Privacy Policy
Privacy Policy
Last Updated: February 14th 2026
At Kholdina Studio, transparency is not only an aesthetic choice — it is a legal and ethical commitment. This page explains how we collect, use, and protect your personal data when you visit or interact with our website.
We handle your information with care, in compliance with European data protection law.
1. Data Controller
The Data Controller is:
MAJOR THINGS SNC
Piazza XXVI Maggio, 1
21100 Varese (VA), Italy
P. IVA 04117560120
PEC: [[email protected]](mailto:[email protected])
Email: [[email protected]](mailto:[email protected])
For any privacy-related request, you may contact us at [[email protected]](mailto:[email protected]).
2. Legal Framework
We process personal data in accordance with:
- Regulation (EU) 2016/679 (GDPR)
- Italian Legislative Decree 196/2003 (as amended)
- Applicable international data protection regulations where relevant
This policy applies to the website [www.kholdinastudio.com](http://www.kholdinastudio.com) (the “Website”), including its e-commerce and account functionalities.
3. What Personal Data We Collect
Depending on how you interact with us, we may collect:
Identification & Contact Data
- Name and surname
- Email address
- Telephone number
- Billing and shipping address
Account Data
- Username
- Encrypted password
- Purchase history
- Wishlist information
Transaction Data
- Order details
- Payment confirmations
Payment information (e.g., credit card numbers) is processed directly by certified payment providers such as Stripe and PayPal. We do not store full payment card details.
Technical & Usage Data
- IP address
- Browser and device information
- Pages visited
- Interaction data
- Referring URLs
Marketing Data
- Newsletter preferences
- Email engagement
- Abandoned cart information
We do not intentionally collect special categories of data (such as health or biometric data).
4. How We Collect Your Data
Your data may be collected when you:
- Create an account
- Place an order (including guest checkout)
- Subscribe to our newsletter
- Fill in a contact form
- Browse our website
- Interact with our marketing communications
Certain data is also collected via cookies and tracking technologies (see Section 12).
5. Why We Process Your Data (Purpose & Legal Basis)
We process personal data only when we have a lawful basis to do so.
To Create and Manage Your Account
Legal basis: Art. 6(1)(b) GDPR – performance of a contract
To Process and Fulfill Orders
Including payment processing, shipping, and customer support
Legal basis: Art. 6(1)(b) GDPR
To Comply with Legal Obligations
Including accounting and tax requirements
Legal basis: Art. 6(1)(c) GDPR
To Send Newsletters and Marketing Communications
Including abandoned cart reminders
Legal basis: Art. 6(1)(a) GDPR – consent
You may withdraw consent at any time.
To Improve Website Performance and Security
Including analytics and fraud prevention
Legal basis: Art. 6(1)(a) GDPR (where consent is required) or Art. 6(1)(f) GDPR (legitimate interest)
6. Mandatory and Optional Data
Certain data (such as billing and shipping information) is necessary to complete a purchase. Without it, we cannot fulfill your order.
Marketing-related data is optional and based on your explicit consent.
7. Account Retention and Deletion
User accounts remain active unless:
- You request deletion
- We remove inactive accounts for security or compliance reasons
You may request deletion of your account at any time by contacting us.
8. Who We Share Data With
We share personal data only when necessary and only with trusted partners, including:
- Payment service providers (such as Stripe and PayPal), depending on the payment method selected
- Banking institutions in the case of direct bank transfers
- Mailchimp (newsletter services)
- WooCommerce and related technical providers
- Website hosting services
- Shipping and courier partners
- Accounting and legal advisors
- IT service providers
Payment details are processed directly by the selected payment provider. The Company does not store full credit card numbers.
All service providers act under data processing agreements in compliance with Art. 28 GDPR.
9. International Data Transfers
Some of our service providers (including Stripe, PayPal, Mailchimp, Google, and Meta) may process data outside the European Union.
When this occurs, data transfers are safeguarded through:
- European Commission adequacy decisions
- Standard Contractual Clauses (SCCs)
- Participation in the EU–U.S. Data Privacy Framework, where applicable
10. How Long We Keep Your Data
We retain personal data only as long as necessary:
- Order and accounting data → 10 years (Italian tax law)
- Account data → until deletion request or prolonged inactivity
- Marketing data → until consent withdrawal
- Abandoned cart data → maximum 24 months
11. Your Rights
Under the GDPR, you have the right to:
- Access your personal data
- Request correction
- Request deletion
- Restrict processing
- Receive your data in portable format
- Object to processing
- Withdraw consent at any time
To exercise your rights, contact: [[email protected]](mailto:[email protected])
You also have the right to lodge a complaint with the Italian supervisory authority:
Garante per la Protezione dei Dati Personali
[www.garanteprivacy.it](http://www.garanteprivacy.it)
12. Cookies and Tracking Technologies
Our website uses technical, analytical, and marketing cookies.
Non-essential cookies (including analytics and advertising tools such as Google Analytics and Meta Pixel) are activated only after your consent through our cookie banner.
For detailed information, please refer to our separate Cookie Policy.
13. Security
We adopt appropriate technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction.
Passwords are encrypted. Payments are processed through certified secure providers.
14. Automated Decision-Making
We do not carry out automated decision-making processes that produce legal or similarly significant effects on users.
15. Updates to This Policy
We may update this Privacy Policy to reflect legal or operational changes. The latest version will always be available on this page.