions, requests, or concerns relating to your personal data or this Privacy Policy, please contact us:

SZILÁGYI ALAJOS ÎNTREPRINDERE INDIVIDUALĂ
Email: info@virtus.gift
Address: Sat. Ciumani, Comuna Ciumani, Nr. 1445/A, 537050 Harghita, Romania

Supervisory authority for data protection complaints: ANSPDCP — dataprotection.ro