Theoarn.com and its group companies (collectively, “Theoarn,” “we,” “us,” or “our”) have created this Privacy Policy (the “Policy”) to inform you about: (1) the types of information we collect; (2) the choices you have regarding such information; and (3) how we collect, use, share, update, and protect such information. This Policy applies to information collected through our websites, our mobile/tablet websites, our social media, our registration and event services, our communication platforms, our stores, our kiosks, and other digital and omnichannel properties owned or controlled by Theoarn that are relevant to this Policy (each a “Website” and collectively, our “Websites”).
This Policy and your use of any of our Websites are subject to our Terms & Condition. If you have any questions about this Policy, please contact us using the “Contact Us” below.
1. How We Protect Your Information
Theoarn prioritizes information security and implements multi-faceted measures to safeguard your account and personal data. However, it should be noted that the complex network environment cannot completely eliminate risks (such as unauthorized access, software and hardware failures, etc.).
To mitigate these risks, Theoarn uses industry-standard technologies to store information (including IP addresses) and establishes a triple layer of protection: administrative + technical + physical:
• Administrative Protection: Data access permissions are clearly defined, and employees must sign confidentiality agreements and receive security training.
• Technical Protection: Data encryption, intrusion detection, and other tools are used to protect data from tampering and leakage in real time.
• Physical Protection: Server rooms are physically isolated, with security and monitoring to ensure hardware security.
If your personal information is potentially compromised (which is extremely unlikely), Theoarn will initiate an emergency response and, if necessary, will notify you promptly via the contact information you provide (email/privacy message). Furthermore, sensitive data transmitted between the website and you (such as payment and identity information) is protected by SSL encryption and digital signatures to prevent interception during transmission.
2. From What Sources Do We Obtain and Collect Your Personal Data?
Typically, you provide your data to us consciously and voluntarily, for example, when registering for a user account, subscribing to newsletters, purchasing goods, entering into a purchase agreement, or joining a loyalty program.
We also obtain your data when you contact us outside our website – electronically by sending an email, by submitting a written document in paper form, or by calling us by phone.
3. For What Purposes and on What Legal Basis Are Your Personal Data Processed?
User Account Registration and Administration
Your data is used to register and maintain a user account. This includes confirming registration, providing access to the account, processing requests, and communicating with you when necessary to provide important information.
Required data: name, surname, email address, date of birth, gender, phone number, and delivery address.
Personalized Offers, Commercial Notifications, Benefits, and Surveys
We use your data to manage personalized and commercial offers, loyalty program benefits, and other advantages, such as birthday benefits. We also process data to conduct customer surveys regarding our services in order to evaluate and improve them.
For these activities, automated decision-making is applied, based on general rules. To provide you with personalized offers and recommendations, profiling is carried out using algorithms and predictive models to analyze your behavior, choices, and similar parameters.
Required data: name, surname, email address, date of birth, purchase history, and user data related to activities on the online shop (for example, frequently viewed products). For surveys, only your email address is required.
Legal basis – your consent to receive personalized or commercial offers and to participate in surveys.
Compliance with Legal Obligations
We process your data to fulfill legal requirements, such as accounting, product liability, and product safety obligations.
Required data: name, surname, email address, information about orders, payments, transactions, and delivery.
Legal basis – compliance with legal obligations.
Handling Customer Complaints, Claims, and Feedback
We use your data to process complaints, claims, suggestions, or feedback regarding our products and services, including in the online shop.
Required data: name, surname, email address, phone number, as well as the content of the complaint and supporting documents justifying your claim.
Legal basis – our legitimate interests in reviewing customer feedback and complaints in order to improve service quality.
Statistics and Market Research
Your data is used to analyze, assess, and improve the provision of our services and to expand our offerings.
Required data: information about your orders, deliveries, payments, purchase history, and website activities.
Processing is carried out solely for statistical purposes, and the results are not used to make decisions affecting an individual person.
4. In What Cases and to What Recipients Do We Disclose Your Data?
Your personal data is disclosed only to the extent necessary to ensure the operation of the website and the provision of services. They may be disclosed to our employees and cooperation partners (processors) who provide IT support, payment processing, delivery, and other business services.
In certain cases, your personal data may be provided to state authorities if such disclosure is required by applicable laws.
5. How Long Do We Store Data and When Are They Deleted?
We store your personal data only as long as necessary to achieve the specific purpose or as required by applicable legislation (e.g., for accounting purposes).
If circumstances arise that require extended storage, the information is retained until those circumstances no longer apply.
We store and process your personal data for as long as at least one of the following conditions exists:
• under applicable legislation, it is possible to exercise our or your legitimate
• interests (for example, to submit objections or bring claims in court);
• there is a legal basis or obligation to retain the data;
• your consent for the respective processing is valid.
6. What Are Your Rights and How Can You Exercise Them?
This section lists your rights as provided for by data protection legislation.
Right of Access
You may request confirmation as to whether we process personal data relating to you. If so, you have the right to access the data and receive information about its processing.
Right to Rectification
If data about you is incorrect or incomplete, you have the right to request that it be corrected or supplemented.
Right to Restriction of Processing
In certain cases, you may request that we restrict the processing of your data, for example, until the accuracy of the data has been verified. To exercise this right, a written request must be submitted to us.
Right to Erasure
You have the right to request the deletion of your personal data. Each request is evaluated, and data will be erased if applicable under the law.
Data will not be deleted if their processing is required to comply with legal obligations or if they are necessary to establish, exercise, or defend legal claims.
Right to Object to Processing
You have the right to object to processing of your data if it is carried out based on our legitimate interests. In such a case, processing will be stopped unless we have compelling reasons to continue. To exercise this right, a written request must be submitted to us.
Right to Data Portability
You have the right to receive your data in a structured, commonly used, and machine-readable format and to transfer them to another controller if processing is based on your consent and carried out by automated means. If you wish and it is technically feasible, we can transmit the data directly to another controller you designate.
Right to Withdraw Consent
If processing is based on your consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal. You can withdraw or change your consent in your user account, in the mobile application, or by contacting us.
7. Children’s Privacy
Theoarn does not direct its websites to children under the age of eighteen. We require registered users of the site to be at least twenty-one years old. If we learn that a user is under eighteen years of age, we will promptly delete any personal information that the individual has provided to us.
8. Validity and Changes of the Policy
This Theoarn Privacy Policy may be amended or updated if required by changes in our operations or legislation.
