Privacy Policy
At shinatz.com (in the following referred as “us”, “our” or “we”), your privacy is important, and we value the protection of your personal data above all.
This Privacy Policy outlines how we collect, why we collect, which personal data is collected, and how your personal information is protected when you visit our website and make purchases from our online shop.
By accessing www.shinatz.com, you agree to the collection and use of information in accordance with this Privacy Policy. Our processing of your personal data is governed by the EU General Data Protection Regulation (GDPR) and the Portuguese national data protection legislation.
1. Data Controller
The data controller of the information collected and processed through our website is managed by KOYA LDA, with registered address in Portugal, and fiscal number PT518277011.
2. Information we collect and process
When you visit our website, purchase products, or interact with us in other ways, we may collect the following types of personal information:
– Personal identification information: name, email address, phone number, shipping/billing address, and payment information.
– Account information: username and purchase history.
– Usage data: information about how you use the website, including your IP address, browser type, device information, and browsing history on the website.
– Cookies and tracking technologies: we use cookies and similar technologies to enhance your experience on our website. These tools help us remember your preferences, improve our website’s functionality, and analyze usage patterns.
We use the information we collect for various purposes, including:
– Process orders: to fulfill your order, process payments, and manage shipping and returns.
– Improve our services: to personalize your shopping experience, improve the content and functionality of our website, and understand customer preferences.
– Communicate with you: to send order confirmations, shipping updates, promotional offers, and other information related to your purchases or our services.
– Provide customer support: to assist with any inquiries or issues you may have regarding our products, orders, or website functionality.
– Maintain security: to monitor and secure the integrity of our website and prevent fraudulent activities.
3. Sharing of your personal information
We only share your personal information with third parties for the purposes required and described in this Privacy Policy.
When you place an order in our shop, we transfer data information to external providers who supply services of technical functions, such as: payment processing, shipping services, and website hosting. These providers are obligated to keep your information confidential and use it only for the purposes for which we have engaged them.
If you subscribe to our newsletter list, contact us in our contact page form, or place an order in our shop page, you will be given the consent about the sharing of your personal information provided to Brevo, our email marketing provider with Data Controller address in Paris, France. You can read more about their Privacy Policy in the page: https://www.brevo.com/legal/privacypolicy/
We may disclose your information if required to do so by law or in response to legal processes, such as: court order or government request.
4. Security
We have implemented and will continue to uphold appropriate organizational and technical safeguards to prevent your personal data from being unintentionally or unlawfully accessed, corrupted, distorted, disclosed to unauthorized parties, or otherwise misused in violation of the Data Protection law. These security measures include: firewalls, anti-spam filters, encrypted data transmission using SSL/https.
While we make every effort to ensure the security of data transmission and storage, we recommend that you take precautions to protect yourself by ensuring your computer has up-to-date security software, such as antivirus programs, and that your browser is configured with appropriate security features to safeguard your data during transmission with us.
If we experience a security incident that we believe poses a high risk of misuse of your personal data, we will promptly notify you. In our notification, we will also explain the actions we’ve taken to reduce the potential risks associated with the breach.
5. Deletion of your personal information
In line with the General Data Protection Regulation (GDPR) and applicable Portuguese data protection laws, we ensure that your personal information is retained only for as long as necessary to fulfill the purposes for which it was collected. We will delete or anonymize your personal data in the following circumstances:
– Upon request: you can request the deletion of your personal data at any time. If you choose to do so, we will delete your data unless we are legally required or have legitimate business reasons to retain it, e.g. for tax, accounting, or legal obligations.
– Account inactivity: if your account has been inactive for an extended period, we will delete your personal data no later than 5 years after the end of the financial year in which your last transaction occurred, unless a longer retention period is required to meet legal obligations.
– Legal requirements: if we are required by law to retain your data for a specific period, such as for completing a transaction or complying with local laws in Portugal, we will store it securely for the necessary duration and delete it once the retention period has ended.
6. Your rights
In accordance with applicable data protection laws and regulations, you have the right to access, correct, or delete your personal data. You can also request restrictions on how your data is processed, object to its processing, and, where applicable, request that your data be transferred to another service provider.
If we process your data based on your consent, you can withdraw that consent at any time, without affecting the lawfulness of any prior processing.
You also have the right to file a complaint with the Comissão Nacional de Proteção de Dados (CNPD), the Portuguese data protection authority, if you believe we are not complying with data protection laws.
To ensure your identity before processing certain requests, we may ask for additional information. In some cases, such as legal or business requirements, and we may need to retain certain data, even if you request its deletion.
These rights may be exercised directly via the contact email provided below: