Privacy policy

1. Purpose


This Privacy Policy defines the conditions under which personal data is collected, processed, and protected in the context of activities conducted under the name Maria de Mangop, including through the website [www.mariademangop.com](http://www.mariademangop.com).

Personal data is handled with discretion, precision, and respect, in accordance with applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”).

2. Data Controller

For the purposes of the GDPR, Maria de Mangop acts as the data controller in relation to the personal data collected and processed through its activities.


3. Categories of Personal Data


The following categories of personal data may be collected:



  • identification data (name, surname)

  • contact data (email address, telephone number where applicable)

  • billing and delivery information

  • transaction-related data (orders, commissions, preferences)

  • correspondence exchanged in the context of inquiries or transactions

  • technical and navigation data (IP address, device information, browsing behavior)



Only data necessary for the purposes described in this Policy is collected.


4. Purposes and Legal Basis of Processing


Personal data is processed for the following purposes and on the following legal bases:



a) Performance of a Contract (Article 6(1)(b) GDPR)



  • processing and fulfillment of orders and commissions

  • management of payments and delivery



b) Legitimate Interests (Article 6(1)(f) GDPR)



  • maintaining a direct relationship with Collectors

  • ensuring the proper functioning and security of the website

  • improving services and user experience



Such interests are balanced against the rights and freedoms of the individuals concerned.



c) Consent (Article 6(1)(a) GDPR)



  • sending communications, invitations, or updates where consent is required

  • use of certain cookies and tracking technologies



Consent may be withdrawn at any time.



d) Legal Obligations (Article 6(1)(c) GDPR)



- compliance with accounting, tax, and regulatory requirements



5. Data Retention


Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected, including:



  • the duration of the contractual relationship

  • the period required to comply with legal and regulatory obligations



Data may be retained beyond this period where required for the establishment, exercise, or defense of legal claims.



6. Recipients of Data


Personal data may be shared, strictly where necessary, with trusted third parties involved in:



  • payment processing

  • shipping and logistics

  • website hosting and technical services



Such recipients act either as processors or independent controllers and are contractually bound to ensure confidentiality, security, and compliance with GDPR.



No personal data is sold or used for third-party commercial purposes.



7. International Data Transfers



Where personal data is transferred outside the European Economic Area (EEA), such transfers are carried out in accordance with GDPR requirements, including:



  • adequacy decisions issued by the European Commission

  • appropriate safeguards such as standard contractual clauses




8. Data Security



Appropriate technical and organizational measures are implemented to ensure the security of personal data, including protection against unauthorized or unlawful processing, accidental loss, destruction, or damage.




9. Rights of Data Subjects



In accordance with GDPR, individuals have the following rights:



  • “Right of access” (Article 15)

  • “Right to rectification” (Article 16)

  • “Right to erasure (“right to be forgotten”)” (Article 17)

  • “Right to restriction of processing” (Article 18)

  • “Right to data portability” (Article 20)

  • “Right to object” to processing (Article 21)

  • “Right to withdraw consent” at any time (Article 7)



Requests to exercise these rights may be submitted through direct communication.



Each request is examined with care and addressed within the timeframes required by law.



10. Right to Lodge a Complaint



Individuals have the right to lodge a complaint with a supervisory authority responsible for data protection within the European Union.

11. Cookies and Tracking Technologies



The website may use cookies and similar technologies to:



  • ensure proper functioning of the website

  • analyze usage and performance

  • enhance user experience



Where required by law, consent is obtained prior to the use of non-essential cookies.



Users may manage their preferences through browser settings or cookie management tools.




12. Amendments



This Privacy Policy may be updated periodically to reflect changes in legal, technical, or operational requirements.



The version published on the website at the time of consultation shall apply.




 13. Final Provision



The relationship established with each Collector is founded on discretion, trust, and respect for privacy.



These principles guide the collection and processing of personal data within Maria de Mangop.