Privacy Policy

Privacy Policy

Last Updated: February 14th 2026

At Kholdina Studio, transparency is not only an aesthetic choice — it is a legal and ethical commitment. This page explains how we collect, use, and protect your personal data when you visit or interact with our website.

We handle your information with care, in compliance with European data protection law.

1. Data Controller

The Data Controller is:

 

MAJOR THINGS SNC

Piazza XXVI Maggio, 1

21100 Varese (VA), Italy

P. IVA 04117560120

PEC: [[email protected]](mailto:[email protected])

Email: [[email protected]](mailto:[email protected])

 

For any privacy-related request, you may contact us at [[email protected]](mailto:[email protected]).

2. Legal Framework

We process personal data in accordance with:

 

  • Regulation (EU) 2016/679 (GDPR)
  • Italian Legislative Decree 196/2003 (as amended)
  • Applicable international data protection regulations where relevant

 

This policy applies to the website [www.kholdinastudio.com](http://www.kholdinastudio.com) (the “Website”), including its e-commerce and account functionalities.

3. What Personal Data We Collect

Depending on how you interact with us, we may collect:

Identification & Contact Data

 

  • Name and surname
  • Email address
  • Telephone number
  • Billing and shipping address

Account Data

 

  • Username
  • Encrypted password
  • Purchase history
  • Wishlist information

Transaction Data

 

  • Order details
  • Payment confirmations

 

Payment information (e.g., credit card numbers) is processed directly by certified payment providers such as Stripe and PayPal. We do not store full payment card details.

Technical & Usage Data

 

  • IP address
  • Browser and device information
  • Pages visited
  • Interaction data
  • Referring URLs

Marketing Data

 

  • Newsletter preferences
  • Email engagement
  • Abandoned cart information

We do not intentionally collect special categories of data (such as health or biometric data).

4. How We Collect Your Data

Your data may be collected when you:

 

  • Create an account
  • Place an order (including guest checkout)
  • Subscribe to our newsletter
  • Fill in a contact form
  • Browse our website
  • Interact with our marketing communications

 

Certain data is also collected via cookies and tracking technologies (see Section 12).

5. Why We Process Your Data (Purpose & Legal Basis)

We process personal data only when we have a lawful basis to do so.

 

To Create and Manage Your Account

Legal basis: Art. 6(1)(b) GDPR – performance of a contract

 

To Process and Fulfill Orders

Including payment processing, shipping, and customer support

Legal basis: Art. 6(1)(b) GDPR

 

To Comply with Legal Obligations

Including accounting and tax requirements

Legal basis: Art. 6(1)(c) GDPR

 

To Send Newsletters and Marketing Communications

Including abandoned cart reminders

Legal basis: Art. 6(1)(a) GDPR – consent

 

You may withdraw consent at any time.

 

To Improve Website Performance and Security

Including analytics and fraud prevention

Legal basis: Art. 6(1)(a) GDPR (where consent is required) or Art. 6(1)(f) GDPR (legitimate interest)

6. Mandatory and Optional Data

Certain data (such as billing and shipping information) is necessary to complete a purchase. Without it, we cannot fulfill your order.

 

Marketing-related data is optional and based on your explicit consent.

7. Account Retention and Deletion

User accounts remain active unless:

 

  • You request deletion
  • We remove inactive accounts for security or compliance reasons

 

You may request deletion of your account at any time by contacting us.

8. Who We Share Data With

We share personal data only when necessary and only with trusted partners, including:

 

  • Payment service providers (such as Stripe and PayPal), depending on the payment method selected
  • Banking institutions in the case of direct bank transfers
  • Mailchimp (newsletter services)
  • WooCommerce and related technical providers
  • Website hosting services
  • Shipping and courier partners
  • Accounting and legal advisors
  • IT service providers

 

Payment details are processed directly by the selected payment provider. The Company does not store full credit card numbers.

 

All service providers act under data processing agreements in compliance with Art. 28 GDPR.

9. International Data Transfers

Some of our service providers (including Stripe, PayPal, Mailchimp, Google, and Meta) may process data outside the European Union.

 

When this occurs, data transfers are safeguarded through:

 

  • European Commission adequacy decisions
  • Standard Contractual Clauses (SCCs)
  • Participation in the EU–U.S. Data Privacy Framework, where applicable

10. How Long We Keep Your Data

 

We retain personal data only as long as necessary:

 

  • Order and accounting data → 10 years (Italian tax law)
  • Account data → until deletion request or prolonged inactivity
  • Marketing data → until consent withdrawal
  • Abandoned cart data → maximum 24 months

11. Your Rights

Under the GDPR, you have the right to:

 

  • Access your personal data
  • Request correction
  • Request deletion
  • Restrict processing
  • Receive your data in portable format
  • Object to processing
  • Withdraw consent at any time

 

To exercise your rights, contact: [[email protected]](mailto:[email protected])

 

You also have the right to lodge a complaint with the Italian supervisory authority:

 

Garante per la Protezione dei Dati Personali

[www.garanteprivacy.it](http://www.garanteprivacy.it)

12. Cookies and Tracking Technologies

Our website uses technical, analytical, and marketing cookies.

 

Non-essential cookies (including analytics and advertising tools such as Google Analytics and Meta Pixel) are activated only after your consent through our cookie banner.

 

For detailed information, please refer to our separate Cookie Policy.

13. Security

We adopt appropriate technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction.

 

Passwords are encrypted. Payments are processed through certified secure providers.

14. Automated Decision-Making

We do not carry out automated decision-making processes that produce legal or similarly significant effects on users.

15. Updates to This Policy

We may update this Privacy Policy to reflect legal or operational changes. The latest version will always be available on this page.