privacy policy – FABULOSHOP

Users may be subject to different levels of protection. Some Users are therefore entitled to greater protection. More information regarding protection criteria can be found in the section on applicability.

Types of Data Collected
Among the types of Personal Data collected by this Application, either directly or through third parties, there are: first name, last name, phone number, address, province, email, postal code (ZIP), city, cookies, and usage data.

Full details on each type of data collected are provided in the dedicated sections of this privacy policy or through specific explanatory texts displayed prior to data collection.

Personal Data may be freely provided by the User, or, in case of Usage Data, collected automatically when using this Application.

Unless otherwise specified, all Data requested by this Application is mandatory. If the User refuses to provide it, the Application may be unable to provide its services. In cases where the Application specifically states that some Data is optional, Users are free to refrain from providing such Data without consequences for the availability or operation of the Service.

Users unsure about which Personal Data is mandatory are encouraged to contact the Data Controller.

The use of Cookies—or other tracking tools—by this Application or by the third-party services used by this Application, unless otherwise stated, is intended to provide the Service requested by the User, in addition to other purposes described in this document and in the Cookie Policy, if available.

The User is responsible for any third-party Personal Data obtained, published, or shared through this Application and confirms that they have the right to provide or share it, thereby releasing the Data Controller from all liability.

Methods and Location of Data Processing
Processing Methods
The Data Controller takes appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of Personal Data.

Data processing is carried out using IT and/or telematic tools, following organizational procedures and logics strictly related to the stated purposes. In addition to the Data Controller, in some cases, the Data may be accessible to other parties involved in the operation of this Application (administrative, sales, marketing, legal personnel, system administrators) or external parties (e.g. third-party technical service providers, mail carriers, hosting providers, IT companies, communication agencies) appointed as Data Processors, if necessary. An updated list of these parties may be requested from the Data Controller at any time.

Legal Basis for Processing
The Data Controller may process Personal Data relating to the User if one of the following applies:

The User has given consent for one or more specific purposes. Note: In some jurisdictions, the Controller may be allowed to process Personal Data without the User’s consent or another legal basis as long as the User does not object (“opt-out”). This does not apply where EU data protection law governs the processing of Personal Data;

The processing is necessary for the performance of a contract with the User and/or for any pre-contractual obligations;

The processing is necessary for compliance with a legal obligation;

The processing is related to a task carried out in the public interest or in the exercise of official authority vested in the Controller;

The processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party.

Users may contact the Data Controller to clarify the legal basis that applies to specific data processing, particularly whether the processing is based on law, required by a contract, or necessary to enter into a contract.

Place of Processing
Data is processed at the Data Controller’s operating offices and any other places where the parties involved in the processing are located.

Personal Data may be transferred to a country other than the one where the User is located. To find out more about the place of processing, Users can refer to the section detailing the processing of Personal Data.

If a higher level of protection applies, Users also have the right to be informed about the legal basis for data transfers to countries outside the European Union or to any international organization governed by public international law (e.g., the UN) and about the security measures taken by the Controller to safeguard their Data.

If any such transfer occurs, Users can find more information in the relevant sections of this document or inquire with the Controller via the contact details provided.

Data Retention Period
Personal Data is processed and stored for as long as required by the purpose it was collected for.

Therefore:

Personal Data collected for the performance of a contract will be retained until such contract has been fully performed;

Personal Data collected for the legitimate interests of the Controller will be retained as long as needed to fulfill those purposes. Users may obtain more details regarding the legitimate interest pursued by the Controller in the relevant sections of this document or by contacting the Controller;

When processing is based on the User’s consent, the Controller may retain Personal Data until the consent is withdrawn. The Controller may also be obliged to retain Personal Data for a longer period when required to do so for compliance with a legal obligation or upon order of an authority.

Once the retention period expires, Personal Data will be deleted. Therefore, the rights of access, erasure, rectification, and data portability cannot be exercised after that time.

Purposes of Processing Collected Data
User Data is collected to allow the Controller to provide its Services and for the following purposes:

Contacting the User

Content commenting

Managing contacts and sending messages

Payment management

Advertising

Remarketing and behavioral targeting

Analytics

For detailed information about the purposes of processing and the specific Personal Data used for each purpose, Users may refer to the respective sections of this document.

User Rights
Users may exercise certain rights regarding their Data processed by the Controller.

Users entitled to enhanced protection may exercise all of the rights described below. In other cases, Users may inquire with the Controller to find out which rights apply to them.

Users have the right to:

Withdraw consent at any time. Users can withdraw their previously given consent to the processing of their Personal Data;

Object to processing of their Data. Users can object to the processing of their Data if it is carried out on a legal basis other than consent;

Access their Data. Users have the right to learn if Data is being processed by the Controller, obtain disclosure about certain aspects of the processing, and receive a copy of the Data being processed;

Verify and request rectification. Users may verify the accuracy of their Data and request it to be updated or corrected;

Restrict the processing of their Data. Under certain circumstances, Users may restrict the processing of their Data. In this case, the Controller will not process the Data for any purpose other than storage;

Have their Personal Data deleted or otherwise removed. Users may request the erasure of their Data under certain conditions;

Receive their Data and have it transferred to another controller. Users have the right to receive their Data in a structured, commonly used, machine-readable format and, if technically feasible, to have it transmitted to another controller without hindrance;

Lodge a complaint. Users may bring a claim before their competent data protection authority.

Details About the Right to Object
Where Personal Data is processed for a public interest, in the exercise of official authority, or for the legitimate interests pursued by the Controller, Users may object to such processing by providing a reason related to their particular situation.

Users should know that if their Personal Data is processed for direct marketing purposes, they can object to processing at any time without providing any justification.

How to Exercise These Rights
Any requests to exercise User rights can be directed to the Controller using the contact details provided in this document. Requests are free of charge and will be processed by the Controller as early as possible and always within one month.

Applicability of Enhanced Protection
While most of the provisions of this document apply to all Users, some are expressly dependent on the applicability of enhanced protection under personal data processing laws.

Enhanced protection applies when:

The processing is carried out by a Controller based in the EU;

The processing involves the Personal Data of Users located in the EU and relates to the offering of goods or services (whether paid or free);

The processing involves the Personal Data of Users located in the EU and enables the Controller to monitor their behavior as long as such behavior takes place within the EU.

Cookie Policy
This Application uses Cookies. To learn more and to view the detailed Cookie Policy, the User may consult the Cookie Policy.

Additional Information About Data Processing
Legal Defense
The User’s Personal Data may be used for legal purposes by the Data Controller in court or in the stages leading to possible legal action arising from improper use of this Application or its related Services.

The User declares to be aware that the Controller may be required to reveal personal data upon request of public authorities.

Specific Information
Upon request, in addition to the information contained in this privacy policy, this Application may provide Users with additional and contextual information concerning particular Services or the collection and processing of Personal Data.

System Logs and Maintenance
For operation and maintenance purposes, this Application and any third-party services it uses may collect system logs — files that record interactions and may contain Personal Data, such as the User’s IP address.

Do Not Track Requests
This Application does not support “Do Not Track” requests.
To determine whether any third-party services used honor the “Do Not Track” requests, please refer to their respective privacy policies.