Privacy Policy

Privacy Policy

Last updated: January 2026

This Privacy Policy describes how COCOA collects, uses, and protects your personal data in accordance with the General Data Protection Regulation (GDPR - EU Regulation 2016/679) and the Italian Privacy Code (Legislative Decree 196/2003 and subsequent amendments).

1. Data Controller

The Data Controller is COCOA, with its registered office in Italy.
To contact us: use the Contact Us page on our website.

2. Data Collected

We collect the following personal data:

  • Contact data: first name, last name, email address, phone number, shipping and billing address
  • Payment data: information necessary to process payments (securely handled by our payment service providers)
  • Browsing data: IP address, browser type, pages visited, cookies
  • Order data: purchase history, product preferences

3. Purpose of Processing

Your data is used to:

  • Process and manage your orders
  • Communicate with you regarding orders and customer service
  • Improve your shopping experience
  • Send you marketing communications (only with your consent)
  • Fulfill legal obligations (invoicing, accounting)
  • Prevent fraud and ensure site security

4. Legal Basis for Processing

We process your data based on:

  • Contract performance: to process your orders
  • Consent: to send you marketing communications
  • Legal obligation: to comply with tax and accounting obligations
  • Legitimate interest: to improve our services and prevent fraud

5. Data Sharing

Your data may be shared with:

  • Payment service providers (to process payments)
  • Couriers and shippers (to deliver your orders)
  • Shopify platform (which hosts our online store)
  • Email marketing services (only with your consent)

We never sell your data to third parties.

6. Data Retention

We retain your data for the time necessary to:

  • Fulfill contractual and legal obligations (10 years for tax data)
  • Manage any complaints or disputes
  • Send you marketing communications (until consent is withdrawn)

7. Your Rights

Under the GDPR, you have the right to:

  • Access: obtain confirmation of the data we process
  • Rectification: correct inaccurate data
  • Erasure: request the deletion of your data
  • Restriction: restrict processing in certain circumstances
  • Portability: receive your data in a structured format
  • Objection: object to processing for marketing purposes
  • Withdraw consent: withdraw consent at any time

To exercise your rights, contact us via the Contact Us page.

8. Cookies

Our site uses technical cookies necessary for its operation and analytical cookies to improve the user experience. You can manage cookie preferences through your browser settings.

9. Security

We adopt appropriate technical and organizational measures to protect your data from unauthorized access, loss, or destruction.

10. Changes to the Privacy Policy

We reserve the right to modify this Privacy Policy. Changes will be published on this page with the update date.

11. Complaints

You have the right to lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it) if you believe that the processing of your data violates the GDPR.