Privacy Policy

Your privacy matters to us. Learn how we collect, use, and protect your personal data in compliance with GDPR and EU privacy laws.

Your Data Protection Rights

We are committed to protecting your privacy and ensuring transparency in how we handle your personal data.

Table of Contents

1 Introduction & Contact Information

This Privacy Policy explains how EURO MIXER (“we,” “us,” “our”) collects, uses, discloses, and protects your personal information when you visit our website at hestora-haven.shop or use our services.

Data Controller Information

We are committed to protecting your privacy and ensuring that your personal data is handled in accordance with the General Data Protection Regulation (GDPR) and other applicable privacy laws.

2 What Personal Data We Collect

We collect different types of personal data depending on how you interact with our services:

👤 Identity Data

• First name and last name
• Username or account identifiers
• Date of birth (if required for age verification)
• Gender (optional)

📧 Contact Data

• Email address
• Telephone numbers
• Billing and delivery addresses
• Social media handles (if provided)

💳 Financial Data

• Payment card details (encrypted)
• Bank account information
• Transaction history
• VAT numbers (for business customers)

📱 Technical Data

• IP address and location data
• Browser type and version
• Device information
• Cookie data and preferences

🛒 Usage Data

• Purchase history and preferences
• Website navigation patterns
• Search queries and filters used
• Customer service interactions

📝 Communication Data

• Your communications with us
• Customer service records
• Survey responses and feedback
• Marketing preferences

3 How We Use Your Personal Data

We use your personal data only for specific, legitimate purposes:

Order Processing & Fulfillment

• Process and fulfill your orders
• Handle payments and billing
• Arrange delivery and shipment
• Provide order updates and tracking
• Handle returns and refunds

Customer Service & Support

• Respond to inquiries and requests
• Provide technical support
• Handle complaints and disputes
• Improve our services
• Maintain service quality

Legal & Compliance

• Comply with legal obligations
• Prevent fraud and abuse
• Maintain business records
• Handle warranty claims
• Anti-counterfeiting measures

Marketing & Communications

• Send promotional emails (with consent)
• Personalize your experience
• Conduct market research
• Improve our products and services
• Analytics and reporting

4 Legal Basis for Processing

Under GDPR, we must have a lawful basis for processing your personal data:

Contract Performance

Processing necessary to fulfill our contract with you (e.g., delivering products, processing payments)

Consent

When you have given clear consent for specific processing activities (e.g., marketing emails)

Legal Obligation

Processing required by law (e.g., tax records, anti-money laundering, consumer protection)

Legitimate Interest

Processing for our legitimate business interests (e.g., fraud prevention, website analytics, improving services)

5 Data Sharing & Disclosure

We do not sell your personal data. We may share your data only in the following circumstances:

Service Providers

We share data with trusted third parties who help us provide our services:

• Payment processors (encrypted financial data)
• Shipping and logistics companies
• IT service providers and hosting companies
• Customer service platforms
• Marketing and analytics tools

Legal Requirements

We may disclose data when required by law:

• Court orders and legal proceedings
• Law enforcement requests
• Tax authorities and regulatory bodies
• Consumer protection agencies
• Anti-fraud investigations

Business Transfers

In case of business restructuring:

• Mergers and acquisitions
• Asset sales or transfers
• Bankruptcy or insolvency proceedings
• Corporate reorganization

Data Protection Measures

All third parties we work with are contractually obligated to protect your data and use it only for the specified purposes. We conduct regular audits to ensure compliance.

6 Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy:

Personal and contact information retained while account is active, plus 3 years for legal compliance

Purchase history, invoices, and payment records retained for tax and legal requirements

Marketing preferences retained until you withdraw consent or unsubscribe

Support tickets and communications retained for service improvement and dispute resolution

Anonymous usage data and cookies retained for website optimization

7 Your GDPR Rights

Under GDPR, you have comprehensive rights regarding your personal data:

Right of Access

Request a copy of all personal data we hold about you

Right to Rectification

Correct any inaccurate or incomplete personal data

Right to Erasure

Request deletion of your personal data (“right to be forgotten”)

Right to Restrict Processing

Limit how we use your personal data in certain circumstances

Right to Data Portability

Receive your data in a structured, machine-readable format

Right to Object

Object to processing based on legitimate interests or direct marketing

How to Exercise Your Rights

To exercise any of these rights, contact us at:

We will respond to your request within 30 days. If you’re not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.

8 Data Security

We implement comprehensive security measures to protect your personal data:

🔒 Technical Safeguards

• SSL/TLS encryption for all data transmission
• Advanced encryption for stored data
• Secure, regularly updated servers
• Multi-factor authentication systems
• Regular security audits and penetration testing

👥 Organizational Measures

• Staff privacy training and confidentiality agreements
• Limited access to personal data (need-to-know basis)
• Regular privacy impact assessments
• Incident response and breach notification procedures
• Third-party vendor security requirements

🏢 Physical Security

• Secure data centers with access controls
• 24/7 monitoring and surveillance
• Environmental controls and backup systems
• Secure disposal of physical documents
• Regular facility security assessments

Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours as required by GDPR.

9 International Data Transfers

Your personal data is primarily processed within the European Economic Area (EEA). When we transfer data outside the EEA, we ensure adequate protection:

Adequacy Decisions

We transfer data only to countries with EU adequacy decisions or equivalent protection standards

Standard Contractual Clauses

We use EU-approved standard contractual clauses with all non-EEA service providers

Binding Corporate Rules

Large service providers must have approved binding corporate rules for international transfers

10 Cookies & Tracking Technologies

We use cookies and similar technologies to improve your experience and analyze website usage:

⚙️ Essential Cookies

Necessary for website functionality – cannot be disabled

• Shopping cart functionality
• User authentication
• Security features
• Load balancing

📊 Analytics Cookies

Help us understand how visitors use our website

• Page view statistics
• User journey analysis
• Performance monitoring
• Error tracking

🎯 Marketing Cookies

Used for personalized advertising (requires consent)

• Targeted advertisements
• Social media integration
• Conversion tracking
• Retargeting campaigns

⚙️ Preference Cookies

Remember your choices and personalize your experience

• Language preferences
• Currency settings
• Theme preferences
• Accessibility options

Managing Your Cookie Preferences

You can control cookies through:

• Our cookie banner and preference center
• Browser settings and privacy controls
• Third-party opt-out tools
• Contacting us directly

11 Children’s Privacy

We are committed to protecting children’s privacy and complying with applicable laws:

Age Restrictions

Our services are not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16 without parental consent.

Parental Consent

If we learn that we have collected personal data from a child under 16 without parental consent, we will delete that information promptly.

Contact Us

If you believe we have collected information from a child under 16, please contact us immediately at support@hestora-haven.shop.

12 Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws:

Policy Updates

We will post any changes to this policy on our website with an updated “Last Modified” date.

Notification

For significant changes, we will notify you via email or prominent website notice before the changes take effect.

Continued Use

Your continued use of our services after changes take effect constitutes acceptance of the updated policy.

Questions About Your Privacy?

Our privacy team is available to help with any questions or concerns about how we handle your personal data.

Email Us

support@hestora-haven.shop

Call Us

+39 369 598 454

Write to Us

PIAZZA DELLE TERRAZZE 4