Privacy Policy
1. Introduction
At chiarakruza.com, we are committed to protecting your personal data and respecting your privacy. Your trust is of paramount importance to us, and we take our obligations regarding data protection seriously. This Privacy Policy explains how we collect, use, disclose, and protect your personal information in the course of providing our services. We are dedicated to ensuring that your privacy is safeguarded through responsible data management practices and by complying with all applicable laws and regulations, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to the personal information collected through the website chiarakruza.com and all related communications or services made available through this domain. For the purposes of applicable legislation, the data controller responsible for your personal data is Chiara Kruza, who can be contacted at [email protected].
This Policy governs all site visitors, customers, and users, regardless of geographic location, and outlines how we collect, use, store, transfer, and disclose information.
3. Categories of Data Processed
We process several categories of data depending on your interactions with chiarakruza.com and its features. These categories include:
a. Usage Data
We automatically collect data about your interactions with the website, including browser type, IP address, date and time of access, session duration, referring/exit pages, and error logs.
b. Account Data
When you create an account or register on chiarakruza.com, we may collect your full name, billing or shipping address, email address, and phone number.
c. Profile Data
We may collect information related to your user preferences, previous purchases, product interest profiles, and behavioral patterns across the site.
d. Communication Data
When you contact customer support or submit forms, we collect the contents of your messages, support ticket details, and your communication history with our team.
e. Technical Data
We collect information from the device you use to access our site, including operating system, browser configurations, device type, language settings, and system identifiers.
f. Transaction Data
For purchases made through chiarakruza.com, we process data including payment method details (processed through third-party providers), transaction history, delivery address, and order fulfillment records.
g. Preference Data
We capture your preferences for receiving marketing materials, newsletter subscriptions, and product category interests you have chosen or responded to.
4. Legal Bases for Processing
We only process personal data where a legal basis exists. These include:
– Consent: Provided when you voluntarily sign up for newsletters, email marketing, or accept cookies.
– Performance of a Contract: Processing necessary to fulfill purchases, deliver products, and offer customer support.
– Legal Obligation: When required to comply with a legal or regulatory obligation.
– Legitimate Interests: Where processing is necessary for the functioning and improvement of chiarakruza.com, fraud prevention, and business operations, without overriding your rights and freedoms.
5. Your Rights
Subject to applicable laws and restrictions, you have the following rights with respect to your personal data:
– Access: You can request confirmation of what data we hold and receive a copy of that data.
– Rectification: You have the right to request correction of inaccuracies in your personal data.
– Erasure: You may request deletion of your data, subject to certain legal exceptions.
– Restriction: You are entitled to limit the processing of your personal information in specific circumstances.
– Portability: You can request that your data be transferred to you or another provider in a structured, commonly used format.
– Objection: You may object to certain processing activities, such as direct marketing.
To exercise any of your rights, please contact us at [email protected]. We will respond within the timeframes prescribed by applicable regulation.
6. Security Measures
We enforce robust security protocols to protect your personal data from unauthorized access, disclosure, or misuse. These include:
– Data encryption in transit and at rest
– Role-based access control limiting internal data access
– Secure cloud storage solutions with activity monitoring
– Regular data backups and disaster recovery mechanisms
– Security awareness training for all relevant personnel
While no system can guarantee absolute security, we are committed to proactively identifying and mitigating security risks.
7. International Transfers
Whenever we transfer personal data internationally, particularly data from the European Economic Area (EEA), we do so under strict legal mechanisms, including the implementation of Standard Contractual Clauses approved by the European Commission. Where applicable, we ensure additional safeguards in compliance with GDPR and relevant local regulations in countries such as the United States.
8. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy or to comply with legal, accounting, or reporting requirements. Specific retention periods include:
– Usage Data: 12 months from collection
– Account and Profile Data: Retained until you delete your account or request erasure
– Transaction Data: Maintained for 7 years for financial and tax audits
– Communication Data: 24 months for support follow-up and quality assurance
– Marketing Preferences: Retained until consent is withdrawn or updated
9. Cookie Policy
Chiarakruza.com utilizes cookies and similar technologies to enhance your browsing experience. These may include:
– Essential Cookies: Necessary for basic site functions such as navigation and access to secured areas.
– Functional Cookies: Allow enhanced functionality like remembering your preferences and login sessions.
– Analytics Cookies: Help us analyze traffic patterns and user behavior via trusted third-party providers.
– Performance Cookies: Measure performance and improve design and efficiency of our website.
For detailed cookie categorization and purpose, please refer to our separate Cookie Notice available on the website.
10. Cookie Management and Compliance with GDPR & CCPA
We offer users from the EU and California granular control over the collection and use of cookies. Upon your first visit to chiarakruza.com, a consent banner will request your preferences in line with GDPR and CCPA requirements.
You may update cookie settings at any time through our Cookie Preferences Center. Additionally, browser settings can be adjusted to refuse or delete cookies; however, certain features of chiarakruza.com may not function correctly if cookies are disabled.
CCPA-specific rights include:
– The right to know what personal data is collected and how it’s used
– The right to request deletion of personal data
– The right to opt out of the sale of personal data (ChiaraKruza.com does not sell personal data)
11. Special Protections for Children Under 13
We do not knowingly collect, maintain, or use personal information from individuals under the age of 13. If we become aware that a child under 13 has provided us with personal data without parental consent, that data will be promptly deleted.
If you believe we may have collected information from a child under 13 inadvertently, please notify us immediately at [email protected].
12. Policy Updates & User Notifications
We reserve the right to update or modify this Privacy Policy to reflect changes in legal requirements, our business practices, or technological advancements. Any material changes will be communicated via an update notice on chiarakruza.com and, where appropriate, by direct email or account notifications. We encourage users to periodically review this policy to remain informed about how we protect their personal data.
13. Contact
If you have any questions, concerns, or complaints regarding this Privacy Policy, the handling of your personal data, or wish to exercise your data rights, please contact our data representative:
Email: [email protected]
We are fully committed to operating in a privacy-centric manner and to complying with all applicable data protection regulations. You may reach out at any time with privacy-related concerns, and we will respond in accordance with applicable law.