Marketing Policy

1. Data Controller

The Data Controller is TDS di Finardi Valeria, sole proprietorship of Valeria Finardi, with registered office at Via Giordano Alberghini, 16 – 44124 Ferrara (FE), Italy, VAT No. 02191020383, email: thedreadmakersupplier@gmail.com.

The Data Controller is responsible for the management and protection of personal data collected and used for marketing purposes, in compliance with Regulation (EU) 2016/679 (GDPR) and applicable Italian legislation.

2. Purpose of Processing

Personal data is collected and processed exclusively for the following marketing purposes:

  1. Sending newsletters with informational and promotional content.

  2. Commercial communications regarding products, services, offers, and promotions.

  3. Remarketing and retargeting activities through digital tools (Shopify, email marketing, social media).

  4. Internal statistical analysis to evaluate the effectiveness of campaigns and improve services.

No data will be used for purposes other than those listed above.

3. Legal Basis for Processing

The processing of personal data for marketing purposes is based on the explicit consent of the data subject (Art. 6, Sec. 1, lett. a) GDPR).

Consent is obtained through:

  • subscription forms (Shopify Forms, pop-ups, newsletters);

  • explicit checkboxes at checkout or account registration;

  • voluntary registration in contests or promotions.

Consent may be withdrawn at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

4. Types of Data Collected

The following data may be collected and processed for marketing purposes:

  • First and last name

  • Email address

  • Phone number (optional)

  • Country and city of residence

  • Profession/activity (e.g. dreadmaker, hairdresser, reseller)

  • Purchase history on the website

No sensitive data (e.g. related to health, political or religious beliefs) is collected.

5. Processing Methods

  • Data is processed electronically through secure platforms (Shopify, email marketing tools, internal CRM).

  • Access to data is granted exclusively to the Data Controller and authorized personnel.

  • Data is not sold, transferred, or disclosed to third parties.

6. Data Retention

Personal data will be retained until consent is withdrawn by the user and, in any case, no longer than 24 months from the last significant interaction (such as opening a newsletter, making a purchase, or clicking on promotional content).

After this period, data will be deleted or anonymized.

7. Data Communication and Disclosure

  • Data will not be disclosed or transferred to third parties for commercial purposes.

  • Data may be shared with service providers directly related to marketing activities (e.g. Shopify, newsletter providers, social media platforms), acting as Data Processors pursuant to Art. 28 GDPR.

  • Data will never be used for purposes inconsistent with this Policy.

8. Rights of the Data Subject

At any time, users may exercise the rights provided under Articles 15–22 of the GDPR, including:

  • Right of access to personal data

  • Right to rectification or updating

  • Right to erasure (“right to be forgotten”)

  • Right to restriction of processing

  • Right to object to processing for marketing purposes

  • Right to data portability

Requests to exercise rights may be sent to: thedreadmakersupplier@gmail.com.

9. Data Security

  • Personal data is protected by technical and organizational measures designed to prevent unauthorized access, loss, or misuse.

  • Encryption systems, backups, and restricted access to management platforms are implemented.

10. Updates to the Marketing Policy

This Policy may be updated to comply with new legal requirements or changes in services.
In the event of substantial modifications, users will be notified via email or a notice on the website.