Privacy Policy

In this policy, we provide you with information on how business owner Susana Turró Smit collects and processes your personal data through the use of the online store molli-moai.com, in accordance with the rules of Regulation (EU) 2016/679 of April 27, 2016 (General Data Protection Regulation) and Law No. 58/2019 of August 8, including any data you may provide through this website when purchasing products.

It is important that you read this privacy policy to be fully aware of how we are using your data and why.

This Privacy Policy is regularly updated and may be changed without notice. To stay informed, we recommend checking it regularly.

This version is effective as of June 20, 2024.

 

1.    DATA PROCESSING RESPONSIBLE ENTITY

The entity responsible for processing the personal data provided on the online store molli-moai.com ("Online Store," "We," or "Molli&Moai") is the sole proprietor Susana Turró Smit, with Tax Identification Number (NIF) 295 803 495, with a professional address at Bairro dos Moinhos 6, 6270-271 São Romão - Seia, Portugal, operating in the market under the brand Molli&Moai.

 

2.    HOW TO CONTACT MOLLI&MOAI IF YOU HAVE QUESTIONS OR WISH TO EXERCISE YOUR RIGHTS

If you have any questions about the processing of personal data on our online store or in our physical store, or if you wish to exercise your rights in this regard, you can contact us via email at hello@molli-moai.com or by mail sent to Molli&Moai's offices at Bairro dos Moinhos 6, 6270-271 São Romão - Seia, Portugal.

 

3.    PERSONAL DATA PROCESSED BY MOLLI&MOAI

The personal data referred to in this privacy policy are the information about you that allows us to identify you directly or indirectly. We may collect, use, store, and transfer different types of personal data about you, which we have grouped as follows:

 

ONLINE STORE PURCHASES

When you purchase one of the products available on the online store, you will need to provide us with the necessary data for billing and delivery: name, address, postal code, locality, region, country, email, phone, and Tax Identification Number (NIF, optional).

If you wish for the invoice to be issued in the name of another entity or for the delivery to be made to another location or entity, you can add another address to your account or fill out forms with different billing and delivery details, including fields such as name, email, phone, Tax Identification Number (NIF, optional), address, locality, postal code, region, and country.

We use this data to process your order, issue the invoice, deliver the products to you, and respond to your post-sale support requests. The legal basis for processing this data is the purchase and sale agreement entered into with you.

 

NEWSLETTER

Molli&Moai regularly sends promotional newsletters to customers and visitors who have subscribed to the newsletter on the website to inform them about products, news, campaigns, and marketing initiatives. The legal basis for processing this data is your consent.

The newsletters we send contain a tracking pixel. This pixel is a small graphic inserted into the file, providing us with information about the opening of newsletters and included links. It helps optimize newsletter distribution and identify content that is most interesting to our customers and subscribers.

You can unsubscribe from the newsletter at any time and no cost by clicking on the link provided in the footer of the newsletter. If you do so, your email will be automatically removed from the recipient list, and you will no longer receive the newsletter.

 

CONTACT FORM

When you send us a message through the contact form available on the online store, we store your contact details (name and email) and the message to respond to your request in a personalized manner. This processing is based on Molli&Moai's legitimate interest in addressing contact inquiries.

 

EMAIL CONTACT

When you send us an email, such as requesting information about our products, we will process your contact details and the content of your message to respond to your contact request. This processing is based on the legal grounds of the need to perform pre-contractual measures at your request or Molli&Moai's legitimate interest in addressing contact inquiries directed to them, depending on the purpose of your communication.

 

SOCIAL MEDIA CONTACTS

When you contact us on our social media pages – on Facebook and Instagram – by making comments, reacting to our content and posts, or sending us direct messages, we will process your identification data, such as the username you use on that platform, and the messages exchanged with you to respond to your questions and comments in a personalized manner. This processing is based on the legal grounds of Molli&Moai's legitimate interest in responding to interactions with its followers and fans and supporting their interest in the brand and products.

 

COOKIES

We use cookies, pixels, and similar devices to analyse traffic data from visits to the website, including information on how you use our online store. This is done to support our marketing activities and prevent fraud related to payment methods.

Some of these cookies may collect personal data, such as your Internet Protocol (IP) address, login data, browser type and version, configuration and timezone settings, types and versions of browser plugins, operating system, and platform, as well as other technologies on the devices you use to access the website.

The legal basis for processing this data is your consent, as cookies will only be installed with your authorization. We recommend reading our Cookies Policy for more detailed information on the cookies we use and their purposes.

 

4.    DATA RETENTION PERIOD FOR YOUR PERSONAL INFORMATION

The data we collect will be processed for the time strictly necessary to fulfil the purposes for which they were obtained. When the maximum period is reached, your personal data will be anonymized or securely deleted.

The most relevant periods are as follows:

  • Purchases - We will process your data for the time necessary to manage the purchase of the products or services you have acquired, including any returns, complaints associated with the purchase of the product, or warranty assistance services for a period of 3 years and 1 month. Data necessary for compliance with legal obligations, such as billing data, will be retained for the period required by law, which is 10 years.
  • Newsletter - Your data will be processed until you communicate that you no longer wish to receive the newsletter or as long as you remain an active subscriber. An active subscriber is considered someone who opens the newsletter and/or clicks on one of its links at least once in the period of 2 years. Inactive users, those who have not opened any newsletters in the last 2 years, will be removed from the database, and their data will be deleted.
  • Contact Form - We will process your data for the time necessary to respond to your request. This data will then be archived together with the documentation related to any purchase you make, or if there is no order, it will be deleted after 3 months.
  • Email Contacts - We will process your data for the time necessary to respond to your request. This data will then be archived together with the documentation related to any purchase you make, or if there is no order, it will be deleted after 3 months.
  • Social Media - Your data will remain on our pages for as long as they are published. If you want them to be deleted, you can do so at any time or ask us to do it. Your direct messages will be processed for the time necessary to respond to your request. This data will be deleted after 3 months.
  • Cookies - We will process your data for the periods during which the cookies remain active. You can check these periods in our Cookies Policy.

 

5.    RECIPIENTS OF PERSONAL DATA COLLECTED BY MOLLI&MOAI

The personal data we process may be shared with entities subcontracted by us to provide support on our behalf, acting under our responsibility and supervision. These entities include:

  • Providers of technological services and their subcontractors and partners.
  • Banking entities and services for payment management and processing.
  • Transport service providers.
  • Accounting service providers.
  • Digital marketing service providers.

 

6.    DATA TRANSFER OUTSIDE THE EUROPEAN UNION

In most situations, the personal data we collect will be processed in Portugal or in European Union countries. Some information may be sent to other countries where the company providing the infrastructure for our store is established or where it has service providers, including Canada (where Shopify is headquartered) and the United States of America.

When we send personal information outside the EEA, UK, or Switzerland, we do so in accordance with applicable law, including Canadian law, which the European Commission considers to provide an adequate level of protection.

When personal data is sent to other countries, for example, to subcontractors of Shopify, this company requests adequate assurances of security and protection of personal data comparable to those of the European Union, namely offering an adequate level of protection according to the criteria of the European Commission or signing a data processing agreement that includes the Standard Contractual Clauses approved by the European Commission.

 

7.    SECURITY MEASURES PROTECTING YOUR DATA

Molli&Moai employs physical, technological, and organizational security measures to protect personal data against destruction, loss, alteration, unauthorized disclosure, or access.

Among these measures, we highlight the following:

  • The entire website and online store platform use an encrypted HTTPS / SSL connection, adhering to the best security practices recommended for online services with data transactions;
  • We do not store any data related to external payment systems (credit cards, debit cards, or Multibanco references) on our server. This data is processed and stored only by the banking and payment management entities that provide us with this servisse;
  • We store the data we obtain in encrypted databases and perform regular backups to reduce the possibility of information loss in the event of a system failure. The hosting server also has a standard firewall and web hosting protection system;
  • We monitor access to the website to prevent, detect, and block unauthorized access. The platform we use is protected with a security module that limits and blocks attempts at unauthorized access and analyses and blocks malware attacks;
  • The number of people with access to your data is restricted and limited to the purposes indicated above;
  • We require subcontracted partners and suppliers who process personal data to provide evidence that they maintain an identical level of security.

 

8.    YOUR RIGHTS AS A DATA SUBJECT AND HOW TO EXERCISE THEM

Depending on the purpose and legal basis for processing your data, you can exercise the following rights:

  • Access, update, or correct inaccurate data we may have about you. It is important that the personal data we have about you is accurate and up-to-date.
  • Ask us to delete your personal data when it is no longer necessary for the purposes for which it was collected or when we no longer have a legal basis to process it.
  • Request us to cancel or limit the use of your data when it may not be accurate or is no longer necessary for the original processing purpose but cannot or should not be deleted.
  • When data is processed based on your consent, you have the right to withdraw it at any time. The process of withdrawing consent granted for newsletter subscription is explained in the "Newsletter" section.
  • In cases where the legal basis for data processing is consent or a contract with the store, you can also request the portability of the personal data you provided to us in a structured, commonly used, and machine-readable format so that you can transmit it to another entity.
  • When data is processed based on our legitimate interest, you may object to the processing of your data.
  • You also have the right to lodge a complaint with the National Data Protection Commission (CNPD) regarding any issue related to the processing of your personal data if you believe your rights have not been adequately ensured or if you are dissatisfied with our response to a request to exercise your rights. You can contact CNPD via email at geral@cnpd.pt or through the forms available on the website https://www.cnpd.pt/.