Privacy policy

Last updated: September 27, 2024

This Privacy Policy describes how NEIBAC (the "Site", "we", "us", or "our") collects, uses, and discloses your personal information when you visit, use our services, or make a purchase from us.neibacshop.com (the "Site") or otherwise communicate with us regarding the Site (collectively, the "Services"). For purposes of this Privacy Policy, "you" and "your" means you as the user of the Services, whether you are a customer, website visitor, or another individual whose information we have collected pursuant to this Privacy Policy.

Please read this Privacy Policy carefully.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time, including to reflect changes to our practices or for other operational, legal, or regulatory reasons. We will post the revised Privacy Policy on the Site, update the "Last updated" date and take any other steps required by applicable law.

How We Collect and Use Your Personal Information

To provide the Services, we collect and have collected over the past 12 months personal information about you from a variety of sources, as set out below. The information that we collect and use varies depending on how you interact with us.

In addition to the specific uses set out below, we may use information we collect about you to communicate with you, provide or improve or improve the Services, comply with any applicable legal obligations, enforce any applicable terms of service, and to protect or defend the Services, our rights, and the rights of our users or others.

What Personal Information We Collect

The types of personal information we obtain about you depends on how you interact with our Site and use our Services. When we use the term "personal information", we are referring to information that identifies, relates to, describes or can be associated with you. The following sections describe the categories and specific types of personal information we collect.

Information We Collect Directly from You

Information that you directly submit to us through our Services may include:

Contact details including your name, address, phone number, and email.
Order information including your name, billing address, shipping address, payment confirmation, email address, and phone number.
Account information including your username, password, security questions and other information used for account security purposes.
Shopping information including the items you view, put in your cart, saved into your account like loyalty points, reviews, referrals or gift cards, or purchases.
- Loyalty points/product reviews/referrals/gift cards saved
Customer support information including the information you choose to include in communications with us, for example, when sending a message through the Services.

Some features of the Services may require you to directly provide us with certain information about yourself. You may elect not to provide this information, but doing so may prevent you from using or accessing these features.

Information We Collect about Your Usage

We may also automatically collect certain information about your interaction with the Services ("Usage Data"). To do this, we may use cookies, pixels and similar technologies ("Cookies"). Usage Data may include information about how you access and use our Site and your account, including device information, browser information, information about your network connection, your IP address and other information regarding your interaction with the Services.

Information We Obtain from Third Parties

Finally, we may obtain information about you from third parties, including from vendors and service providers who may collect information on our behalf, such as:

Companies who support our Site and Services, such as Shopify.
Our payment processors, who collect payment information (e.g., bank account, credit or debit card information, billing address) to process your payment in order to fulfill your orders and provide you with products or services you have requested, in order to perform our contract with you.
When you visit our Site, open or click on emails we send you, or interact with our Services or advertisements, we, or third parties we work with, may automatically collect certain information using online tracking technologies such as pixels, web beacons, software developer kits, third-party libraries, and cookies.

Any information we obtain from third parties will be treated in accordance with this Privacy Policy. Also see the section below, Third Party Websites and Links.

How We Use Your Personal Information

Providing Products and Services. We use your personal information to provide you with the Services in order to perform our contract with you, including to process your payments, fulfill your orders, to send notifications to you related to your account, purchases, returns, exchanges or other transactions, to create, maintain and otherwise manage your account, to arrange for shipping, facilitate any returns and exchanges and other features and functionalities related to your account. We may also enhance your shopping experience by enabling Shopify to match your account with other Shopify services that you may choose to use. In this case, Shopify will process your information as set forth in its Privacy Policy and Consumer Privacy Policy.
Marketing and Advertising. We may use your personal information for marketing and promotional purposes, such as to send marketing, advertising and promotional communications by email, text message or postal mail, and to show you advertisements for products or services. This may include using your personal information to better tailor the Services and advertising on our Site and other websites. If you are an EEA resident, the legal basis for these data processing activities is our legitimate interest in selling our products, according to Art. 6 (1) (f) GDPR.
Security and Fraud Prevention. We use your personal information to detect, investigate or take action regarding possible fraudulent, illegal or malicious activity. If you choose to use the Services and register an account, you are responsible for keeping your account credentials safe. We highly recommend that you do not share your username, password, or other access details with anyone else. If you believe your account has been compromised, please contact us immediately. If you are an EEA resident, the legal basis for these data processing activities is our legitimate interest in keeping our website secure for you and other customers, according to Art. 6 (1) (f) GDPR.
Communicating with You and Service Improvement. We use your personal information to provide you with customer support and improve our Services. This is in our legitimate interests in order to be responsive to you, to provide effective services to you, and to maintain our business relationship with you according to Art. 6 (1) (f) GDPR.

Cookies

Like many websites, we use Cookies on our Site. For specific information about the Cookies that we use related to powering our store with Shopify, see https://www.shopify.com/legal/cookies. We use Cookies to power and improve our Site and our Services (including to remember your actions and preferences), to run analytics and better understand user interaction with the Services (in our legitimate interests to administer, improve and optimize the Services). We may also permit third parties and services providers to use Cookies on our Site to better tailor the services, products and advertising on our Site and other websites.

Most browsers automatically accept Cookies by default, but you can choose to set your browser to remove or reject Cookies through your browser controls. Please keep in mind that removing or blocking Cookies can negatively impact your user experience and may cause some of the Services, including certain features and general functionality, to work incorrectly or no longer be available. Additionally, blocking Cookies may not completely prevent how we share information with third parties such as our advertising partners.

Our website also recognizes the Global Privacy Control (GPC) signal, which enables you to opt-out of certain uses or disclosures of your information. If you notify us of your preference through GPC, we will treat such signal as a valid request to opt out of sharing / targeted advertising for the associated browser or device, and, if we are able to associate the device sending the signal to a Shopify account, we will apply the opt out request to the account as well. To learn more about Global Privacy Control, you can visit https://globalprivacycontrol.org/. Other than the Global Privacy Control, we do not recognize other “Do Not Track” signals that may be sent from your web browser or device.

How We Disclose Personal Information

In certain circumstances, we may disclose your personal information to third parties for contract fulfillment purposes, legitimate purposes and other reasons subject to this Privacy Policy. Such circumstances may include:

With vendors or other third parties who perform services on our behalf (e.g., IT management, payment processing, data analytics, customer support, cloud storage, fulfillment and shipping).
With business and marketing partners to provide services and advertise to you. Our business and marketing partners will use your information in accordance with their own privacy notices.
When you direct, request us or otherwise consent to our disclosure of certain information to third parties, such as to ship you products or through your use of social media widgets or login integrations, with your consent.
With our affiliates or otherwise within our corporate group, in our legitimate interests to run a successful business.
In connection with a business transaction such as a merger or bankruptcy, to comply with any applicable legal obligations (including to respond to subpoenas, search warrants and similar requests), to enforce any applicable terms of service, and to protect or defend the Services, our rights, and the rights of our users or others.

We have in the past 12 months disclosed the following categories of personal information and sensitive personal information about users for the purposes set out above in "How we Collect and Use your Personal Information" and "How we Disclose Personal Information":

Category	Categories of Recipients
Identifiers such as basic contact details and certain order and account information Personal information categories listed in the California Customer Records statute such as basic contact details and certain order and account information Commercial information such as order information, shopping information and customer support information Internet or other similar network activity, such as Usage Data Geolocation data such as locations determined by an IP address or other technical measures	Vendors and third parties who perform services on our behalf (such as Internet service providers, payment processors, fulfillment partners, customer support partners and data analytics providers) Business and marketing partners Affiliates

Category of Personal Information	Categories of Recipients
Identifiers such as name, e-mail address and phone number	Business and marketing partners
Commercial information such as records of products or services purchased	Business and marketing partners
Usage Data	Business and marketing partners

User Generated Content

The Services may enable you to post product reviews and other user-generated content. If you choose to submit user generated content to any public area of the Services, this content will be public and accessible by anyone.

We do not control who will have access to the information that you choose to make available to others, and cannot ensure that parties who have access to such information will respect your privacy or keep it secure. We are not responsible for the privacy or security of any information that you make publicly available, or for the accuracy, use or misuse of any information that you disclose or receive from third parties.

Third Party Websites and Links

Our Site may provide links to websites or other online platforms operated by third parties. If you follow links to sites not affiliated or controlled by us, you should review their privacy and security policies and other terms and conditions. We do not guarantee and are not responsible for the privacy or security of such sites, including the accuracy, completeness, or reliability of information found on these sites. Information you provide on public or semi-public venues, including information you share on third-party social networking platforms may also be viewable by other users of the Services and/or users of those third-party platforms without limitation as to its use by us or by a third party. Our inclusion of such links does not, by itself, imply any endorsement of the content on such platforms or of their owners or operators, except as disclosed on the Services.

Children's Data

The Services are not intended to be used by children, and we do not knowingly collect any personal information about children. If you are the parent or guardian of a child who has provided us with their personal information, you may contact us using the contact details set out below to request that it be deleted.

As of the Effective Date of this Privacy Policy, we do not have actual knowledge that we “share” or “sell” (as those terms are defined in applicable law) personal information of individuals under 16 years of age.

Security and Retention of Your Information

Please be aware that no security measures are perfect or impenetrable, and we cannot guarantee “perfect security.” In addition, any information you send to us may not be secure while in transit. We recommend that you do not use insecure channels to communicate sensitive or confidential information to us.

How long we retain your personal information depends on different factors, such as whether we need the information to maintain your account, to provide the Services, comply with legal obligations, resolve disputes or enforce other applicable contracts and policies.

Your Rights

Depending on where you live, you may have some or all of the rights listed below in relation to your personal information. However, these rights are not absolute, may apply only in certain circumstances and, in certain cases, we may decline your request as permitted by law.

Right to Access / Know: You may have a right to request access to personal information that we hold about you, including details relating to the ways in which we use and share your information.
Right to Delete: You may have a right to request that we delete personal information we maintain about you.
Right to Correct: You may have a right to request that we correct inaccurate personal information we maintain about you.
Right of Portability: You may have a right to receive a copy of the personal information we hold about you and to request that we transfer it to a third party, in certain circumstances and with certain exceptions.
Right to Opt out of Sale or Sharing or Targeted Advertising: You may have a right to direct us not to "sell" or "share" your personal information or to opt out of the processing of your personal information for purposes considered to be "targeted advertising", as defined in applicable privacy laws. Please note that if you visit our Site with the Global Privacy Control opt-out preference signal enabled, depending on where you are, we will automatically treat this as a request to opt-out of the "sale" or "sharing" of information for the device and browser that you use to visit the Site.
Restriction of Processing: You may have the right to ask us to stop or restrict our processing of personal information.
Withdrawal of Consent: Where we rely on consent to process your personal information, you may have the right to withdraw this consent.
Appeal: You may have a right to appeal our decision if we decline to process your request. You can do so by replying directly to our denial.
Managing Communication Preferences: We may send you promotional emails, and you may opt out of receiving these at any time by using the unsubscribe option displayed in our emails to you. If you opt out, we may still send you non-promotional emails, such as those about your account or orders that you have made.

You may exercise any of these rights where indicated on our Site or by contacting us using the contact details provided below.

We will not discriminate against you for exercising any of these rights. We may need to collect information from you to verify your identity, such as your email address or account information, before providing a substantive response to the request. In accordance with applicable laws, you may designate an authorized agent to make requests on your behalf to exercise your rights. Before accepting such a request from an agent, we will require that the agent provide proof you have authorized them to act on your behalf, and we may need you to verify your identity directly with us. We will respond to your request in a timely manner as required under applicable law.

Complaints

If you have complaints about how we process your personal information, please contact us using the contact details provided below. If you are not satisfied with our response to your complaint, depending on where you live you may have the right to appeal our decision by contacting us using the contact details set out below, or lodge your complaint with your local data protection authority. For the EEA, you can find a list of the responsible data protection supervisory authorities here.

International Users

Please note that we may transfer, store and process your personal information outside the country you live in. Your personal information is also processed by staff and third party service providers and partners in these countries.

If we transfer your personal information out of Europe, we will rely on recognized transfer mechanisms like the European Commission's Standard Contractual Clauses, or any equivalent contracts issued by the relevant competent authority of the UK, as relevant, unless the data transfer is to a country that has been determined to provide an adequate level of protection.

Contact

Should you have any questions about our privacy practices or this Privacy Policy, or if you would like to exercise any of the rights available to you, please call or email us at neibacshopus@gmail.com

For the purpose of applicable data protection laws and if not explicitly stated otherwise, we are the data controller of your personal information.

I - INFORMATION RELATING TO THE SITE'S PRIVACY POLICY

1. This section describes the management methods of the website www.neibacshop.com in relation to the processing of personal data of users who consult it. The data processing is carried out in compliance with the criteria established by the European regulation on the protection of personal data, reg. 2016/679/EU and any other national legislative text, provision or authorization of the competent Authority connected to the same. According to the legislation indicated, the processing must be based on the principles of correctness, lawfulness and transparency and protection of your privacy and your rights.

2. The information is provided only for this site and not for other websites that may be consulted by the user via links contained therein.

3. The purpose of this document is to provide information on the methods, times and nature of the information that the data controllers must provide to users when connecting to the web pages of this site regardless of the purposes of the connection itself, according to Italian and European legislation .

4. The information may undergo changes due to the introduction of new regulations in this regard, the user is therefore invited to periodically check this page.

5. If the user is under 16 years old, pursuant to art.8, c.1 EU regulation 2016/679, you will have to legitimize your consent through the authorization of your parents or guardian.

II - DATA PROCESSING

1 - Data Owner

1. The data controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. It also takes care of security profiles.

2 - Place of data processing

1. The processing connected to the web services of this site takes place at the aforementioned headquarters of the Company (see data controller point) and is handled by the Company's staff and/or by duly appointed external persons in charge of maintenance and updating operations. No data deriving from the web service is communicated or disseminated.

2. The User's Personal Data may be transferred to a country other than the one in which the User is located. To obtain further information on the place of processing, the User can refer to the section relating to details on the processing of Personal Data.

3 - Data retention time

The Data are processed and stored for the time required by the purposes for which they were collected and for a maximum period of 10 subsequent years, unless deletion is requested according to the methods set out in point 4.

Therefore:

1. Personal Data collected for purposes related to the execution of a contract between the Owner and the User will be retained until the execution of this contract is completed.

2. Personal Data collected for purposes attributable to the legitimate interest of the Owner will be retained until such interest is satisfied. The User can obtain further information regarding the legitimate interest pursued by the Owner in the relevant sections of this document or by contacting the Owner.

When the processing is based on the User's consent, the Owner may retain the Personal Data for longer until such consent is revoked. Furthermore, the Owner may be obliged to retain Personal Data for a longer period in compliance with a legal obligation or by order of an authority.

At the end of the retention period, the Personal Data will be deleted. Therefore, upon expiry of this deadline the right of access, cancellation, rectification and the right to data portability can no longer be exercised.

4 - Data processing mode

The Data Controller adopts appropriate security measures aimed at preventing unauthorized access, disclosure, modification or destruction of Personal Data.

The processing is carried out using IT and/or telematic tools, with organizational methods and with logic strictly related to the purposes indicated. In addition to the Owner, in some cases, other parties involved in the organization of this Application (administrative, commercial, marketing, legal, system administrators) or external parties (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) also appointed, if necessary, as Data Processors by the Data Controller. The updated list of Managers can always be requested from the Data Controller.

5 - Purpose of data processing

The personal data provided by users while browsing the website will be processed for aggregate statistical purposes in anonymous form in relation to the data present in the cookies saved on the user's device.

The processing relating to requests for information from the contact block will be carried out for the sole purpose of carrying out the requested service.

The processing relating to subscription to the newsletter has the purpose of sending informative and promotional communications in relation to its own initiatives and/or those of controlled and/or associated companies.

Users can unsubscribe from the newsletter for free at any time by sending an email to the address indicated in point 1. Data controller or with the appropriate button at the bottom of each newsletter received.

6 - Types of data processed

1. Navigation data. The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified interested parties, but which by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's IT environment. These data on this site are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site. For these data, and limitedly for the aforementioned purpose, it is not necessary to request consent.

2. Data provided voluntarily by the user The optional, explicit and voluntary sending of electronic mail to the addresses indicated on this site or filling in the form of the specific sections with the mandatory and optional fields, involves the subsequent acquisition of the information and sender's address, necessary to respond to requests for services and/or information. For these data, and limitedly for the aforementioned purpose, it is not necessary to request consent.

3. Cookies No personal data of users is acquired by the site for this purpose. Cookies are not used to transmit information of a personal nature, nor are they used c.d persistent cookies of any kind, or systems for tracking users. The use of c.d session cookies (which are not stored permanently on the user's computer and disappear when the browser is closed) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow safe and secure exploration efficient site.

7 - Rights of interested parties

Users have the rights referred to in the articles. 15-21 Reg. European Union 2016/679 (Right of rectification, right to be forgotten, right to limitation of processing, right to data portability, right to object). Specifically:

• The right of access: to obtain confirmation or not of personal data concerning him and to obtain access to such data and specific information (e.g. purposes of the processing, categories of data in question, recipients to whom the data will be communicated);

• The right of rectification: to obtain the rectification of inaccurate data concerning him without unjustified delay. In this case, the data controller is obliged to communicate the rectification to all recipients to whom the data have been transmitted, unless this involves a disproportionate effort;

• The right to cancellation: to obtain the cancellation of data concerning him without unjustified delay and the data controller has the obligation to delete them without unjustified delay if certain reasons exist (e.g. the personal data are no longer necessary for the purposes for which they were collected; if the interested party withdraws consent; if they need to be deleted due to a legal obligation). In this case, the data controller is obliged to communicate the cancellation to all recipients to whom the data have been transmitted, unless this involves a disproportionate effort;

• The right to limit processing: the data controller may be given a restriction on the processing of data, for example to storage only with the exclusion of any other use, in certain cases (e.g. if the processing is unlawful and the interested party opposes the deletion of the data; if the interested party disputes the accuracy, within the limits of the accuracy verification period). In this case, the data controller is obliged to communicate the limitation of processing to all recipients to whom the data have been transmitted, unless this involves a disproportionate effort;

• The right to data portability: to obtain the return of the personal data provided and transmit them to others or to request transmission from one owner to another, if technically feasible;

• The right to object: to object at any time to processing for purposes of public interest or legitimate interest; for marketing purposes; for scientific, historical or statistical research purposes.
Interested parties can make a complaint to the Guarantor Authority if necessary, or simply contact it for information relating to the exercise of their rights recognized by the Reg. EU 2016/679

III - COOKIES

1 - Type of Cookies

1. The aforementioned site uses cookies to make the user's browsing experience easier and more intuitive: cookies are small strings of text used to store some information that may concern the user, his preferences or the Internet access device ( computer, tablet or mobile phone) and are mainly used to adapt the functioning of the site to the user's expectations, offering a more personalized browsing experience and memorizing the choices made previously.

2. A cookie consists of a small set of data transferred to the user's browser by a web server and can only be read by the server that carried out the transfer. This is not executable code and does not transmit viruses.

3. Cookies do not record any personal information and any identifiable data will not be stored. If you wish, you can prevent the saving of some or all cookies. However, in this case the use of the site and the services offered could be compromised.

2 - Technical cookies

1. There are numerous technologies used to store information on your computer, which is then collected by the sites. Among these, the best known and most used are HTML cookies. They are used for navigation and to facilitate access and use of the site by the user. They are necessary for the transmission of communications over an electronic network or for the supplier to provide the service requested by the customer.

2. The settings to manage or disable cookies may vary depending on the internet browser used. In any case, the user can manage or request the general deactivation or deletion of cookies by changing the settings of their internet browser. This deactivation may slow down or prevent access to some parts of the site.

3. The use of technical cookies allows safe and efficient use of the site.

4. The cookies that are inserted in the browser and retransmitted through Google Analytics or through the blogger statistics service or similar are technical only if used for the purpose of optimizing the site directly by the owner of the site itself, who may collect information in aggregate form on the number of users and how they visit the site.

5. All data collected is anonymous as it does not record the user's IP address. Under these conditions, the same rules apply to analytical cookies, in terms of information and consent, as provided for technical cookies.

6. From the point of view of duration, temporary session cookies can be distinguished which are automatically deleted at the end of the browsing session and are used to identify the user and therefore avoid logging in to each page visited and permanent ones which remain active on the PC until they expire. or cancellation by the user.

7. Session cookies may be installed in order to allow access and permanence in the reserved area of the portal as an authenticated user.

8. They are not stored permanently but exclusively for the duration of navigation until the browser is closed and disappear when the browser is closed. Their use is strictly limited to the transmission of session identifiers consisting of random numbers generated by the server necessary to allow safe and efficient exploration of the site.

3 - Third party cookies

1. In relation to their origin, a distinction is made between cookies sent to the browser directly from the site you are visiting and third-party cookies sent to your computer from other sites and not from the one you are visiting.

2. Permanent cookies are often third-party cookies.

3. Most third-party cookies are tracking cookies used to identify online behavior, understand interests and therefore personalize advertising offers for users.

4. Third-party analytical cookies may be installed. They are sent from the domains of the aforementioned third parties external to the site.

5. Third-party analytical cookies are used to detect information on user behavior on this site. The detection takes place anonymously, in order to monitor performance and improve the usability of the site. Third-party profiling cookies are used to create profiles relating to users, in order to propose advertising messages in line with the choices expressed by the users themselves.

6. The use of these cookies is governed by the rules established by the third parties themselves, therefore, users are invited to read the privacy information and the instructions for managing or disabling cookies published on the relevant web pages.

4 - Profiling cookies

1. Profiling cookies are those which are used to create profiles relating to the user and are used to send advertising messages in line with the preferences expressed by the user when browsing the internet.

2. The consent of the interested party is required for the use of profiling cookies.

3. Article 22 of EU Regulation 2016/679 and article 122 of the Data Protection Code will apply.

IV - CHANGES TO THIS DOCUMENT

1. This document constitutes the privacy policy of this site.

2. This document may be subject to changes at any time by giving notice to users on this page. We therefore ask you to consult this page often, taking as reference the date of last modification indicated at the bottom.