PRIVACY AND COOKIE POLICY

1. Definitions and interpretation

1.1. www.jocosa.com is a website (hereinafter referred to as the "Website") operated by JOCOSA LIMITED, a private limited liability company duly registered in accordance with the Laws of Malta, bearing company registration number C 103600, and having its registered address situated at 183, Argali House, Triq il-Fortizza, Mosta MST 1858, Malta (hereinafter referred to as the "Company").

1.2. The below terms shall have the following meaning for the purposes of this Privacy and Cookie Policy (hereinafter referred to as the "Policy"):

1.2.1. "Data Subject" shall refer to an identifiable person who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity;

1.2.2. "Personal Data" shall mean any information relating to a Data Subject;

1.2.3. "Data Controller" shall refer to the Company, which shall process Personal Data as outlined in this Policy;

1.2.4. "User/s" shall refer to any person/s who access the Website;

1.2.5. "Cookies" are small text files that the Website stores on your computer or mobile device when you visit the Website. Cookies enable the Website to remember Users' actions and preferences (such as login, language, font size and other display preferences) over a period of time, so Users don't have to keep re-entering them whenever they come back to the Website or browse from one page to another. Upon accessing the Website, users shall be shown a pop-up window which shall provide them with the option of accepting or declining the use of Cookies when accessing and using the Website;

1.2.6. "we" shall refer to the Company and/or Website.

2. Personal data collected

2.1. Users may use the Website both as guests and may also register for an account through the Website (hereinafter referred to as "Registered Users"). Registration is optional and allows Registered Users to access areas of the Website which are limited to such users and are not available to Users who access the Website as guests, such as order history, wish list, status and details of current orders, saved personal details (such as delivery addresses) and manage returns.

2.2. Registered Users may also optionally, and explicitly, grant consent for their card details to be saved and automatically for future use. Such consent may also be granted with regard to other current and future payment methods, including automatic payment methods.

2.3. The Personal Data collected by the Website inter alia includes:

2.3.1. Data collected through the use of Cookies on the way Users browse and utilize the Website including the website from which Users accessed the Website (also known as the site of origin), the pages accessed, and any other actions carried out on the Website. Such data collection takes place irrespective of whether Users are Registered Users or not.

2.3.2. Personal Data provided by Users when registering for an account on the Website or when signing up for the receipt of marketing communications. Such data shall inter alia include the Users' name, surname, date of birth, gender and email address. In order to register as a Registered User on the Website, Users must fill out an online form, which shall contain the abovementioned data together with other details. It should be noted that the form will have compulsory fields, which shall be identified by an asterisk (*), and Users will not be able to register for an account unless these fields are duly filled in. Registered Users may delete their account and revoke their express consent at any given time.

2.3.3. Personal data relating to Users' purchasing activity including the products purchased, colour, size and price of products purchased, billing and delivery addresses, country of residence, social media ID (if Users log in using a social media account), bank card details, contact details and payment information.

2.3.4. Other data which may be collected by the Website may include the following:

2.3.4.1. Transaction Data which includes information such as: details of Users' purchases and the fulfilment of orders (such as basket number, order number, subtotal, title, currency, discounts, shipping, number of items, product number, single item price, category, tax etc.); payments to and from Users and details of other products and services you have obtained from the Company and/or Website, correspondence or communications with Users in respect of orders, and details of any rewards and bonuses awarded.

2.3.4.2. Technical Data which includes information such as: details of the device(s) Users use to access the Website, telephone/mobile number, Users' internet protocol (IP) address, login data, username and password, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform.

2.3.4.3. Profile Data which includes information such as purchases or orders made by Users, product and style interests, preferences, feedback, and survey responses.

2.3.4.4. Usage Data which includes information such as how and when Users use the Website, how they moved around it, what they searched for; Website performance statistics, traffic, location, weblogs and other communication data.

2.3.4.5. Marketing and Communications Data which includes information such as Users' preferences in receiving marketing from the Website and/or Company and third parties and Users' communication preferences.

3. How data is collected

3.1. Most of the data collected by the by the Website is provided by Users themselves when engaging with the Company through the Website or any other of its online resources, in the following ways:

3.1.1. Direct Interactions: This refers to information obtained through Users filling out forms (such as when registering for an account or placing an order), entering information online, by corresponding with the Website and/or Company via email post, phone, or otherwise, logging onto the Website via social media accounts, subscribing to the Website's newsletter, discussion boards, social media portals or creating wish lists, etc.

3.1.2. Automated Technologies or Interactions: As Users interact with the Website, it may automatically collect Technical Data (as defined above) about Users' equipment, Usage Data about Users' browsing actions and patterns, and Contact Data where tasks carried out via the Website remain uncompleted, such as incomplete orders or abandoned baskets. This data is collected by using Cookies, server logs and other similar technologies.

3.1.3. Third Parties: The Website may receive Personal Data from third parties in the following manners:

3.1.3.1. Identity and contact data from other Users/individuals when purchasing gift cards and/or placing orders which are marked as ‘gifts'.

3.1.3.2. Technical Data from third parties including analytics providers such as Google and from affiliate networks through whom Users would have accessed the Website.

3.1.3.3. Identity and contact data from social media platforms when Users log in to the Website suing such platforms. Such data may also be collected from third parties, including organisations such as law enforcement agencies, associations and groups who share data for the purposes of fraud prevention and detection as well as credit risk reduction.

3.1.3.4. Contact, financial and transaction data from providers of technical, payment and delivery services.

4. How data is used and processed

4.1. Personal Data shall be processed in accordance with the Laws of Malta and the General Data Protection Regulation¹.

4.2. Personal Data is strictly processed depending on the manner in which it is obtained. We shall strictly collect Personal Data from Users only when absolutely necessary. Personal Data shall be processed as follows when collected for the below reasons:

4.2.1. Registration: we process the Personal Data provided by Users in the online registration form (name, surname, email address and date of birth) to manage your registration on the Website and for the subsequent management of your account as a Registered User (i.e. the My Account section of the Website); this activity also includes the sending of emails concerning the registration process. The processing of your Personal Data is required to comply with your request to register on the Website.

4.2.2. Management of orders online: We process the Personal Data provided by Users when they place a purchase order (e.g., name, surname, email address, shipping address, billing address, mobile phone number and payment information and data), for the purposes of processing such orders (including the delivery of purchased products, handling communications with customer services, and any refunds or returns). The processing of this Personal Data is required for us to carry out the contracts the User is party to.

¹ Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data

4.2.3. Unfinished purchase reminder: We process the Personal Data provided by Users (for example, name, surname, email address), when using the Website to remind customers who have begun but not completed the purchase process for an order on the Website or to offer you discounts or promotions for an order that has not been completed. The legal basis for such processing is the performance of the contract between the parties. If you do not wish to receive these communications, you can notify us at any time by using the addresses in the "Contact" section of this Privacy Policy or by using the link on the email communication you receive. The Company will stop sending you such communications immediately.

4.2.4. Payment Method: We process your Personal Data relating to payments made by Users (e.g. credit card number, expiry date and security code) to verify that the information Users have provided to complete the transactions, is complete, valid, accurate and not fraudulent in nature. The processing of such Personal Data is necessary for the purposes of performing the contract and to ensure that transactions are carried out correctly.

4.2.5. Profiled Marketing: We process Users' Personal Data to send marketing communications, where you have given your consent, about our products, promotions and events, including profiling you based on information Users would have provided (e.g. shipping address, gender) or Users' online and offline interactions with the Website and/or Company (for example, purchasing habits). Such communications may be sent by email, text message, instant messaging or paper mail.

4.2.5.1 We process your Personal Data to send marketing communication ("light marketing profiled"), under our legitimate interest, concerning an abandoned cart (a customer who starts a checkout process for an online order but drops out of the process before completing the purchase). The e-mail communication acts as a reminder to consumers who may haven't completed the purchase process.

4.2.6. Web Push Notifications: We process your Personal data to send notifications, including personalised ones, about Company products and business news, where you have given your consent. Personalised communications may be carried out based on how you browse and use the Website and thus also via means of data obtained from profiling cookies, where Users have given their consent. The categories of Personal Data that are used for this purpose are: products purchased, viewed or added to Users' cart (also for the purposes of reminding Users of uncompleted purchases); registration data, information about Users device and the browser that you used.

4.2.7. Internal Statistics: We process aggregate statistics based on the processing of the Personal Data of our Users and customers to guide our business choices. These activities are carried out on the legal basis of legitimate interest.

4.2.8. Social Network Advertisements: If Users give us their consent, we will disclose their email address to social networking sites (for example, Facebook and Instagram), which will check whether Users are registered. In this way, via the use of banners, it will be possible to show advertisements relating to Company products (which could interest Users) when they use the services of such third party websites.

4.2.9. Customer Service: We process your Personal Data that are strictly necessary for the purposes of managing and responding to requests made by Users to our Customer Services team; to this end, Users' consent is not required as the processing of their Personal Data is required to fulfil their requests in performance of the contract. Requests are handled via email on info@jocosa.com.

4.2.10. Customer Satisfaction Evaluation: the company will invite you to express a level of satisfaction regarding the support received from our Customer Service team and your shopping experience. This processing is carried out on the basis of legitimate interest.

4.2.11. Legal Obligations: we may need to process your Personal Data in order to adhere with applicable legal obligations (for example, tax and administrative laws and regulations).

4.2.12. Defence of Business Interests: We may need to process Users' Personal Data, when required, to handle any claims, legal disputes or compensation claims, on the basis of our legitimate interest in protecting our business interests.

4.2.13. Communications regarding Products or Services from Similar Categories: We may use the e-mail address provided by the customer as a (registered or non-registered) User for the sending of communications regarding products or services from categories similar to those purchased (e.g. promotions) or as a reminder to those who may haven't completed the purchase process (abandoned cart).

5. Cookies

5.1. The Website uses the below essential cookies which Users may not opt to switch these cookies off. They are set in response to actions made by Users, such as setting Users' privacy preferences, logging in, or filling in forms. The essential cookies used by the Website are:

5.1.1. Session Cookies: To manage your session on our website;

5.1.2. Timezone: To adjust the content according to your timezone;

5.1.3. Machine Identifier and Private Machine Identifier Cookies: Security tokens to identify the machine and private machine, enhancing our website's security;

5.1.4. Stripe Orig Props and Site Auth: For processing payments and authentication via Stripe;

5.1.5. CSRF: To prevent cross-site request forgery (CSRF), ensuring secure browsing.

5.2. The Website also makes use of optional marketing cookies which are used to track visitors across websites to display ads that are relevant and engaging for the User. They help the Company to understand Users' interests and show Users relevant advertising on third-party sites. The marketing cookies used by the Website inter alia include:

5.2.1. Google Advertising and Google Analytics: For advertising and site analytics;

5.2.2. Facebook Pixel: To measure, optimize, and build audiences for advertising campaigns;

5.2.3. Twitter Advertising: Enables tracking and targeting for Twitter ad campaigns to reach users who have visited our website;

5.2.4. LinkedIn Insights and Ads: Helps in tracking conversions, retargeting website visitors, and gaining insights about LinkedIn members interacting with our ads;

5.2.5. AdRoll Pixel: Provides retargeting for users who have visited our website to display personalized ads across different platforms and websites;

5.2.6. Pinterest Tag: Tracks actions taken on our website to measure the effectiveness of Pinterest ads and to create targeted ads;

5.2.7. Instagram Advertising: Utilizes cookies to deliver advertisements more relevant to your interests, based on your activity on Instagram and other sites;

5.2.8. Snapchat Pixel: Tracks user behavior to measure the effectiveness of Snapchat ad campaigns and to target ads based on users' interactions with the site;

5.2.9. TikTok Pixel: For tracking conversions, optimizing ad campaigns, and retargeting users across TikTok platforms;

5.2.10. Google DoubleClick: Cookies are used to manage Google's ad services across the web and to tailor the advertising to user preferences and behavior;

5.2.11. Crisp Chat: A customer service tool that uses cookies to provide live chat functionality, enhancing customer support and engagement on our website.

5.3. Users have the right to decide whether to accept or reject cookies and may set and amend their web browser controls according to their preference. If users reject the use of cookies, they may still access and use the Website however, some features or functions may be limited.

5.4. Users can also control and/or delete cookies. Users can delete all cookies that are already on their device and can also prevent the use of cookies. The latter feature is available on most websites. If this is done, however, users may have to manually adjust some preferences each time the Website is accessed, and some services and functionalities may be unavailable.

6. Recipients of personal data and their location

6.1. Personal Data, may be transferred to — and maintained on — computers located outside of Users' state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of Users' jurisdiction.

7. Duration of personal data storage

7.1. Personal Data shall be retained by the Company for as long as a Registered User has an active account with the Website or for as long such Personal Data is required for the rendering of services to Users, such as the completion of an order placed through the Website, for unregistered Users, including the periods required to provide customer support related services.

7.2. In certain cases, we may keep hold of some of Users' Personal Data after the closure of a User's account, or it is no longer needed to provide the services to a User. This type of situation may arise if a User's details are needed to meet legal or regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our Terms and Conditions.

7.3. Unless any of the situations mentioned in Clause 7.2 of this Policy arise, Users' Personal Data shall be retained strictly for the period absolutely necessary and for the purpose such Personal Data has been stored. Personal Data shall be stored for the periods outlined below:

• 7.3.1. for the purposes of managing Registered Users' personal account, until the account is deleted;
• 7.3.2. for the purposes of managing purchase orders, for non-registered Users, for the period strictly required to permit delivery of the purchased products and manage any returns or refunds;
• 7.3.3. for the purpose of reminding a customer who has initiated but not completed check out for an order on the Website or to offer discounts or promotions relating to an order that has not been completed, thirty (30) days from when an item is added to the cart;
• 7.3.4. for the purposes of verifying that the Personal Data provided for completing transactions is complete, valid, accurate and not fraudulent in nature for six (6) months;
• 7.3.5. for the purposes of marketing, until consent is withdrawn;
• 7.3.6. for profiling purposes, until consent is withdrawn;
• 7.3.7. for the purposes of statistical processing, until the account is deactivated/deleted or at the request of the Data Subject;
• 7.3.8. for the purposes of disclosing a User's email address to social networking sites (for example, Facebook and Instagram) and displaying advertisements relating to Company products, until consent is withdrawn;
• 7.3.9. for the purposes of managing and replying to User requests relating to customer services, for a period not exceeding eighteen (18) months following the response or processing of the User's requests;
• 7.3.10. for the purposes of evaluating customer satisfaction for a period no longer than eighteen (18) months after your responses have been gathered;
• 7.3.11. for the purposes of complying with legal obligations (for example, tax and administrative laws) for the period strictly required to comply with applicable legal obligations and requirements;
• 7.3.12. for the purposes of handling complaints or legal actions/proceedings for the period strictly required to handle such complaints or actions or to engage in litigation and, in any case, for a period no longer than the limitation or prescription applicable;
• 7.3.13. for the purpose of sending communications regarding products or services from categories similar to those purchased, so long as you do not object.

8. Protective measures

8.1. The Company has adopted the appropriate security measures to help protect users from and against the loss, misuse, unauthorised access or alteration of their Personal Data. In this regard, Users are encouraged not to share their password to maintain confidentiality.

8.2. We will take all the steps reasonably necessary to ensure that Personal Data is treated securely and in accordance with this Policy and no transfer of Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of Personal Data.

9. User rights

9.1. At any time, Users have the right to exercise the following rights:

9.1.1. Access: Users can request access to their Personal Data at any time and we will strive to inform you of whether Users' Personal Data is being processed and for what purposes, as well as to provide details of the categories of Personal Data concerned, the recipients of such Data and the relevant retention or storage period (we shall also provide Users with a copy of their Personal Data on request);

9.1.2. Rectification: If any of Users' Personal Data stored or collected by us are incomplete or inaccurate, Users may request their correction or completion at any time and they may, in any case, directly rectify the credit card data we have stored, as well as other payment methods.

9.1.3. Cancellation: Users may request the cancellation of their account as a Registered User or, in any case, request the cancellation of their Personal Data, including credit card data and other payment methods used to make online purchases, if it is no longer strictly necessary to keep them in connection with the purposes for which they were collected. However, we are obliged to keep track of certain information, such as, by way of example, previous purchases and similar information, to comply with applicable legal requirements and, for this reason, in some circumstances we may not be able to delete or erase Users' Personal Data in full.

9.1.4. Restriction: Under certain circumstances, Users may request that we restrict the way we process Users' Personal Data (i.e., request that we continue to store Users' Personal Data, yet do not process it without their prior consent). These conditions include the following cases:

9.1.4.1. When Users believe that the Personal Data stored is inaccurate or incomplete, the processing of said data may be restricted until it is corrected;

9.1.4.2. When Users believe that the Personal Data stored is inaccurate or incomplete, the processing of said data may be restricted until it is corrected;

9.1.4.3. When Users object to the processing (on legal grounds that such objection is required for public interest or for our legitimate interests), such processing may be restricted until it is determined whether such legal grounds take precedence over Users' interests;

9.1.4.4. Where the processing is unlawful or illegitimate, yet Users object to the erasure of their Personal Data and instead request the restriction of its use; and

9.1.4.5. Where it is no longer necessary to retain Users' Personal Data, yet such Users require the Personal Data to undertake, exercise their rights in or defend a legal claim, processing may be restricted.

9.1.5. Objection: Where Users' Personal Data is processed in pursuit of the company's legitimate interest, such Users may object to such processing on grounds relating to the User's specific situation.

9.1.6. Portability: Users may request that we send their Personal Data to them in a structured electronic format that is commonly used and can be read/recognised by computers or electronic means and may also request that we transmit Users' Personal Data directly to another data controller, when technically feasible.

9.1.7. Withdrawal of Consent: Where Users have given their consent to the processing of Personal Data, they can decide to withdraw their consent at any time. Withdrawal of consent shall not invalidate any processing based on content that occurred prior to withdrawal.

10. Changes to privacy policy

10.1. This Policy came into force on the 11.03.2024 and is the first version to be published. The Policy is subject to change in accordance with any updates and/or changes in applicable laws and regulations, so Users are encouraged to review the Policy on a regular basis. The Company however warrants to advise its Registered Users via email and/or notice on the Website itself upon any changes made to the Policy.

11. Use of website by minors

11.1. The Website is intended for Users who are sixteen (16) years of age or older only. Registration on the Website and subscription to the newsletter are only available to Users over the age of sixteen (16).

11.2. The Website may also incorporate plugins and/or buttons for social networks in order to allow the easy sharing of content on your favourite social networks. These plug-ins are programmed so as not to install any cookies when Users access the page in order to safeguard User privacy. If established by the social networks, cookies will only be installed when Users make effective and voluntary use of the plugin. Please note that if Users browse while they are logged in to the social network, they have already consented to the use of cookies through this website when you signed up to the social network. The collection and use of the information obtained via the plugins is governed by the respective privacy policies of the social networks, to which we recommend Users refer.

12. Contact

12.1.Queries in relation to this Policy, data processing or any privacy matters in relation to the Website should be communicated via email to info@jocosa.com.