Privacy Policy

Effective Date: January 31, 2026

1. Introduction and Scope

This Privacy Policy (“Policy”) governs the collection, processing, and use of personal data by Triada Designs, a company that operates an e-commerce platform for jewellery and fashion products through its website (www.triadadesigns.com) and mobile application. Triada Designs, we, us, and our refer to this entity.

This Policy governs the collection, processing and use of your personal data by Triada Designs, regardless of the technology platform you use to access our services. This includes, but is not limited to, our websites hosted on WordPress and our e-commerce store on Shopify, as well as any other official platforms or applications we may operate (collectively, the “Platform”).

By interacting with any part of our Platform, you agree that this Policy is the sole governing document for the handling of your personal information.

We are committed to the privacy and security of your personal data and comply with all applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). This Policy details how we collect, use, share, and store your personal information through your interactions with the Platform.

We utilize GoDaddy as our website hosting provider. All data associated with the operation of this website is stored in GoDaddy’s EU data centers. We maintain a formal Data Processing Addendum (DPA) with GoDaddy to ensure their processing activities meet the necessary legal standards for data protection and confidentiality.

2. Amendments and Consent

Policy Amendments: We may modify or update this Policy periodically to reflect changes in our data processing practices or legal requirements. We encourage you to review this Policy regularly. Material changes will be communicated via a prominent notice on our Platform. Your continued use of the Platform after such changes constitutes your acceptance of the revised Policy.

User Consent: By accessing or utilizing the services of our Platform, you consent to the collection, use, sharing, and storage of your personal data by Triada Designs as described herein. Your use of the Platform constitutes express consent to our use and disclosure of your information in accordance with this Policy.

3. Data Controller

Triada Designs acts as the data controller for the personal data collected and processed through our Platform, and as such, we determine the purposes and means of processing your personal data.

4. Collection of Personal Information

We collect various categories of personal information to provide, protect, and enhance our products and services. This enables us to operate our business and fulfil our contractual and legal obligations. This data includes information you provide directly and information automatically collected during your use of the Platform.

A. Information You Provide Directly

This includes any personal data you submit to us via the Platform, phone, text, or social media. This occurs when you:

Complete forms on our Platform.
Register for or subscribe to our services.
Enter competitions or promotions.
Participate in surveys.
Post comments or content.
Purchase products or services.
Contact us.

Categories of Personal Data Collected:

Contact & Identity Information: First and last name, username, email addresses, phone numbers, postal address, PIN/ZIP code, and passwords.
Demographic & Profile Data: Age, gender, date of birth, nationality, and shopping preferences.
Financial & Transaction Details: Payment and transaction details, credit or debit card numbers, bank account details, and billing/shipping information. Please note that we do not store your credit or debit card information; it is transmitted directly to our authorized payment gateways.
Optional Information: Wedding date, jewellery interests, ring size, and feedback on services or products.
ID Verification Data: Information such as passport, driving license, or national ID card details, collected for anti-money laundering checks.
User-Generated Content: Pictures, videos, messages, comments, and reviews you submit to our Platform or social media channels.
Shop Orders: Data collected during the placement of an order, including contact, billing and shipping information
Newsletter Sign Ups: Contact information provided for subscription to our newsletters and promotional communications
Bookings: Data provided for scheduling appointments or sessions through third party platforms such as Calendly or for participation in virtual meetings via services like Zoom.
Third Party Interactions: Guest data and related information provided to us via third party platforms such as Airbnb for accommodation services
Drop shipping Logistics: Data necessary for the fulfillment and shipment of products from our third party suppliers

B. Information Collected Automatically

As you access and use our Platform, certain information is automatically collected. This data is used for analytics, promotional measurement, and security purposes. It may include:

Device Information: Type of device, operating system, and web browser.
Network Information: Domain server, IP address, and network carrier.
Usage Data: Web pages and links visited, time spent on the Platform, search queries, and items viewed, added to cart, or wish-listed.
Location Information: Geo-location data, used to provide customized offers.
Technical Data: Bandwidth speed and software information.
Log Data: Standard server log information.
Tracking Technologies: Information collected through cookies, pixel tags, and similar technologies.

C. Information from Other Sources

We may obtain additional information about you from public and commercial sources, and from third-party social networking services you connect with. This data may be combined with information we have already collected to enhance your profile.

Sensitive Personal Data: We do not intentionally collect “special” or “sensitive” personal data (e.g., government-issued IDs, racial or ethnic origin, political opinions, health information) from users. If we require such data, we will seek your explicit consent. By voluntarily providing any sensitive data, you consent to its use in accordance with this Policy.

D. Lawful Objectives and Utilization of Collected Data

The Company shall utilize the collected Personal Data strictly for the lawful and legitimate objectives outlined below, compliant with GDPR and other relevant regulations:

Contractual Execution and Fulfilment: To execute contractual obligations for the sale of e-commerce goods, including international shipping, drop shipping logistics and personalised product fulfilment) and the timely provision of contracted consultation services (online soul sessions).
Membership Management: To manage and deliver benefits associated with the planned subscription / membership model, including recurring billing, access to exclusive digital content and the shipment of physical components.
Operational Enhancement and Security: To analyze usage patterns and technical performance data to continually improve the architecture, functionality and security of the Website and its offerings, and to prevent or detect fraudulent activities
Compliance and Legal Obligation: To comply with mandatory legal or regulatory requirements (e.g., tax, consumer protection), respond to lawful requests from public authorities, and maintain records of consent and transaction history
External Booking Facilitation: To direct data subjects to third party platforms (e.g., Airbnb) for the independent booking of advertised holiday homes, where the Company’s liability and data processing responsibilities cease upon external redirection
Targeted Communications: Subject to receiving explicit, unambiguous consent, to dispatch informational and marketing materials, including newsletters and product updates, in accordance with applicable e-commerce regulations

5. Use of Personal Information

We use your personal data exclusively for the purposes for which it was collected, as specified in this Policy, or as otherwise obvious from the context of its collection.

Service Provision & Customer Support: To register your account, fulfil service requests, and provide customer support and troubleshooting.
Platform Enhancement: To administer, manage, and improve the Platform, develop new offerings, and personalize your user experience and content.
Marketing & Communications: To send you service updates, newsletters, and promotional materials via various communication channels, subject to your prior consent or as permitted by law.
Analytics & Research: To analyze user demographics and behavior, create user profiles, and generate aggregated statistics to better understand user preferences.
Financial & Legal Operations: To process payments, manage debt collection, and engage in legal matters as necessary.
Security & Compliance: To detect and prevent fraud, enforce our terms and conditions, and comply with legal obligations and requests from law enforcement.
Public Content: We may use publicly posted user content (e.g., product reviews, comments) in our advertisements and promotional materials.
E-commerce operations: In connection with our e-commerce business, which includes the sale of jewellery and fashion products, we collect personal information necessary to process and fulfil your orders. This includes, but is not limited to, your name, billing and shipping addresses, payment details, email address and phone number. This data is used to process payments, arrange for product delivery, provide customer service and communicate with you about your order status.
Consultation Services: For 1:1 consultation services, including online soul sessions, we may collect and process information you provide directly during the session or in preparation for it. This data may include personal details, background information and other sensitive information relevant to the service. This information is processed solely for the purpose of providing the consultation service and is treated with strict confidentiality. The Client expressly acknowledges and provides irrevocable consent for the Company to record the audio and video of each session. These recordings are maintained for (i) the provision of services, (ii) internal quality assurance, and (iii) as a record of the consultation. Data collected may include personal identifiers, biographical history, and sensitive personal data (including health, spiritual, or emotional information). The Company warrants that such data is processed strictly for the execution of the services and shall be treated with the highest degree of confidentiality in accordance with applicable data protection laws. Recordings and associated data shall be stored in a secure, encrypted environment. Except where required by law or judicial order, the Company shall not disclose session content to any third party without the Client’s prior written authorization.
Subscription and Membership Offerings: In anticipation of the future launch of subscription and membership-based offerings, which will include both digital and physical components, we will update this Privacy Policy to detail the specific types of personal data collected. This may include, but will not be limited to, information required for recurring billing, personalisation of digital content and the shipment of physical goods. We will provide a clear and comprehensive explanation of how such data is collected, used and protected prior to the launch of these services.
Third Party Bookings for Holiday Homes: Our website displays holiday homes that are bookable through third party platforms such as Airbnb and Booking.com. Please be advised that when you click on a link to book a holiday home, you are redirected to the respective third-party platform. We do not collect, store or process any personal data related to your booking or payment for these properties. Your interaction, including any personal information you provide, is governed by the privacy policies and terms of service of the third-party booking platform. We encourage you to review their policies before proceeding with a booking.

6. Cookies and Similar Technologies

Our Platform uses cookies and similar technologies to enable functionality and collect additional information.

Definition: A cookie is a small text file placed on your device by a web server. Cookies enable the browser to remember specific information about a user, such as login details and preferences.
Types of Cookies: We use both session cookies (which expire when you close your browser) and persistent cookies (which remain on your device). These technologies are used for security, navigation, and statistical analysis to improve our services.
Third-Party Technologies: We utilize third-party cookies for advertising purposes, including targeted advertising, retargeting, conversion tracking, and measuring ad effectiveness. These technologies collect data about your online behaviour to serve relevant advertisements.
Your Choices: You can manage or disable cookies through your browser or device settings. However, doing so may impair the functionality of the Platform. By continuing to use our website, you consent to our use of cookies.

Our Platform uses cookies, pixels and other tracking technologies to collect and store information about your use of our Services. These technologies help us analyse user behaviour, administer the Platform and deliver targeted advertising.

We utilize third party services that employ these technologies, including but not limited to:

Google Analytics: To collect and analyse data regarding website traffic and user behaviour
Meta Pixel: To measure the effectiveness of our advertising, optimize ad campaigns and create targeted audiences for our advertisements on Meta’s services (e.g., Facebook and Instagram)
Shopify Tracking: To collect data necessary for the functionality of our e-commerce store, including user sessions, cart contents and purchase history.

By using our Platform, you consent to the use of these tracking technologies. You can manage your cookie preferences through your browser settings, but please be aware that disabling certain cookies may affect the functionality of our website.

Cookie Consent Management

To ensure full compliance with data protection and privacy regulations, Triada Designs operates a robust Cookie Consent Management Platform (CMP).

This platform allows our visitors to exercise granular control over the types of cookies and tracking technologies used on our website. Specifically, you can grant, deny, or withdraw consent on a category-by-category basis, including for:

Functional Cookies: Essential for website operation and security.
Analytics Cookies: Used to measure website performance and user interaction.
Marketing Cookies: Used to track browsing habits for personalized advertising.

Your choices are recorded and respected across your subsequent visits, and you may adjust your preferences at any time via the consent widget or a link provided in the footer of this website.

7. Disclosure of Personal Information to Third Party Processors

We may share your personal data with third parties on a need-to-know basis to facilitate our services, business operations and provide services on our behalf. These Processors have limited access to your personal data strictly for the purpose of performing their designated functions and are contractually obligated to maintain confidentiality and data security. We do not sell or distribute your personal information to third parties for their own marketing purposes without your express consent. The categories of Processors with whom we may share your data include:

E-commerce platforms: For the management of our online store and processing of transactions (e.g., Shopify)
Payment Processors: For the secure handling of all payment transactions (e.g., Stripe, PayPal)
Scheduling and Communication Services: For managing bookings and conducting virtual meetings (e.g., Calendly, Zoom)
Logistics and Fulfilment Partners: For order processing, shipping and delivery of products (e.g., shipping providers, drop shipping suppliers)
Marketing and Analytics Providers: For email marketing services and analysis of user behaviour (e.g., email marketing providers, hosting providers)
Accommodation Platforms: For the management of guest data related to our services provided through such platforms (e.g., Airbnb)
Service Providers: We engage third-party processors to perform services on our behalf (e.g., hosting, marketing, order fulfilment, data analytics). These providers have limited access to your data and are contractually obligated not to use it for other purposes.
Corporate Entities: We may share data with our corporate affiliates to prevent illegal activities and facilitate co-branded services.
Internal and Business Purposes: We may share your information with our employees, business partners or subcontractors, but only as needed to perform the services you have requested.
Business Transactions: In the event of a merger, acquisition, or corporate restructuring, your personal information may be transferred to the new entity, which will be bound by this Policy.
Legal Compliance: We may disclose your information when required by law, court order, or subpoena, or when we believe disclosure is necessary to protect our rights, property, or safety, or those of our users or the public.
Social Media Platforms: Our Platform may integrate with social media plugins. Your interactions with these plugins are governed by the respective platforms’ privacy policies.

We ensure that all our Processors adhere to relevant data protection laws and are subject to stringent data privacy and security vetting processes.

At Triada Designs, we handle your personal information with the utmost care and professionalism. We may need to share your data, but we only do so when absolutely necessary to operate our business, fulfil our legal obligations or protect our rights.

List of Essential Third-Party Processors

We engage certain third-party entities (“Processors”) to perform essential functions on our behalf. These parties process Personal Data only upon our documented instructions and are bound by appropriate data protection agreements, including Data Processing Addenda (DPAs), to maintain the confidentiality and security of the data.

The primary Processors we use are:

Processor Name	Purpose of Processing	Data Location/Safeguard Mechanism
GoDaddy	Website hosting and server maintenance.	EU Data Centers (DPA in place).
MetaAds (Facebook/Instagram)	Management of personalized advertising campaigns, audience segmentation, and performance analytics of marketing activities.	Global (Transfers secured via Standard Contractual Clauses – SCCs).
Our Email Service Provider	Sending transactional emails, customer service communications, and marketing newsletters (where consent has been provided).	Varies by provider; typically secured via SCCs or adequacy decisions.
Google Fonts	Providing and serving custom fonts used across the website to ensure consistent and correct visual display for all users.	Global (Generally considered non-identifying data for this purpose).

This list is regularly reviewed and updated to maintain full transparency regarding the parties that handle your data.

8. International Data Transfers

Your personal data may be transferred to, and processed in, countries other than the country in which you are a resident. These countries may have data protection laws that are different from the laws of your country.

We ensure that these transfers comply with applicable data protection laws. Specifically:

United Kingdom and Switzerland: Transfers of personal data to the United Kingdom and Switzerland are subject to adequacy decisions issued by the European Commission, meaning these countries are deemed to provide an adequate level of data protection.
Other Third Countries: For transfers to all other countries outside of the European Economic Area (EEA) that have not received an adequacy decision, we rely on the implementation of Standard Contractual Clauses (SCCs) adopted by the European Commission or other relevant mechanisms approved by the competent data protection authority.

By using our services, you acknowledge and agree that your data may be transferred to and processed in these jurisdictions under the safeguards described above.

UAE

Triada Designs, as the data controller, is a legal entity registered in Romania, an EU Member State. However, in order to fulfil certain contractual obligations, specifically the delivery of physical goods, it is necessary to transfer your personal data to third parties located in countries outside the European Economic Area (“EEA”).

For the purpose of order fulfilment and logistics, we engage service providers and utilize facilities in Dubai, United Arab Emirates (“UAE”). As such, personal data, including but not limited to your name, shipping address, contact details and order information, will be processed and stored in the UAE.

The UAE is not currently subject to an adequacy decision by the European Commission. To ensure that your personal data receives a level of protection equivalent to that of the EU, we have implemented appropriate safeguards in accordance with Article 46 of the GDPR. These safeguards include the use of Standard Contractual Clauses approved by the European Commission, which contractually bind our service providers in the UAE to protect your data in line with EU data protection standards.

By placing an order, you acknowledge and agree that your personal data will be transferred to and processed in the UAE for the express purpose of completing your order. This transfer is necessary for the performance of the contract between you and Triada Designs.

Our Platform is hosted within the EU. However, your personal data may be transferred to and processed in jurisdictions outside your country of residence, including the United States, where data protection laws may differ.

The US does not currently benefit from an adequacy decision by the European Commission. To ensure that your personal data receives an equivalent level of protection as that afforded by EU data protection law, we have implemented appropriate safeguards in accordance with Article 46 of the GDPR. These safeguards primarily consist of Standard Contractual Clauses approved by the European Commission, which contractually obligate our third-party processors in the US to protect your data in line with EU standards.

By utilizing our Platform, you acknowledge that your personal data may be transferred to and processed in the US. This transfer is based on the contractual necessity to provide our services to you, or on your explicit consent where required by law.

Transfer Basis and Primary Safeguards

Any transfer of Personal Data originating from the EEA to a Third Country that does not possess an adequacy decision from the European Commission is executed only upon the implementation of mandatory legal safeguards designed to maintain an essentially equivalent level of protection as guaranteed by the GDPR.

The Company utilizes the following legally recognized transfer mechanism:

Standard Contractual Clauses (SCCs): The Company has entered into, or relies upon the execution of, the applicable modules of the Standard Contractual Clauses (SCCs) approved by the European Commission (Decision 2021/914/EU) with all relevant Data Processors. The Company specifically employs the Controller-to-Processor module (Module Two) where required for service providers such as Shopify, Stripe, PayPal, Zoom, and the designated Email Marketing and CRM provider (e.g., Mailchimp).

Implementation of Supplementary Measure

In alignment with the mandates established by the Court of Justice of the European Union (CJEU) in the Schrems II ruling, the Company requires the execution of a comprehensive Transfer Impact Assessment (TIA) and the implementation of Supplementary Technical and Organisational Measures alongside the SCCs. These measures are designed to mitigate risks arising from third-country governmental surveillance laws and ensure the data remains protected during and after transfer. These supplementary measures include, but are not limited to:

Encryption: The requirement for state-of-the-art encryption both in transit and at rest.
Data Minimisation: The transfer and processing of only the strictly necessary data elements.
Transparency: Contractual obligations on the Processor to notify the Company immediately of any legal demands for access to the Personal Data by public authorities.

Purpose of International Transfers

Personal Data is transferred internationally for the following processing objectives, which are deemed necessary for the performance of the contract with the Data Subject:

Cloud Hosting and E-commerce Platform: Hosting the Website infrastructure and managing the Shopify store (U.S. processors).
Payment Processing: Secure execution of financial transactions (U.S. processors).
Customer Communication and CRM: Managing email subscriptions, marketing campaigns, and service session bookings (U.S. processors).
Fulfillment and Logistics: Sharing necessary Contact and Shipping Data with international shipping providers and dropshipping suppliers located in the destination countries (e.g., U.S., Australia, UAE) to complete the delivery of physical products.

9. Data Retention

We retain your personal data for the period necessary to fulfil the purposes for which it was collected, subject to any longer retention periods required by law or regulatory obligations. Once no longer required, the data will be securely disposed of or anonymized.

We will retain your personal data only for as long as is necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.

The retention period for data necessary for our financial and legal obligations, such as transaction records and contractual documentation, is currently set at five (5) years. This period aligns with relevant tax and accounting regulations.

Where a legal or regulatory requirement mandates a longer or shorter retention period, we will adjust our retention schedule accordingly. After the applicable retention period has expired, we will securely delete or anonymize your personal data.

We will typically delete your personal data within 5 (five) years of our last interaction with you. However, we may need to keep it for a longer period in specific situations:

· Legal Obligations: If the law requires us to hold onto your information for a specific period

· Legal Proceedings: If the data is necessary for any ongoing or future legal claims or proceedings.

· Protecting our rights: To establish, exercise or defend our legal rights, including for fraud prevention or to manage credit risk.

10. Lawful basis for processing, data subject rights and processor compliance

Pursuant to the requirements established by the European Union General Data Protection Regulation (GDPR) and other relevant data protection statutes (including, but not limited to, the CCPA/CPRA where applicable), the processing of Personal Data by Triada Designs SRL shall be conducted strictly upon the existence of a valid and lawful basis.

Lawful basis for processing (Article 6 of GDPR)

The primary lawful bases upon which the Company relies for the processing of Personal Data are delineated as follows:

Lawful Basis	Application to Triada Designs SRL’s Activities
Performance of a contract	Processing necessary for fulfilling e-commerce orders, managing subscription/membership services, processing payments, facilitating dropshipping logistics, and delivering online soul session services.
Consent (Explicit and Revocable)	Processing non-essential data, including the deployment of tracking cookies (Google Analytics, Meta Pixel), the dispatch of direct marketing communications (newsletters), and the use of Data Subject data in any processing activity where consent is the sole available lawful ground.
Legitimate Interest	Processing necessary for the legitimate interests pursued by the Company or by a third party, except where such interests are overridden by the fundamental rights and freedoms of the Data Subject. This includes, but is not limited to, fraud prevention, network and information security, debt recovery, and internal business analytics.
Legal Obligation	Processing necessary for compliance with a mandatory legal or regulatory obligation to which the Company is subject, including financial reporting, tax compliance, and adherence to mandatory consumer protection laws.
Compliance with Mandatory Obligations	We process certain categories of your personal data when necessary for compliance with a legal obligation to which we are subject, as defined under Article 6(1)(c) of the GDPR. The primary purposes for processing under this legal basis include, but are not limited to, compliance with Tax and Accounting regulations, mandatory audits, and other regulatory or supervisory requirements imposed by law. This processing is essential for maintaining accurate financial records and fulfilling government reporting duties.

Your Rights (GDPR & CCPA)

You have specific rights concerning your personal data, which we are committed to upholding in accordance with applicable law.

Right to Access/Know: You may request a copy of the personal data we hold about you.
Right to Rectification: You have the right to request the correction of any inaccurate or incomplete data.
Right to Deletion/Erasure: You may request the deletion of your personal information under certain circumstances.
Right to Withdraw Consent: You may withdraw your consent to data processing at any time.
Right to Object to Processing: You may object to the processing of your data based on legitimate interests.
Right to Data Portability: You have the right to receive your personal data in a structured, machine-readable format and transmit it to another controller.
Right to Opt-Out of Sale (CCPA): Although we do not sell your data, you have the right to direct us not to sell it.
Right to Non-Discrimination (CCPA): We will not discriminate against you for exercising your CCPA rights.
Right to Lodge a Complaint: You have the right to file a complaint with the relevant data protection authority if you are not satisfied with our handling of your data.

To exercise any of these rights, please contact our Grievance Officer.

Procedure for Exercise: All requests to exercise the aforementioned Data Subject rights must be submitted in writing to the Data Controller via the designated electronic mail address: privacy@triadadesigns.com. The Company shall respond to such requests in accordance with the regulatory timeframes (typically one month) following the verification of the Data Subject’s identity.

Compliance with Data Processing Agreements

The Company utilizes various third-party entities (“Data Processors”) to perform essential functions required for the operation of the Website, including payments, hosting, and marketing.

Confirmation of Contractual Compliance: In compliance with Article 28 of the GDPR, the Company hereby confirms that it has executed or otherwise mandates the execution of legally binding Data Processing Agreements (DPAs) or equivalent contractual terms with all relevant third-party processors, including:

E-commerce and Hosting Platforms: Shopify, WordPress Hosting Providers.
Payment Gateways: Stripe, PayPal.
Scheduling and Communication: Calendly, Zoom.
Email Marketing and CRM: Mailchimp or equivalent email marketing provider.
Logistics and Fulfillment: Shipping Providers and Dropshipping Suppliers.

These DPAs obligate the Data Processors to process Personal Data exclusively on the documented instructions of the Company, maintain stringent security measures, and comply fully with all applicable data protection laws, including requirements for international data transfers (EU → US).

11. Security Precautions

We have implemented stringent security measures to protect your personal data from loss, misuse, and unauthorized access. Our Platform uses Secure Socket Layer (SSL) technology to encrypt sensitive information. We conduct internal reviews of our data security practices and have appropriate physical security measures in place.

However, no system is completely impenetrable. If you believe your data has been compromised, please notify us immediately. You are responsible for maintaining the confidentiality of your account password.

The processing of the aforementioned Personal Data involves the secure storage, retrieval, consultation, use, disclosure to mandated third party processors, and eventual destruction of data.

Processing Method: Data is processed primarily through automated and electronic means, with rigorous technical and organizational security measures implemented to prevent unauthorized access, accidental loss, disclosure, or alteration, including the use of encrypted communication channels for data transfer.

Data Breach Response and Notification

In compliance with our obligations under Articles 33 and 34 of the GDPR, we maintain a comprehensive Data Breach Response Plan.

This plan ensures that in the event of a security incident leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed:

Notification to Supervisory Authority: We will notify the competent supervisory authority without undue delay, and where feasible, no later than 72 hours after having become aware of the breach. This notification includes all required details regarding the nature of the breach, its consequences, and the measures we have taken or propose to take to address it.
Notification to Data Subjects: When the Personal Data Breach is likely to result in a high risk to the rights and freedoms of natural persons, we will communicate the breach to the affected data subjects without undue delay.

Our dedicated response plan is regularly tested and updated to safeguard your data and ensure timely regulatory reporting.

12. Choice/Opt-Out

You may opt out of receiving non-essential marketing and promotional communications by managing your account settings or using the unsubscribe link in our emails. You may also request the deletion of your account, which may result in the loss of associated information.

13. Links to Third-Party Websites

Our Platform may contain links to external websites. We are not responsible for the privacy practices or content of these third-party sites. Their respective privacy policies govern your use of those platforms.

14. Children's Privacy

Our Platform is not intended for individuals under the age of 13. We do not knowingly collect personally identifiable information from children under 13. If you believe your child has provided such information, please contact us immediately to have it removed.

We are committed to protecting the privacy of children. Our website and services are not directed at, nor do we knowingly collect personal data from, children under the age of thirteen (13).

This policy aligns with the Children’s Online Privacy Protection Act (COPPA) for users in the United States and similar regulations globally.

If we learn that we have inadvertently collected personal data from a child under 13 without verifiable parental consent, we will take immediate steps to delete that information from our records as quickly as possible. If you believe we may have any such information, please contact us immediately using the details provided in this policy.

15. Integration with Third Party Marketing Platform (Mailchimp)

The Company, acting as the Data Controller, utilizes Mailchimp, a service provided by the Rocket Science Group LLC, an external data processor, for the sole purpose of executing and managing our electronic marketing communications and subscriber mailing lists. This engagement is strictly governed by a Data Processing Addendum to ensure compliance with applicable data protection regulations.

Categories of Personal Data transmitted and processing objectives

Pursuant to your express subscription or other legal authorization, the following categories of Personal Data shall be transmitted to and processed by Mailchimp on our documented instruction:

Electronic Mail Address (Email Address): Essential for the delivery and transmission of authorised electronic communications
Subscriber Identification (Name, Optional): Utilized for the personalisation of communications to optimize subscriber engagement
Metadata of Subscription: Records including the date, time and originating Internet Protocol (“IP”) address of subscription and consent confirmation

Furthermore, Mailchimp facilitates the monitoring of interaction data pertaining to the communications dispatched, which includes, but is not limited to:

Open and Click Tracking Data: Employed for the statistical measurement and optimization of campaign performance, allowing the Company to evaluate the efficacy and relevance of communication content.

Lawful Basis for Data Processing

The processing of the aforementioned Personal Data for the function of electronic marketing is predicated upon one of the following lawful bases:

Affirmative Consent: Processing is contingent upon your unambiguous affirmation for voluntary subscriptions.
Legitimate Interest: Processing is justified where it pertains to providing updates or notifications related to services previously procured (for existing customers, where permitted by law)

Exercise of Data Subject Rights and Data Location

Mailchimp operates strictly as a Data Processor acting solely on our documented instructions. The Personal Data herein described is stored upon Mailchimp’s servers, which may involve the transfer of data across international borders, including jurisdictions outside of the European Economic Area (“EEA”).

The right to withdraw consent and cease receiving all marketing communications is reserved to the data subject at all times. This right may be exercised by utilized the dedicated “Unsubscribe” mechanism provided within the footer of every electronic communication, or by submitting a formal written request to the Company’s designated Privacy Officer.

For explicit details regarding Mailchimp’s internal data processing protocols, security measures and international data transfer mechanisms, subscribers are directed to review Mailchimp’s corporate privacy policy.

16. Social Media Data Processing and Platform Interaction Protocols

We maintain official corporate pages and utilizes platform specific mechanisms on various third party social media platforms, including but not limited to Meta Platforms (Facebook and Instagram), to engage with the data subject and execute targeted marketing initiatives, pursuant to its contractual necessity and legitimate interest.

Independent and Joint Controller Status

When a Data Subject interacts with the Company’s official pages, submits content, or utilizes social media features integrated into the Website (e.g., sharing functions, embedded content), it is imperative to acknowledge the division of data processing responsibilities:

Independent Control: The underlying social media platform operates as an Independent Data Controller regarding the processing of core user data necessary for the platform’s own functionality, security, and advertising infrastructure. The Company exercises no control or jurisdiction over these independent processing activities.
Joint Control (Page Insights): In instances where the Company and the platform jointly determine the means and purposes of processing (e.g., the collection of aggregated visitor statistics via platform analytics, such as Facebook Page Insights), the Company may function as a Joint Controller with the social media platform for that specific processing objective. The agreement delineating the respective responsibilities shall be maintained by the social media platform provider.

Personal Data processed via social media interaction

The Company processes the following Personal Data resulting from voluntary interaction with its social media presence, utilized for the objectives of marketing, customer service, and performance analytics:

Public Interaction Data: Information related to comments, reviews, public messages, and reactions (e.g., ‘likes’) associated with the Company’s published content.
Direct Communication Data: Personal Data shared via platform-based direct messages (DMs) or integrated chat functions, used exclusively for the purpose of addressing customer service inquiries or facilitating pre-sales communication.
Aggregated Statistical Data: Non-identifiable statistical data provided by the platform (e.g., geographical origin of page visitors, interaction rates) which the Company utilizes for the rigorous statistical evaluation and optimization of campaign performance.

Website Integration and Tracking Technologies (Meta Pixel)

The Company utilizes platform-specific conversion tracking tools, specifically the Meta Pixel (and similar third-party tags) integrated into the Website’s codebase, to facilitate the functionality of its e-commerce operations.

Objective: These technologies enable the Company to measure the effectiveness of external advertising campaigns, facilitate the display of personalized advertisements to Data Subjects who have previously visited the Website (retargeting), and assist in the creation of lookalike audiences for market expansion (U.S., UAE, Australia).
Data Transferred: Data related to specific events (e.g., product views, cart additions, purchases) is transmitted to the respective social media platform. This data transfer constitutes an international data transfer and is subject to the Data Subject’s explicit, revocable consent obtained via the Company’s Consent Management Platform (CMP), as detailed in the separate Cookie Policy.

Limitation of Company Liability

Data Subjects are hereby formally advised that the terms, policies, and independent data processing practices of the third-party social media platforms are entirely separate from, and external to, the scope of this Privacy Policy. The Company disclaims all liability for the platforms’ independent collection, storage, and subsequent processing of user data, including any Personal Data subjects disclose directly on the platform itself. Data Subjects bear the sole responsibility for reviewing the privacy policies and adjusting the security and data sharing settings provided by the respective social media entities.

17. Force Majeure

We shall not be considered in breach of this Privacy Policy, nor shall we be liable for any failure to comply with our data processing obligations or for any damage, loss, or expense arising from circumstances beyond our reasonable control.

Force Majeure Events include, but are not limited to, acts of God, war, terrorism, civil commotion, governmental action, epidemics or pandemics (including resulting quarantine or travel restrictions), labor disputes, natural disasters, failure of public services (including telecommunications or internet outages), or any other event that is unforeseen and outside the reasonable control of Triada Designs.

Upon the occurrence of any such event, our performance under this policy shall be suspended for the period that the event continues, and we will make reasonable efforts to mitigate the effect of the Force Majeure Event.

18. Specific Jurisdictional Compliance and Warrants

The parties acknowledge that the processing activities under this Agreement may fall under the purview of specific national data protection and consumer protection legislation outside of the European Economic Area (EEA).

The Service Provider hereby provides the following warrants regarding compliance with specified jurisdictional requirements:

Australian Compliance (ACCC & Privacy Act 1988)

“We comply with the Australian Privacy Principles (APPs) where applicable to users in Australia.”

Where the Service Provider processes Personal Information pertaining to individuals in Australia, the Service Provider warrants that its external-facing privacy documentation (including but not limited to the Privacy Policy) shall comply with the local laws. We comply with the Australian Privacy Principles (APPs) where applicable to users in Australia. For customers in the UAE, data transfers comply with Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data.

This commitment extends to adherence with the APPs set out in Schedule 1 of the Privacy Act 1988 (Cth), including obligations enforced by the Office of the Australian Information Commissioner (OAIC) and requirements relevant to the Australian Competition and Consumer Commission (ACCC).

United Arab Emirates Compliance (PDPL 2022)

For all customers and data subjects located in the United Arab Emirates (UAE), the Service Provider warrants that any processing, transfer, or handling of Personal Data shall comply with the obligations set forth in Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL). For customers in the UAE, data transfers comply with Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data. This includes, but is not limited to, ensuring:

“For customers in the UAE, data transfers comply with Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data.”

The Service Provider shall maintain documentation confirming the legitimate bases and appropriate safeguards for any cross-border transfer of Personal Data originating from the UAE.

United Kingdom Compliance (UK GDPR)

To the extent that the processing activities are subject to the UK General Data Protection Regulation (UK GDPR), and the Service Provider does not have an establishment in the UK while targeting UK data subjects, the Service Provider shall act, in accordance with Article 27 of the UK GDPR: The Service Provider shall maintain a formal UK Representative and include a clause within its Privacy Policy detailing the representative’s identity and contact information for UK customers and the Information Commissioner’s Office (ICO).

19. Third-Party Booking and Payment Platforms

Reservation Fulfillment Disclosure

All reservations, bookings, and availability checks for services offered by Triada Designs (including accommodations, experiences, or consultations requiring scheduling) are handled exclusively via designated third-party booking platforms (e.g., Airbnb, third-party scheduling software).

Payments and Data Disclaimer

Triada Designs does not process or store any financial information, manage payment transactions, or maintain the underlying personal data for these reservations. All such transactional and personal data handling activities are carried out entirely by the respective third-party platform.

Customer Obligation

By initiating a booking, you acknowledge and agree that your relationship concerning payment, data security, cancellation fees, and reservation management is governed solely by the terms, conditions, and privacy policies of the relevant third-party platform. Please refer directly to the applicable platform’s policies for information regarding payment processing, data handling, and dispute resolution related to your reservation.

19.2017. Grievance Officer and Contact Information

If you have any questions about this policy, wish to exercise any of your data protection rights, or have a general privacy-related inquiry, please contact us using the following channels:

Primary Contact (Data Privacy Inquiries / DPO Contact):

Email: privacy@triadadesigns.com

Backup Contact (Legal & Escalation):

Email: legal@triadadesigns.com

For the fastest response to rights requests (such as access, erasure, or rectification), please use the primary contact email provided above.

Grievance Officer: Saswati Soumya Sahu
Address: Triada Designs SRL
Phone: +40 768 407 242
Email: privacy@triadadesigns.com
Hours: Monday – Friday, 10:00 AM – 17 :00 PM (CET)