1. Controller Identity
Hanami (“we,” “our,” “us”) operates hanami.al. We determine how and why your personal data is processed.
Contact:
Email:
Address:
2. Data We Collect
2.1 Information You Provide
- Account Data: Name, email address, password, phone number
- Transaction Data: Billing address, shipping address, payment information
- Communication Data: Messages, inquiries, support requests, reviews
- Profile Data: Preferences, wish lists, purchase history
2.2 Automatically Collected Data
- Technical Data: IP address, browser type, device information, operating system
- Usage Data: Pages viewed, time spent, click patterns, referral source
- Cookie Data: Session identifiers, preferences, tracking tokens
2.3 Third-Party Data
- Payment processors provide transaction confirmation
- Shipping carriers provide delivery status
- Marketing platforms provide campaign performance metrics
3. Legal Basis for Processing
We process your data under:
- Contract Performance: To fulfill orders and provide services
- Legal Obligation: Tax, accounting, consumer protection compliance
- Legitimate Interest: Fraud prevention, business analytics, marketing to existing customers
- Consent: Marketing communications, non-essential cookies (withdrawn at any time)
4. How We Use Your Data
- Process and fulfill orders
- Communicate order status and shipping updates
- Process payments and prevent fraud
- Provide customer support
- Send transactional emails (order confirmations, shipping notifications)
- Send marketing communications (with consent)
- Improve Platform functionality and user experience
- Analyze trends and usage patterns
- Comply with legal obligations
- Enforce Terms and Conditions
5. Data Sharing
We share data with:
5.1 Service Providers
- Payment Processors: To process transactions
- Shipping Carriers: To deliver orders
- Hosting Providers: To operate the Platform
- Email Services: To send communications
- Analytics Platforms: To understand usage patterns
5.2 Legal Disclosures
We disclose data when required by:
- Court orders or legal process
- Government investigations
- Protection of our rights or property
- Prevention of illegal activity
5.3 Business Transfers
If we merge, sell, or transfer assets, your data may transfer to the successor entity.
We do not sell your personal data to third parties.
6. International Transfers
Your data may be transferred to and processed in countries outside Albania. We ensure adequate protection through:
- Standard contractual clauses
- Adequacy decisions by competent authorities
- Your explicit consent
7. Data Retention
- Account Data: Retained while your account is active, then 30 days after closure
- Transaction Data: 10 years for tax and accounting compliance
- Marketing Data: Until consent is withdrawn
- Technical Data: 24 months
- Support Communications: 3 years
We delete or anonymize data when no longer necessary.
8. Your Rights
Under Albanian and EU data protection law, you have:
8.1 Access
Request copies of your personal data.
8.2 Rectification
Correct inaccurate or incomplete data.
8.3 Erasure
Request deletion when data is no longer necessary (subject to legal retention obligations).
8.4 Restriction
Limit processing in specific circumstances.
8.5 Portability
Receive your data in a structured, machine-readable format.
8.6 Objection
Object to processing based on legitimate interests or for direct marketing.
8.7 Withdraw Consent
Revoke consent for processing that requires it (does not affect prior lawful processing).
8.8 Lodge Complaint
File a complaint with the Albanian Data Protection Commissioner or your local supervisory authority.
Exercise Rights: Contact us at [insert email]
9. Cookies and Tracking
9.1 Cookie Types
- Essential: Required for Platform operation (cannot be disabled)
- Functional: Remember preferences and settings
- Analytics: Measure traffic and behavior
- Marketing: Track campaigns and deliver targeted content
9.2 Cookie Management
Manage cookie preferences through:
- Browser settings
- Our cookie consent banner (for non-essential cookies)
- Opt-out links in marketing emails
9.3 Third-Party Cookies
We use:
- Google Analytics (web traffic analysis)
- Facebook Pixel (advertising performance)
- [Insert other tracking technologies]
Third parties have their own privacy policies.
10. Security Measures
We implement:
- SSL/TLS encryption for data transmission
- Secure password hashing
- Access controls and authentication
- Regular security assessments
- Employee confidentiality obligations
No method is 100% secure. We cannot guarantee absolute security.
11. Children’s Privacy
The Platform is not intended for users under 18. We do not knowingly collect data from minors. If we discover such collection, we delete it immediately.
12. Marketing Communications
With consent, we send:
- Product recommendations
- Promotional offers
- Newsletter content
Opt-Out: Use unsubscribe links in emails or contact us directly.
13. Automated Decision-Making
We do not use automated processing or profiling that produces legal effects or significantly impacts you.
14. Data Breach Notification
If a breach occurs that risks your rights and freedoms:
- We notify the supervisory authority within 72 hours
- We notify affected individuals without undue delay
- We describe the breach, consequences, and mitigation measures
15. Third-Party Links
The Platform may link to external sites. We are not responsible for their privacy practices. Review their policies independently.
16. Changes to This Policy
We update this Policy as needed. Changes are effective upon posting. Material changes will be communicated via:
- Email notification
- Prominent Platform notice
Continued use after changes constitutes acceptance.
17. Applicable Law
This Policy is governed by:
- Albanian Law on Personal Data Protection
- EU General Data Protection Regulation (GDPR) where applicable
- Albanian consumer protection legislation
18. Contact and Complaints
Data Protection Inquiries:
Email:
Address:
Supervisory Authority:
Commissioner for the Right to Information and Protection of Personal Data
Address: Blvd. “Bajram Curri”, Nr. 6, Tiranë, Albania
Website: idp.al
19. Language
In case of conflict between translations, the Albanian version prevails.