Privacy Policy
Table of Contents
Data Controller
The Data Controller for personal data collected through the website folligen-anticaduta.myshopify.com (and related domains) is:
Folligen
Email: supporto.folligen@gmail.com
For any request related to this Privacy Policy, you can contact us directly at the email address provided above.
The Controller undertakes to process your personal data in compliance with EU Regulation 2016/679 (GDPR), the Personal Data Protection Code (Legislative Decree 196/2003, as amended by Legislative Decree 101/2018), and the provisions of the Garante per la protezione dei dati personali (Italian Data Protection Authority).
Unless otherwise indicated below, the provision of your personal data is not mandatory by law or by contract. However, some data are necessary to complete a purchase or use certain services: in such cases, failure to provide them may make it impossible to provide the requested service.
Types of Data Collected
We collect different categories of data depending on your interactions with the website:
| Category | Examples | How collected |
|---|---|---|
| Identification Data | Name, surname, email address, phone number | Account registration, checkout, contact forms |
| Shipping/Billing Data | Delivery address, city, postcode, country | Purchase process |
| Payment Data | Last 4 digits of card, payment method, transaction status | Payment gateways (Stripe, PayPal, Klarna) — Folligen never sees full card data |
| Navigation Data | IP address, browser, operating system, pages visited, time on site, origin | Automatically via server logs, cookies, pixels |
| Account Data | Order history, saved addresses, preferences | Customer profile creation on Shopify |
| Communications | Content of emails, messages sent via the contact form | Direct interaction with support |
| Marketing Data | Email opens, clicks, newsletter subscription, consents | Explicit consent upon subscription |
Sensitive data: We do not collect or process special categories of personal data under Article 9 of the GDPR (health data, biometric data, religious data, etc.).
Purpose of Processing and Legal Basis
| Purpose | Legal Basis (Art. 6 GDPR) |
|---|---|
| Order processing and management (checkout, payment, shipping, delivery notifications) | Art. 6(1)(b) — performance of a contract |
| Customer account management (registration, access, order history) | Art. 6(1)(b) — performance of a contract |
| Customer support and complaint management | Art. 6(1)(b) — performance of a contract / Art. 6(1)(f) — legitimate interest |
| Tax and accounting compliance (invoice issuance, VAT registrations) | Art. 6(1)(c) — legal obligation |
| Fraud prevention and cybersecurity | Art. 6(1)(f) — legitimate interest |
| Direct marketing and newsletters (offers, new products, promotions) | Art. 6(1)(a) — explicit and revocable consent |
| Website analysis and improvement (navigation statistics, A/B testing) | Art. 6(1)(f) — legitimate interest / Art. 6(1)(a) — consent (for analytical cookies) |
| Targeted advertising (retargeting, Meta Pixel, Google Ads) | Art. 6(1)(a) — explicit consent via cookie banner |
| Loyalty and referral programs | Art. 6(1)(b) — performance of a contract / Art. 6(1)(a) — consent |
Where the legal basis is consent, you have the right to withdraw it at any time without affecting the lawfulness of processing based on consent before its withdrawal. You can do this by clicking "Unsubscribe" in any email or by writing to supporto.folligen@gmail.com.
Third Parties, Sub-Processors, and Transfers
To provide our services, we use third-party providers who act as Data Processors under Article 28 of the GDPR, bound by specific contractual agreements and/or Standard Contractual Clauses (SCCs) where data is transferred outside the EU.
| Provider | Service | Location / Transfer |
|---|---|---|
| Shopify Inc. | E-commerce platform, order management, customer accounts | Canada/USA — adequacy decision or SCC |
| Stripe | Card payment processing | USA — SCC + adequacy mechanisms |
| PayPal | PayPal payment processing | USA/Luxembourg — SCC |
| Klarna | Installment payment / Buy Now Pay Later | Sweden (EU) |
| Shipping couriers (BRT, GLS, SDA, Poste Italiane, DHL) | Order delivery, tracking | Italy / EU |
| Google LLC (Analytics, Ads) | Traffic analysis, advertising | USA — SCC + Data Privacy Framework |
| Meta Platforms (Facebook/Instagram Pixel) | Advertising retargeting, conversions | USA — SCC |
| Klaviyo / Mailchimp (if active) | Email marketing, newsletter | USA — SCC |
We do not sell, rent, or transfer your personal data to third parties for their own marketing purposes without your explicit consent.
We may disclose your data if required by competent judicial or administrative authorities under applicable law.
Cookies and Tracking Technologies
Our website uses cookies and similar technologies (pixels, web beacons, local storage). In accordance with the Italian Data Protection Authority's Provision on the use of cookies (2021) and the ePrivacy Directive, a banner is displayed upon your first visit, allowing you to choose which categories of cookies to accept.
| Category | Function | Consent required |
|---|---|---|
| Technical / Necessary | Session, cart, authentication, security. Essential for website operation. | Not required |
| Functionality | Remember preferences (language, saved address, wishlists) | Yes |
| Analytical | Google Analytics — aggregated navigation statistics to improve the site | Yes |
| Marketing / Profiling | Meta Pixel, Google Ads — personalized ads, retargeting, conversion measurement | Yes |
You can change or withdraw your cookie consent at any time by clicking on the "Manage cookie preferences" link in the website footer or through your browser settings. Withdrawal does not affect the lawfulness of previous processing.
Data Retention
Your personal data is retained for the time strictly necessary for the purposes for which it was collected, in compliance with the storage limitation principle (Art. 5(1)(e) GDPR):
- Accounting and tax data (orders, invoices): 10 years, as required by Art. 2220 of the Civil Code and Italian tax regulations.
- Active customer account: for the entire duration of the relationship, until a deletion request is made.
- Marketing / newsletter data: until consent is withdrawn or for a maximum of 3 years from the last interaction.
- Navigation data and server logs: maximum 12 months, except for security needs or investigation of illicit activities.
- Support communications (emails, tickets): 3 years from the closure of the request.
Upon expiry of the terms, the data is deleted or irreversibly anonymized.
Your Rights under the GDPR
As a data subject, you have the following rights guaranteed by Articles 15–22 of the GDPR:
To know if we process your data, obtain a copy, and understand the processing methods (Art. 15).
To correct inaccurate or incomplete data concerning you (Art. 16).
To obtain the erasure of your data ("right to be forgotten"), unless legal obligations apply (Art. 17).
To request temporary restriction of processing in certain cases (Art. 18).
To receive your data in a structured, commonly used, and machine-readable format, or transmit it to another controller (Art. 20).
To object to processing based on legitimate interest or for direct marketing purposes (Art. 21).
To withdraw consent at any time, without retroactive effect (Art. 7).
Not to be subject to decisions based solely on automated processing (Art. 22).
To exercise any of these rights, please write to supporto.folligen@gmail.com, stating your name, the email address associated with your account, and the right you wish to exercise. We will respond within 30 days (extendable by another 60 in complex cases, with prior notification).
Data Security
We adopt appropriate technical and organizational measures under Art. 32 GDPR to protect your data from unauthorized access, loss, alteration, or disclosure. In particular:
- Data transmission encrypted via HTTPS/TLS protocol.
- Credit card data is managed exclusively by certified PCI-DSS payment gateways (Stripe, PayPal): Folligen never stores full card data.
- Access to systems restricted to authorized personnel with individual credentials.
- Shopify infrastructure with international security certifications (ISO/IEC 27001, SOC 2).
In the event of a data breach that poses a high risk to your rights and freedoms, we will inform you without undue delay as required by Article 34 GDPR.
Minors
The Folligen website and products are exclusively intended for individuals who are 16 years of age or older (or the minimum age required by applicable local law). We do not intentionally collect data from minors. If you are a parent or guardian and believe that a minor has provided us with personal data, please contact us at supporto.folligen@gmail.com and we will delete it.
Changes to This Policy
We reserve the right to update or modify this Privacy Policy at any time. Changes will be published on this page with an indication of the last update date. In case of substantial changes, we may inform you via email or a banner on the site. We encourage you to review this page periodically.
Continued use of the site after the publication of changes constitutes acceptance of the new version of the Privacy Policy.
Contacts and Data Protection Officer
For any questions, requests, or complaints regarding the processing of your personal data, you can contact the Data Controller:
Folligen — Privacy Office
📧 Email: supporto.folligen@gmail.com
🕐 Response times: within 5 business days for general inquiries; within 30 days for exercising GDPR rights.
Right to Lodge a Complaint with the Supervisory Authority
You have the right to lodge a complaint with the competent supervisory authority pursuant to Article 77 GDPR. In Italy, the competent authority is the:
Italian Data Protection Authority
🌐 Official website: www.garanteprivacy.it
📬 Piazza Venezia, 11 – 00187 Rome
📞 Tel: +39 06 696771
📧 Email: garante@garanteprivacy.it
You can, however, always contact us directly first: we will do our best to resolve any concerns you may have regarding data protection.