PRIVACY POLICY

Last updated: 11/09/2025

1) Controller and contacts
Trendly di Catarzi Niccolò – Via Borromeo 116, 50026 San Casciano in Val di Pesa (FI) – Italy.
VAT No.: 07068610489 – Tax Code: CTRNCL97B16D612Z
E-mail: ladinumoil@gmail.com
DPO: not appointed.

2) Categories of data processed
Browsing data (logs, IP, device identifiers).
Form and contact data (name, e-mail, messages; including WhatsApp/Calendly).
Purchase and shipping data (name, surname, addresses, phone, e-mail).
Payment data (handled by Stripe).
Marketing/analytics data (GA4, Clarity, Meta/LinkedIn Ads events, via cookies/IDs with consent).
Ladinum app data (choice/renaming of symbolic olive tree, progress, badges, symbolic CO₂ certificates).

3) Purposes and legal bases
Performance of the contract: order management, shipping, invoicing, activation and use of digital services (Art. 6.1.b GDPR).
Legal obligations: accounting/tax compliance (Art. 6.1.c).
Service communications: email/SMS/WhatsApp regarding the order and the app (Art. 6.1.b).

Newsletter and contacts: sending promotional communications with consent (Art. 6.1.a).
Marketing and profiling: behavioral analysis on the site, conversion measurement, and ad personalization (retargeting) via Meta/LinkedIn/GA4/Clarity, with consent (Art. 6.1.a). Basic logic: we observe interactions on the site (e.g., pages viewed, carts, purchases) to create segments and display personalized ads/offers. Consequences: you will receive more relevant advertising; no decisions with legal or similar effects.
Security and fraud prevention: technical and anti-fraud checks (legitimate interest: Art. 6.1.f, with balancing available upon request).

4) Processing methods and security measures
We process data using IT/telematic tools, adopting appropriate technical and organizational measures (access controls, in-transit encryption, backups, logging, minimization).

5) Retention
Invoicing/shipping data: 10 years (tax obligations).
Payment data: held by Stripe for the time necessary for the transaction/antifraud.
Marketing/newsletter data: until consent is withdrawn or deletion is requested.
Ladinum app data: 365 days from activation, then deletion/anonimization.
Browsing logs: up to 12 months, unless required for security.

6) Recipients
Technical providers (e.g., OVHcloud hosting), payment platforms (Stripe), marketing/analytics tools (Google/GA4 & Tag Manager, Microsoft Clarity, Meta Ads, LinkedIn Ads), appointment tools (Calendly), messaging (WhatsApp Business), couriers, consultants, and parties authorized for legal obligations.

7) Transfers outside the EU
Some providers are established in or process data in non-EU countries (e.g., the USA).
If the provider is certified under the EU-US Data Privacy Framework, the transfer is based on the European Commission’s adequacy decision.
Alternatively, we use Standard Contractual Clauses (SCCs) and, where necessary, supplementary measures (encryption/pseudonymization, access limitations).
Further details (list of providers and transfer bases) are available upon request.

8) Data subject rights
You may exercise: access, rectification, erasure, restriction, portability, objection, and withdrawal of consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
You may lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it).
To exercise your rights: ladinumoil@gmail.com.

9) Minors
The site is not intended for children under 14; if you believe a child has provided us with data without parental consent, contact us for removal.

10) Changes
We reserve the right to update this notice; changes will be published on the site with the date indicated.