With this Privacy Policy, provided pursuant to art. 13 of Regulation (EU) 2016/679 (“GDPR” or “Regulation”), we wish to inform the User on the ways in which your Personal Data will be processed (i.e. any information capable of directly or indirectly identifying you) when you visit and/or purchase on the website www.reinaolga.com (below, the “Site”). This information,together with Cookie Policy and you haveTerms of use and General Conditions of Sale, establishes the basis on which the personal data of Users will be processed.

Owner of the processing of personal data

The Data Controller of personal data collected through the Site is: Reina Olga SA, registered office in St. Moritz, Switzerland Via Grevas 49, 7500, Vat: CHE-271.649.623 (from now on 'Data Controller), email address: help@reinaolga.com 

Method of Processing of Personal Data

We take into utmost consideration the right to privacy and protection of the personal data of our Users which will be processed lawfully.

The Personal Data provided or acquired will be processed based on the principles of correctness, lawfulness, transparency and protection of confidentiality in accordance with current regulations, through appropriate security measures aimed at preventing access, disclosure, modification or unauthorized destruction of Personal Data.

The Processing is carried out using IT and/or telematic tools, with organizational methods and with logic strictly related to the purposes indicated.

Personal data processed

When the User visits the Site, contacts us (by email, telephone, post, etc.), subscribes to the newsletter or sends an order, we process some of his Personal Data, either independently or through third parties.

We list the categories of personal data processed:

  1. Identification, contact and access data: name and surname, email address, shipping address, telephone number, and account access credentials, as well as any other Personal Data voluntarily communicated by the User.
  2. Purchase data: data referring to purchases made;
  3. Browsing data: relating to the connection, IP addresses, domain names and other parameters relating to the browser and operating system used;
  4. Usage Data: information generated by visiting the Site or making purchases on it: log data, data relating to registrations made, interaction and transaction processes, performance indicators, data relating to navigation flows and use of features;
  5. Billing Information and Payment Information: current account number or IBAN code for payments by bank transfer, tax code, address.

Purpose of the Processing and Legal Basis

The Owner will process the Users' Personal Data, as listed above, to carry out its economic and commercial activities, for the specific purposes indicated below.


  1. Purposes relating to the Contract and Legal Obligations
  • Browsing the Site;
  • Registration and management of the account (recovery of credentials, cancellation, etc.) and use of connected services;
  • Activities necessary for the conclusion of the contract for the purchase of products sold by the Site and its execution;
  • Order processing;
  • Assistance and customer care activities as well as to respond to requests, complaints, reports and complaints from Users via email to the Owner's addresses or through other communication channels;
  • Management of User requests via remote communication tools, such as e-mail, chat, telephone, SMS, chatbots, banners, notification systems and other remote communication tools present on the Site;
  • Fulfillment of obligations deriving from current law, regulations or community legislation (e.g. tax and accounting obligations) or management and response to requests from the competent administrative, fiscal and judicial authorities;
  • Activities of an administrative, accounting and fiscal nature such as activities connected to the contract concluded through the Site, such as, by way of example, the issuing of receipts and/or invoices, the keeping of accounting records;
  • Response to requests to exercise the rights recognized to Users by the contract stipulated with the Owner, by the law in relation to this contract or by the GDPR, and consequent activities.
  • For these purposes, the legal basis is the need to execute the pre-contractual and contractual obligations to which the User is a party (art. 6.1.b) of the GDPR) or the fulfillment of legal obligations to which the Data Controller is subject (art. 6.1.c) of the GDPR).

    Therefore, with the exception of account registration data which is optional, their processing is necessary to allow the conclusion and execution of the contract through the Site or to respond to pre-contractual requests made by the User in relation to the Site. Failure communication of the data, therefore, will make it impossible for the User to conclude a contract via the Site and/or to receive a response to the requests made.


    1. Analysis and statistical purposes and other purposes not based on consent
  • Carry out statistical analyzes regarding the use of the Site, navigation, product searches, to improve the site and the offer of products sold through it;
  • Guarantee compliance with the contractual rights of the Data Controller or demonstrate that you have fulfilled the obligations arising from the contract with the interested party or imposed by law, to prevent and/or repress fraudulent or harmful actions;
  • Remind the User who has undertaken the purchase process that he has added a product to his shopping cart.
  • The legal basis of this processing is legitimate interest (art. 6.1.f) of the Regulation). Sometimes the Legal Basis consists in the legitimate interest (art. 6, paragraph 1, letter f) in conjunction with recital 47 of the Regulation), for sending transactional email communications (e.g. abandoned cart).


    1. Direct marketing and profiling purposes
  • With the User's consent, we will send commercial emails to show him updates, news, offers and promotions, market research, also through automated processing tools such as emails and newsletters.
  • With your consent, we will process your Personal Data to attribute particular characteristics and preferences to him and send him, also through automated processing tools such as "retargeting" or by inclusion in clusters of subjects with common characteristics, personalized and diversified commercial communications, based on his profile.
  • For these purposes, the processing, including the final decision regarding the promotional communication to be sent or displayed to the user based on the cluster(s) to which they belong, occurs automatically, without human intervention, on the basis of algorithms whose parameters have been previously set.

    The legal basis is the express consent of the User to the processing of personal data for these purposes (art. 6.1.a) of the Regulation. The provision of data for these purposes is optional. In case of lack of consent, revocation of the same or exercise of the right of opposition, the User's ability to make purchases on the Site will not be affected in any way.

    1. Soft-spam

    To send commercial communications to the User's email address issued as part of the purchase of products through the Site to propose the direct sale of similar products. This activity does not require the acquisition of a prior express consent from the interested party as it is exercised on the legal basis referred to in the art. 130, paragraph 4, of the Privacy Code (Legislative Decree 30 June 2003, n. 196) which expressly allows it, provided that the user does not refuse such use, initially or on the occasion of subsequent communications.

    Modification of choices and revocation of consent

    If consent is granted, the User may at any time revoke the consent given and/or object to the processing of personal data for general marketing and profiling purposes through the methods indicatedin the 'Rights of interested parties' section later in this information.

    In the event of revocation of consent, the processing carried out on the basis of the consent given before its revocation will still be considered legitimate. In case of revocation of consent and/or opposition to the processing of your data for the purpose of generic marketing, the user's data will no longer be processed for this purpose and will be stored by the Data Controller only in the circumstance in which another legal basis exists which legitimizes the processing (e.g. contractual execution; legal obligation; legitimate interest).

    Storage time

    The Owner will process the Users' personal data for the time necessary to achieve the purposes for which such data were collected, as defined in this information. However, for each of the purposes indicated, the personal data collected will be kept for the time specified below:

    1. For the purposes inherent to the Contract, the Data Controller will process the User's data for the time strictly necessary to carry out the individual processing activities, without prejudice to the fact that, once this deadline has expired, the Data Controller may retain the data for the purposes and for the periods storage maximums referred to in the other sections of this information, if relevant and/or, in any case, in the cases established by the GDPR and/or by law.
    2. For fiscal, administrative, accounting and legal purposes, until the expiry of the legal deadlines established for carrying out each obligation and/or for the retention times established by law. In the event of closure of the account on the initiative of the User, the data contained therein will be retained for administrative purposes for a period of 3 months from the request to close the account.
    3. For purposes based on the legitimate interest of the Data Controller, the latter will process the User's data for the time strictly necessary to satisfy such interest, unless, in the event of disputes and/or complaints, the Data Controller needs to retain the personal data to carry out defense activities (letter k) for the following 10 years (prescription) or, in the presence of litigation, further conservation is determined by the duration of the litigation or by specific requests from the authority. The User can obtain more information on the legitimate interest pursued by contacting the Owner.
    4. For the purposes of direct marketing and profiling, as long as consent is not revoked and in any case for a period of 12 months since the consent was given or renewed by the User, on the occasion of a new purchase or from the date of the last contact with the User, meaning for example, the opening of the newsletter.

    After these retention times, the Personal Data will be deleted and the User will no longer be able to exercise the rights of access, cancellation, rectification and portability of the Data.

    Communication and dissemination of data

    In addition to the Owner, in some cases, they may have access to the Data:

    1. subjects involved in the organization of the Website (for example: administrative, commercial, marketing staff);
    2. third parties who carry out ancillary and instrumental tasks with respect to the Data Controller's activity and who process personal data on behalf of the Data Controller (for example: payment services, lawyers, accountants, system administrators, logistics companies, newsletter services) ;
    3. public or private subjects who can access the Data in compliance with the law, regulations and provisions issued by the competent authorities;
    4. potential buyers of the Owner company and entities resulting from the merger or any other form of transformation.

    These recipients, depending on the case, process the personal data of the Users as persons in charge, data controllers or independent data controllers. The User can request the updated list of Data Processors referred to in the art. 28 GDPR.

    Place of processing and transfer of data abroad

    The processing of the Data essentially takes place in Italy and in the countries of the European Union. Some third-party tools may process the data of users of this website in countries outside the European Economic Area (the “Third Countries”).

    The transfer of data to third countries can also take place through the use of external tools that allow certain services (e.g. newsletter, remarketing, advertising, use of social buttons, viewing of videos).

    Sometimes the use of these tools may involve the transfer of personal dataof users who visit this website to a third country for which there is no adequacy decision from the European Commission.

    If there is a need to transfer data to third countries, the Data Controller undertakes to ensure that the country to which the data will be sent guarantees an adequate level of protection, as required by Article 45 GDPR; such transfer will be regulated on the basis of the standard contractual data protection clauses approved by the European Commission for the transfer of personal information outside the EEA pursuant to Article 46.2 GDPR.

    Cookie

    This website uses cookies. Cookies are small text files that can be installed by websites on users' devices to make the browsing experience more efficient and to personalize content and ads, provide social network functions and analyze traffic. For further information, read the Cookie Policy.

    Personal Data Processing Tools


    NEWSLETTER

    The newsletter service allows the Data Controller to send promotions and commercial communications to users via email. This Site uses the following service:

    Klaviyo (Klavio, Inc.)
    Klaviyo is an address management and email message sending service provided by Klaviyo, Inc. Place of processing: UNITED STATES – View the Privacy Policy of the service to know the data processed by it. If the User does not want their personal data to be managed by Klaviyo, it will be necessary to unsubscribe from the newsletter. To this end, the Owner provides an unsubscribe button (link ofunsubscribe) in every commercial communication.

    SOCIAL NETWORK KEYS

    The User can use the social buttons to visit the social pages of the Site, through the following social tools which however collect users' personal data such as traffic data on the pages visited and on which they are installed. The Site makes the following social buttons available:

    Instagram (Meta Platforms Ireland Limited) The Instagram button is a service for interaction with the Instagram social network, provided by Meta Platforms Ireland Limited. Personal Data collected: Cookies, Usage data and other data as per the relevant privacy policy. Place of processing: IRELAND – UNITED STATES - Privacy Policy 

    Facebook (Meta Platforms Ireland Limited) The Facebook button and social widgets are interaction services with the Facebook social network, provided by Facebook Ireland Ltd. Personal Data collected: Cookies and Usage data. Place of processing: IRELAND – UNITED STATES Privacy Policy 

    TikTok (TikTok Technology Limited)The TikTok social button and widgets are interaction services with the TikTok social network, provided by TikTok Technology Limited. Personal Data collected: Cookies and Usage Data. Place of processing: UNITED STATES - MALAYSIA - SINGAPORE Privacy Policy

    PAYMENT MANAGEMENT

    Klarna (Klarna Bank AB)

    Klarna is an installment payment service provided by Klarna Bank AB. Personal data collected: Cookies and various types of Data as specified in the privacy policy of the service. Place of processing: EUROPE -Privacy policy


    Immediately (Klarna Bank AB)

    Immediatelyis a payment service provided by Klarna Bank AB Personal data collected: Cookies and various types of data as specified in the privacy policy of the service. Place of processing: EUROPE -Privacy policy


    Shop Pay (Shopify International Ltd.)

    Shop Pay is a payment service provided by Shopify International Ltd., which allows the User to make online payments via credit card. Personal Data processed: various types of Data as specified in the privacy policy of the service. Place of processing: Consult Shopify's privacy policy -Privacy Policy


    GOOGLE PAY (Google Ireland Limited)

    Google Pay is a payment service provided by Google Ireland Limited that allows the User to make online payments using their credentials. For more information on the data collected by the application, please read the relevant document Privacy Policy


    STATISTICS

    Statistics services allow the Data Controller to monitor and analyze traffic data and serve to keep track of the User's behavior. This Site uses the following third-party services:


    Google Analytics (Google Ireland Limited)

    Google Analytics is an analysis service provided by Google Ireland Limited. Google uses the Personal Data collected for the purpose of tracking and examining the use of this Site, compiling reports and sharing them with other services developed by Google. Google may use Personal Data to contextualize and personalize the ads of its advertising network. Google may also transfer this information to third parties where this is required by law or where such third parties process the aforementioned information on behalf of Google. The IP address anonymization function is active on this site. The IP address transmitted by the browser for purposes connected to Google Analytics will not be incorporated into other data already held by Google.

    The use of Google Analytics may in some cases involve the transfer of the personal data of users who visit this website to a third country, such as the United States, for which there is no adequacy decision from the European Commission.

    At the following link https://tools.google.com/dlpage/gaoptout?hl=it The browser add-on for deactivating Google Analytics is made available by Google. Personal Data collected: Cookies, IP Address, Usage Data and other personal data defined in the Google privacy policy.
    Place of processing: IRELAND and in some cases UNITED STATES – Privacy Policy (https://policies.google.com/privacy?hl=it)


    Facebook Pixels (Meta Platforms Ireland Limited)

    This site uses the Facebook Pixel, a Facebook conversion tracking tool provided by Meta Platforms, Inc. This analyzes conversions attributable to sponsorships on the Facebook social network through the use and analysis of some of the user's Personal Data. Personal Data collected: Cookies; Usage data. Place of processing: Irelandand in some cases the UNITED STATES - Privacy Policy.


    TikTok Ads Manager (TikTok Technology Limited)

    This site uses TikTok Ads Manager, a TikTok conversion tracking tool provided by TikTok Technology Limited. This analyzes conversions attributable to sponsorships on the TikTok social network through the use and analysis of some of the user's Personal Data. Personal Data collected: Cookies; Usage data. Place of processing: Irelandand in some cases the UNITED STATES - Privacy Policy.

    Shopify Analytics (Shopify International Ltd.)

    Shopify Analytics is an analysis service provided by Shopify International Ltd. Shopify uses the Personal Data collected for the purpose of helping the Owner check the value of recent sales and compare them with those of a previous period of time, compare the efficiency of the sales, monitor the average value of orders, verify the origin of visitors, by geographical area or by social media source and monitor trends over time. Shopify may also transfer this information to third parties where this is required by law or where such third parties process the aforementioned information on behalf of Shopify.The use of Shopify Analytics may in some cases involve the transfer of the personal data of users who visit this website to a third country, for which there is no adequacy decision from the European Commission.Personal Data collected: Cookies, IP Address, Usage Data and other personal data defined in Google's privacy policy. Place of processing: IRELAND and in some cases UNITED STATES – Privacy Policy.

    REMARKETING

    These services allow this Site to communicate, optimize and offer advertisements based on the User's past use of this Website. This activity is carried out through tracking Usage Data and the use of Cookies. This website uses the following services:

    Criteo (Criteo S.A.)

    Criteo is a remarketing and behavioral advertising service provided by Criteo S.A., which works with retail companies on the Internet to show personalized web advertising thanks to the collection of user data. The Data we collect can be used to ensure that adverts are shown to the right people; create audience groups to target with adverts; take advantage of the additional advertising tools of the platform on which you advertise. The information collected is anonymous to the operators of this Site and cannot be used to identify the identity of a single user. However, the information is saved and analyzed, which could link the action back to a single profile. For more information on how Criteo processes users' personal data, please refer to the relevant privacy policy. Place of processing: FRANCE - Privacy Policy.

    Microsoft Advertising (Microsoft Corporation) 

    Microsoft Advertising is a service provided by Microsoft Corporation that connects this Website with the Microsoft advertising network. This Website uses the Remarketing features of Microsoft Advertising to publish advertisements on the search engines Bing, Yahoo! and DuckDuckGo as well as other sites, apps and videos. The advertisements shown are based on the user's personal interests, identified through an analysis of the user's behavior on the web, whether on a mobile device or other devices. Personal Data collected: Cookies and Usage Data. Place of processing: IRELAND and in some cases UNITED STATES -Privacy Policy

    Remarketing TikTok (TikTok Technology Limited)

    Remarketing TikTok is a remarketing and behavioral targeting service provided by TikTok Information Technologies UK Limited that connects the activity of this Website with the TikTok advertising network. Personal Data processed: Usage Data, unique device identifiers for advertising, device information and Tracking Tools. Place of processing: UNITED KINGDOM –Privacy Policy

    Rights of interested parties

    Interested parties have the right to exercise the faculties provided for in the articles. 7, 15-22 of the Regulations.

    In particular, Users have the right to obtain:access, updating, rectification or, when interested, integration of data;thecancellation, transformation into anonymous form or blocking of data processed in violation of the law, including those whose retention is not necessary in relation to the purposes for which the data were collected or subsequently processed; the certification that the above operations have been brought to the attention, also with regard to their content, of those to whom the data have been communicated or disseminated, except in the case in which this fulfillment proves impossible or involves the use of means manifestly disproportionate to the protected right.

    Furthermore, Users have the right to withdraw consent at any time, if the processing is based on their consent, to request data portability, i.e. to receive all personal data concerning them in a structured, commonly used and readable by automatic device), to request the limitation of the processing of personal data and/or cancellation ("right to be forgotten"), as well as the right to object to the processing of personal data concerning him and to the processing for the purposes of sending advertising material, direct sales and for carrying out market research.

    Pursuant to the Applicable Regulations, the Owners inform that Users have the right to obtain indication (i) of the origin of the personal data; (ii) the purposes and methods of processing; (iii) the logic applied in case of processing carried out with the aid of electronic instruments; (iv) the identification details of the Data Controllers and managers; (v) of the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of it as managers or agents.

    Those interested will be able to exercise their rights, by sending the Data Controller a specific communication or by using the form for exercising the rights of interested parties, available to this link, to be sent, duly completed and with signature and attachments, to the Data Controller by email to: help@reinaolga.com


    Interested parties, if they believe that the processing concerning them violates the Regulation, also have the right to lodge a complaint with the Privacy Guarantor as supervisory authority regarding the protection of personal data (Guarantor for the protection of personal data, with headquarters in Piazza Venezia no. 11 - 00187 – Rome (http://www.garanteprivacy.it/).

    Changes to this Privacy Policy

    The Data Controller reserves the right to make changes to this Privacy Policy at any time by publicizing them to Users on this page. Please therefore consult this page often, taking as reference the date of last modification indicated at the bottom. In case of non-acceptance of the changes made to this Privacy Policy, the User is required to cease using this Website and may request the Data Controller to remove their Personal Data. Unless otherwise specified, the previous Privacy Policy will continue to apply to Personal Data collected up to that point. The Owner is not responsible for updating all the links that can be viewed in this Privacy Policy, therefore whenever a link is not working and/or updated, Users acknowledge and accept that they must always refer to the document and/or section of the sites internet accessed from this link.


    Privacy Policy updated in January 2024