Privacy policy
Last updated: May 9, 2026
1. Who We Are (Data Controller)
For the purposes of applicable data protection laws, including the EU General Data Protection Regulation (GDPR) and the Italian Privacy Code (Legislative Decree No. 196/2003, as amended by Legislative Decree No. 101/2018), the data controller responsible for your personal data is:
Frinque
-
Email: hello@frinque.shop
-
Address: Via Oslavia, 29, 01100 Viterbo VT, Italy
If you have any questions about this Privacy Policy or our data practices, please contact us using the information above.
2. What Personal Data We Collect
We collect personal data from you when you use our Shopify store. Depending on how you interact with us, we may collect the following categories of data:
| Category | Examples |
|---|---|
| Contact information | Name, email address, phone number, billing address, shipping address |
| Account information | Username, password, purchase history, wishlist, product reviews |
| Payment information | Credit/debit card details, bank account information (processed securely by our payment provider) |
| Transaction data | Products viewed, added to cart, purchased, returned, or exchanged |
| Technical data | IP address, browser type, device information, operating system, referring URLs |
| Usage data | How you navigate and interact with our website, pages visited, time spent |
| Communications | Customer support inquiries, emails, chat messages |
3. How We Collect Your Data
We collect personal data from the following sources:
-
Directly from you: When you create an account, place an order, subscribe to our newsletter, contact customer support, or leave a product review.
-
Automatically: Through cookies and similar tracking technologies when you browse our website (e.g., IP address, browsing behavior).
-
From third parties: Payment processors, shipping carriers, and analytics providers (such as Shopify, Google Analytics, and social media platforms).
4. How We Use Your Personal Data (Purposes & Legal Bases)
Under GDPR and Italian law, we must have a legal basis for each processing activity. The table below explains how we use your data and on what legal basis:
| Purpose | Legal Basis |
|---|---|
| To process and fulfill your orders, including payment processing, shipping, and returns | Contract performance – necessary to fulfill our agreement with you |
| To manage your customer account and provide order confirmations, invoices, and status updates | Contract performance |
| To respond to your inquiries and provide customer support | Contract performance or legitimate interest |
| To comply with legal obligations (e.g., tax laws, record-keeping, fraud prevention) | Legal obligation – we must retain certain data by law |
| To send marketing communications (newsletters, promotional offers) via email or SMS – only with your explicit consent | Consent – you can withdraw at any time |
| To personalize your shopping experience and recommend products based on your browsing history | Legitimate interest – to improve our services |
| To analyze website usage, monitor performance, and improve our store | Legitimate interest – to optimize the user experience |
| To detect, investigate, and prevent fraudulent or illegal activities | Legitimate interest or legal obligation |
Important – Italian Marketing Rules: Under Italian law, marketing communications (email, SMS, phone) require prior, freely given, specific, and demonstrable consent. The Italian Data Protection Authority (Garante) strongly recommends using a double opt-in mechanism (a confirmation email with a verification link) to prove valid consent. We implement this practice to ensure compliance.
5. Cookies and Tracking Technologies
We use cookies and similar technologies to improve your browsing experience, analyze website traffic, and personalize content.
Cookie types we may use:
| Type | Purpose | Consent Required? |
|---|---|---|
| Strictly necessary cookies | Enable basic functions like shopping cart, checkout, and security. | No – essential for service operation |
| Functional cookies | Remember your preferences (e.g., language, currency). | No (but we inform you) |
| Analytics/performance cookies | Collect anonymous data about how visitors use our site (e.g., Google Analytics, Shopify analytics). | Yes – your consent required |
| Targeting/advertising cookies | Track your browsing to show personalized ads on other platforms (e.g., Facebook, Instagram, Google Ads). | Yes – your consent required |
Managing cookies: You can control cookies through your browser settings. For analytics and marketing cookies, we use a cookie banner to obtain your consent before placing them, as required by Italian and EU law.
6. How We Share Your Personal Data
We do not sell your personal data. However, we share your data with the following categories of recipients as necessary to operate our store:
| Recipient Category | Purpose | Example |
|---|---|---|
| Service providers | Order fulfillment, payment processing, shipping, email delivery, customer support | Shopify, payment gateways (e.g., Stripe, PayPal), shipping carriers (e.g., DHL, Poste Italiane) |
| Analytics providers | Website analytics, performance monitoring | Google Analytics, Shopify Analytics |
| Marketing partners | Email marketing, advertising (only if you consented) | Klaviyo, Mailchimp, Meta (Facebook), Google Ads |
| Legal and regulatory authorities | Compliance with laws, court orders, fraud prevention | Government agencies, law enforcement |
| Professional advisors | Legal, accounting, or auditing services | Lawyers, accountants |
Shopify as a Data Processor: Our store is hosted on Shopify. Shopify collects and processes your personal data on our behalf to provide and improve the Services. For more information, review Shopify’s Consumer Privacy Policy.
7. International Data Transfers
Your personal data may be transferred to, stored, and processed in countries outside the European Economic Area (EEA), including Canada and the United States (where Shopify and some of our service providers are located).
When we transfer your data outside the EEA, we ensure an adequate level of protection by using:
-
Standard Contractual Clauses (SCCs) approved by the European Commission, or
-
Binding Corporate Rules (BCRs) where applicable, or
-
Transfers to countries with adequacy decisions (e.g., Canada for certain data).
For more information about these safeguards, you may contact us.
8. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including:
| Data Category | Retention Period |
|---|---|
| Order and transaction data | 10 years (to comply with Italian tax and accounting laws) |
| Customer account data | For as long as your account remains active + 12 months after closure |
| Marketing consent records | Until consent is withdrawn + documentation for 2 years |
| Customer support communications | 3 years from the last interaction |
| Website usage analytics | 26 months (anonymized after 14 months if using Google Analytics) |
After the retention period expires, your data will be deleted or anonymized.
9. Your Rights Under GDPR and Italian Law
As a data subject located in Italy (or the EEA), you have the following rights under Articles 15–22 of the GDPR, as supplemented by the Italian Privacy Code:
| Right | What It Means |
|---|---|
| Right to access (Article 15) | You can request a copy of the personal data we hold about you. |
| Right to rectification (Article 16) | You can ask us to correct inaccurate or incomplete data. |
| Right to erasure (Right to be forgotten – Article 17) | You can request deletion of your data when it is no longer necessary or if you withdraw consent. Exceptions apply (e.g., legal retention obligations). |
| Right to restriction of processing (Article 18) | You can ask us to temporarily stop processing your data in certain situations (e.g., while we verify accuracy). |
| Right to data portability (Article 20) | You can request a copy of your data in a structured, machine-readable format and have it transferred to another controller. |
| Right to object (Article 21) | You can object to processing based on legitimate interests, including direct marketing. |
| Right to withdraw consent | Where processing is based on your consent (e.g., marketing), you can withdraw it at any time. Withdrawal does not affect prior lawful processing. |
| Right to lodge a complaint | You have the right to file a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) if you believe your rights have been violated. |
How to exercise your rights: To exercise any of these rights, please contact us at hello@frinque.shop. We will respond within one month (extendable to three months for complex requests).
We may need to verify your identity before processing your request.
10. Marketing Consents – Special Italian Requirements
Under Italian law, for any direct marketing activity (email, SMS, phone calls, or postal mail), we must obtain your explicit, informed, and freely given consent.
Double opt-in requirement: Following recent guidance from the Italian Garante, we implement a double opt-in mechanism for email marketing:
-
You subscribe to our newsletter via our website or at checkout.
-
We immediately send a confirmation email to the address you provided.
-
You must click the verification link in that email to confirm your subscription.
This process allows us to prove that you validly consented, as required by Italian law.
You may unsubscribe at any time by clicking the “unsubscribe” link in any marketing email or by contacting us directly.
11. Children’s Privacy
Our services are not directed to children under the age of 14. In Italy, the minimum age for a child to validly consent to data processing in the context of information society services (e.g., online shopping) is 14 years old.
If you are under 14, you may not create an account or make purchases through our store without the consent of a parent or legal guardian. If we learn that we have collected personal data from a child under 14 without verified parental consent, we will delete that information promptly.
12. Data Security
We implement appropriate technical and organizational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include:
-
SSL/TLS encryption for all data transmitted between your browser and our website.
-
PCI DSS compliance for payment card processing (Shopify is Level 1 PCI DSS compliant).
-
Access controls limiting employee access to personal data to only those who need it for their job functions.
-
Regular security reviews and updates.
However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee its absolute security.
13. Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Italian Garante within 72 hours of becoming aware of the breach, as required by Article 33 of the GDPR. If the breach poses a high risk to your rights, we will also notify you directly without undue delay.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. When we make changes, we will update the “Last updated” date at the top of this policy.
If we make material changes, we will notify you by email (if you have an account with us) or by posting a prominent notice on our website before the change becomes effective.
15. Contact Information – Data Protection Officer (DPO)
If you are required by law to appoint a Data Protection Officer (DPO) – for example, if your core activities involve large-scale monitoring of data subjects or processing of special categories of data on a large scale – you should name your DPO here. For most small to medium Shopify stores, a DPO is not mandatory.
For privacy-related inquiries or to exercise your rights, please contact:
-
Email:hello@frinque.shop
-
Mail: Via Oslavia, 29, 01100 Viterbo VT, Italy
- Choosing a selection results in a full page refresh.