Unlock perks in 3 quick steps

Ends January 31 or first 100 pieces

PRIVACY AND DATA PROTECTION POLICY

Effective date: January 1, 2026
Last updated: January 1, 2026

  1. Overview
    We value the confidentiality, integrity, and lawful processing of personal data. This Privacy and Data Protection Policy explains how [GAROFANO] (“we,” “us,” “our”) collects, uses, shares, and protects personal information when you visit or interact with our website, purchase products, request services (including design assistance), subscribe to marketing communications, or otherwise engage with us (collectively, the “Services”).

This Policy is intended to support compliance obligations that may apply to us and/or to you depending on your location, including the EU General Data Protection Regulation (GDPR) and similar regimes, and U.S. state consumer privacy laws such as the California Consumer Privacy Act as amended (CCPA/CPRA).

If you do not agree with this Policy, you should not use the Services.

  1. Scope and third parties
    This Policy applies to the Services operated by GAROFANO. It does not apply to third-party websites, platforms, or services that may be linked from our website (e.g., payment providers, shipping carriers, social media platforms). Those third parties have their own privacy notices and practices.
  2. Data controller and contact
    For the purposes of applicable law, GAROFANO is the “controller” (or equivalent term) of your personal data collected through the Services.
    Contact for privacy matters:
    Email: info@garofano.store
    Postal address: 8 THE GREEN STE B DOVER, DE 19901, USA
  3. Personal data we collect
    We collect personal data that you provide directly, that is collected automatically when you use the Services, and that may be received from service providers or partners.
  1. Data you provide
    • Identity and contact data: name, email address, phone number, shipping/billing address.
    • Account data: login credentials (if you create an account), preferences, saved items.
    • Transaction data: order details, product selections, purchase amounts, and related customer service communications. Note: payment card details are typically processed by our payment processor and are not stored by us in full (subject to provider configuration).
    • Support and inquiry data: messages you send us, including design help requests, photos or measurements you submit for consultation, and any preferences you share.
    • Marketing and communications data: newsletter subscription status, communication preferences, and engagement (e.g., opens/clicks where enabled).
  2. Data collected automatically
    • Device and usage data: IP address, browser type, device identifiers, operating system, pages viewed, time spent, referring URLs, and approximate location inferred from IP.
    • Cookie and tracking data: identifiers stored via cookies or similar technologies for site functionality, analytics, and (where enabled) advertising.
  3. Data from third parties
    • Payment and fraud-prevention signals from payment processors.
    • Shipping and delivery status from carriers and logistics providers.
    • Analytics and advertising insights (aggregated or event-level) from measurement partners, where configured.
  1. Purposes of processing and legal bases (where applicable)
    We use personal data for the following purposes:
  1. To provide and operate the Services
    • Process orders, payments, shipping, returns, warranties, and customer support.
    • Provide concierge or design-support services you request.
    Legal basis (GDPR where applicable): performance of a contract; legitimate interests; and/or consent where required.
  2. To improve and secure the Services
    • Maintain site functionality, troubleshoot, perform analytics, and improve user experience.
    • Detect, prevent, and respond to fraud, abuse, and security incidents.
    Legal basis: legitimate interests; legal obligations where applicable.
  3. To communicate with you
    • Send transactional messages (order confirmations, shipping updates, service notices).
    • Respond to inquiries and support requests.
    Legal basis: performance of a contract; legitimate interests.
  4. Marketing and advertising (where enabled)
    • Send marketing communications (email/SMS) where you have opted in or where permitted by law.
    • Measure marketing effectiveness and, where configured, show targeted advertising.
    Legal basis: consent (where required) and/or legitimate interests, subject to opt-out rights.
  1. Cookies and similar technologies
    We use cookies and similar technologies for:
    • Strictly necessary functions (e.g., cart, checkout, security).
    • Performance/analytics (e.g., understanding site usage, improving content).
    • Advertising/retargeting (where enabled and permitted).

You can control cookies through your browser settings and, where available, our cookie preference tools. If you disable certain cookies, some functionality may be limited.

If you are in California, you may also use browser-based opt-out signals such as the Global Privacy Control (GPC) to opt out of “sale” or “sharing” of personal information where applicable.

  1. How we share personal data
    We do not sell your personal data for money. We may disclose personal data to the following categories of recipients, to the extent necessary:
  1. Service providers (processors)
    • Payment processing and fraud prevention.
    • Fulfillment, shipping, and white-glove delivery providers.
    • Customer support tools, email/SMS platforms, and CRM systems.
    • Website hosting, analytics, and security vendors.

We require service providers to use personal data only to provide services to us and to maintain appropriate confidentiality and security measures.

  1. Business transfers
    If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, personal data may be transferred as part of that transaction, subject to appropriate safeguards.
  2. Legal requirements and protection
    We may disclose personal data where required by law or where we believe in good faith it is necessary to comply with legal obligations, enforce our terms, protect our rights, or protect users and the public.
  1. International transfers
    Your personal data may be processed in countries other than where you reside (for example, where our service providers or servers are located). Where required by law (including GDPR), we implement appropriate safeguards for cross-border transfers (such as standard contractual clauses) and assess transfer risks.
  2. Data retention
    We retain personal data only as long as necessary for the purposes described in this Policy, including:
    • To complete transactions and provide requested services.
    • To comply with legal, tax, accounting, and warranty obligations.
    • To resolve disputes and enforce agreements.

Retention periods vary by data type and legal requirement. When no longer needed, we delete, anonymize, or securely archive the data.

  1. Data security
    We implement reasonable administrative, technical, and organizational safeguards designed to protect personal data against unauthorized access, disclosure, alteration, and destruction. No system is completely secure; therefore, we cannot guarantee absolute security.
  2. Children’s privacy
    The Services are not directed to children under 13, and we do not knowingly collect personal data from children under 13. If you believe a child has provided us personal data, contact us so we can take appropriate steps to delete it.
  3. Your privacy rights
    Depending on your location, you may have rights regarding your personal data.
  1. GDPR/EEA/UK rights (where applicable)
    You may have the right to request:
    • Access to your personal data;
    • Rectification of inaccurate data;
    • Erasure (“right to be forgotten”) in certain cases;
    • Restriction of processing in certain cases;
    • Data portability;
    • Objection to processing based on legitimate interests;
    • Withdrawal of consent at any time where processing is based on consent.

You also have the right to lodge a complaint with your local supervisory authority.

  1. U.S. state privacy rights (where applicable)
    In states with comprehensive privacy laws (including California), you may have rights such as:
    • Right to know/access the personal information collected and how it is used and shared;
    • Right to delete personal information (with exceptions);
    • Right to correct inaccurate personal information (California);
    • Right to opt out of the sale or sharing of personal information (California);
    • Right to limit certain uses/disclosures of “sensitive” personal information (California);
    • Right to non-discrimination for exercising privacy rights.

Other states have enacted similar consumer privacy laws, with differing scopes and effective dates.

  1. How to exercise your rights
    To submit a privacy request, contact us at info@garofano.store with the subject line “Privacy Request.” We may need to verify your identity before processing certain requests. Authorized agents may submit requests where permitted by law; we will require proof of authorization and may still verify identity directly with you.

Marketing opt-out: You can unsubscribe from marketing emails using the link in our emails. For SMS (if used), follow the stop instructions provided in the message.

  1. Changes to this Policy
    We may update this Policy from time to time. We will post the updated version with a new “Last updated” date. If changes are material, we may provide additional notice as required by law.
  2. Important note
    This Policy is provided for transparency and informational purposes. It does not create contractual rights beyond those required by applicable law.

If you paste your brand’s legal entity name, business address, and the actual tools you use (e.g., Shopify, Klaviyo, Google Analytics, Meta Ads, etc.), I will tighten this into a jurisdiction-accurate, implementation-ready version with correct disclosures (including “Do Not Sell/Share” mechanics and cookie banner language).