Last updated: 2026-05-27
This Privacy Policy explains how we collect, use, store, and protect personal data when you visit our website, create an account, place an order, contact us, leave a review, or interact with our marketing and analytics tools.
This policy is written for customers and visitors in the EU/EEA and internationally. We process personal data in accordance with the EU General Data Protection Regulation, GDPR, and applicable Swedish data protection rules.
1. Who we are
This website is operated by Roberto Thanh Dat Ianni.
Website: https://pluralitypaints-tsx76946gm.live-website.com
Address: Gripenbergsgatan 80, Jönköping, Sweden
Email: rtsi2022march@gmail.com
For the purposes of data protection law, Roberto Thanh Dat Ianni is the data controller for the personal data processed through this website and webshop.
2. What personal data we collect
We may collect the following categories of personal data:
Customer and account data
When you create an account, place an order, or request a quote, we may collect:
- Name
- Email address
- Phone number
- Billing address
- Shipping address
- Account login details
- Customer type, such as private customer or business customer
- Company information, where relevant
- VAT or tax information, where relevant
- Order history
- Customer support messages
Order and transaction data
When you buy products from us, we process information about:
- Products ordered
- Order value
- Payment method
- Payment status
- Delivery method
- Delivery tracking information
- Refunds, returns, complaints, and warranty claims
We do not store full card details on our website. Card and payment information is processed by third-party payment providers.
Website and technical data
When you visit the website, we may collect:
- IP address
- Browser type
- Device type
- Operating system
- Referring pages
- Pages visited
- Approximate location based on IP address
- Cookie identifiers
- Security logs
- Login attempts
Reviews, comments, and uploaded content
If you leave a product review or comment, we may collect:
- Name or display name
- Email address
- Review content
- Rating
- IP address
- Browser user agent
If you upload images or other content, metadata such as embedded location data may be included in the file. You should avoid uploading images with embedded location data if you do not want this information to be available.
Marketing and analytics data
If you consent to analytics, advertising, or marketing cookies, we may process information about:
- Website usage
- Product views
- Cart activity
- Purchase events
- Advertising interactions
- Campaign performance
- Cookie and tracking identifiers
This may involve services such as Google Analytics, Google Ads, Google Search Console, Meta/Facebook Pixel, TikTok Pixel, and email marketing tools.
3. Why we process personal data and our legal bases
GDPR requires us to have a legal basis for each processing purpose. The main legal bases are contract, legal obligation, legitimate interest, and consent. GDPR transparency information must include the controller identity, purposes, legal basis, retention periods, recipients, transfers, rights, and complaint rights.
| Purpose | Personal data used | Legal basis |
|---|---|---|
| Process and deliver orders | Name, address, contact details, order details | Contract |
| Create and manage customer accounts | Name, email, login details, order history | Contract / legitimate interest |
| Handle business customer accounts | Name, company details, contact details, order history | Contract |
| Process payments | Order details, payment status, contact details | Contract / legal obligation |
| Provide invoices and bookkeeping | Order data, billing data, transaction records | Legal obligation |
| Ship and deliver products | Name, address, phone, email, delivery details | Contract |
| Customer support | Contact details, messages, order information | Contract / legitimate interest |
| Returns, complaints, and warranty matters | Order data, contact details, case details | Contract / legal obligation |
| Security and fraud prevention | IP address, logs, account activity | Legitimate interest |
| Product reviews | Name/display name, review text, rating | Legitimate interest / consent where required |
| Analytics | Cookie identifiers, usage data | Consent where required |
| Advertising and remarketing | Cookie identifiers, browsing and purchase events | Consent |
| Newsletter and marketing emails | Email address, preferences | Consent or legitimate interest where legally permitted |
4. Orders, accounts, and checkout
Customers may place orders using guest checkout or by creating an account. Business customers are required to create an account so that we can manage business pricing, order history, invoices, and customer communication.
When you place an order, we use your personal data to:
- Confirm the order
- Process payment
- Prepare and ship products
- Provide invoices or receipts
- Communicate about delivery
- Handle returns, complaints, and support
- Comply with tax and accounting obligations
If you create an account, you can view your order history and manage certain account details. You are responsible for keeping your account password confidential.
5. Payments
We may offer payments through Stripe, Klarna, Swish, invoice payment, and cash on delivery in Jönköping.
Payment providers may process your personal data as independent controllers or processors, depending on the payment method and their role. They may process information such as your name, email, billing address, order amount, payment details, fraud prevention data, and transaction information.
We receive information necessary to confirm whether payment was completed, failed, refunded, or disputed. We do not store full payment card details on our website.
For invoice payments, additional identity, billing, and credit-related information may be processed where necessary to issue, administer, or collect the invoice.
6. Shipping and delivery
We may ship orders using DHL, PostNord, our own delivery service, or other shipping providers where necessary.
To deliver your order, we may share necessary delivery information with shipping providers, including:
- Name
- Shipping address
- Email address
- Phone number
- Order reference
- Delivery instructions
- Tracking information
If we deliver products ourselves, we process your address, contact details, and delivery instructions for that purpose.
7. Returns and product restrictions
We process personal data when handling returns, complaints, refunds, and warranty matters.
Some products, including opened paint products, may not be returnable once opened due to their nature, condition, safety, or resale limitations. Where we need to keep records of a return, complaint, refund, or dispute, we may retain relevant personal data to comply with legal obligations and to establish, exercise, or defend legal claims.
8. Product reviews and comments
If product reviews are enabled, customers may submit reviews. Reviews may be displayed publicly together with the name or display name provided.
We may moderate, remove, or refuse reviews that are unlawful, abusive, misleading, spam, or unrelated to the product.
When visitors leave comments or reviews, we may collect the data shown in the form, the visitor’s IP address, and browser user agent string to help spam detection and site security.
9. Cookies and similar technologies
Our website uses cookies and similar technologies.
Necessary cookies
Necessary cookies are used to make the webshop work. These may include cookies for:
- Shopping cart
- Checkout
- Login sessions
- Security
- Fraud prevention
- Cookie consent settings
These cookies are necessary for the website to function and cannot usually be disabled through our website settings.
Analytics and marketing cookies
With your consent, we may use analytics and advertising cookies, including tools such as:
- Google Analytics
- Google Site Kit
- Google Ads
- Google Search Console
- Meta/Facebook Pixel
- TikTok Pixel
- Newsletter or email marketing tools
These tools may help us understand website traffic, improve the webshop, measure advertising performance, show relevant ads, and understand how visitors interact with products and checkout.
Where consent is legally required, we will not use non-essential analytics or advertising cookies unless you have accepted them through our cookie banner or consent tool.
Consent for cookies should be freely given, specific, informed, and unambiguous, and users must be able to withdraw consent.
10. Marketing communications
If you subscribe to our newsletter or agree to receive marketing, we may send you emails about products, offers, updates, and related content.
You can unsubscribe at any time by using the unsubscribe link in the email or by contacting us at:
We do not sell your email address to third parties.
11. Security
We use technical and organisational measures to protect personal data, including SSL/HTTPS, security plugins, access controls, and monitoring for vulnerabilities and suspicious activity.
However, no website or online service can be guaranteed to be completely secure. You should use a strong password and keep your login details confidential.
12. Who we share personal data with
We may share personal data with the following categories of recipients where necessary:
- Web hosting provider
- WordPress and WooCommerce service providers
- Payment providers, including Stripe, Klarna, and Swish-related payment services
- Invoice and accounting service providers
- Shipping providers, including DHL and PostNord
- Email service providers
- Analytics providers
- Advertising platforms
- Security and anti-spam providers
- IT support providers
- Authorities, courts, or legal advisers where required by law or necessary to protect legal rights
We only share the personal data necessary for each purpose.
13. International transfers
Some service providers, such as analytics, advertising, payment, hosting, or email providers, may process personal data outside the EU/EEA.
Where personal data is transferred outside the EU/EEA, we rely on lawful transfer mechanisms, such as:
- An adequacy decision by the European Commission
- Standard Contractual Clauses
- Other legally accepted safeguards
14. How long we keep personal data
We keep personal data only for as long as necessary for the purposes described in this policy, unless a longer retention period is required or permitted by law.
Typical retention periods are:
| Data type | Retention period |
|---|---|
| Customer account data | Until the account is deleted, unless we must keep certain data for legal reasons |
| Order and invoice records | As long as required for accounting, tax, and legal obligations |
| Customer support messages | As long as necessary to handle the matter and protect legal rights |
| Reviews | Until removed by us or where deletion is required |
| Security logs | For a limited period needed for security and fraud prevention |
| Marketing consent records | As long as needed to prove consent or until withdrawn |
| Analytics data | According to the retention settings of the analytics tool |
| Cookie consent records | As long as needed to manage and document consent |
If you request deletion, we will delete personal data where legally possible. However, we may need to keep certain information where required by law, for bookkeeping, tax compliance, dispute handling, fraud prevention, or legal claims. IMY notes that deletion rights have exceptions, including where continued processing is necessary to comply with legal obligations or defend legal claims.
15. Your rights
Depending on the circumstances, you have the right to:
- Request access to your personal data
- Request correction of inaccurate personal data
- Request deletion of personal data
- Request restriction of processing
- Object to processing based on legitimate interests
- Object to direct marketing
- Request data portability
- Withdraw consent at any time, where processing is based on consent
- Lodge a complaint with a data protection authority
To exercise your rights, contact us at:
We may need to verify your identity before responding to a request.
16. Right to complain
If you believe that we process your personal data incorrectly, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection, Integritetsskyddsmyndigheten, IMY. IMY provides a complaint process for individuals who believe their personal data has been processed incorrectly.
You can also contact the data protection authority in your own EU/EEA country.
17. Children
Our webshop is not intended for children. We do not knowingly collect personal data from children for marketing purposes. If you believe that a child has provided us with personal data, please contact us so that we can review and delete the information where appropriate.
18. Changes to this policy
We may update this Privacy Policy from time to time. The latest version will always be available on this page. If we make significant changes, we may notify customers through the website or by email where appropriate.
Very important edits before publishing
Who we are
Suggested text: Our website address is: https://pluralitypaints-tsx76946gm.live-website.com.
Comments
Suggested text: When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.
Media
Suggested text: If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Cookies
Suggested text: If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Suggested text: Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
Who we share your data with
Suggested text: If you request a password reset, your IP address will be included in the reset email.
How long we retain your data
Suggested text: If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
Suggested text: If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.