Privacy Policy

This Privacy Policy describes how your personal information is collected, used, and shared when you visit or make a purchase from eu.thefinesource.com (the “Site”).

Who We Are (Data Controller)

The data controller responsible for your personal data is Attilus GmbH, a company registered in Germany (Amtsgericht Stendal) under HRB 21846, with registered office at Gewerbepark 22, 06917 Jessen, Germany.

This Privacy Policy should be read in conjunction with our Website Terms of Use, Cookie Policy, and Terms & Conditions.

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us at hello@thefinesource.com.

Personal Information We Collect

When you visit the Site, we automatically collect certain information about your device, including your web browser, IP address, time zone, and some of the cookies installed on your device. As you browse, we collect information about the web pages or products you view, what referred you to the Site, and how you interact with the Site (Device Information).

We collect Device Information using the following technologies:

• Cookies — data files placed on your device that often include an anonymous unique identifier.
• Log files — track actions occurring on the Site and collect data including your IP address, browser type, internet service provider, and date/time stamps.
• Web beacons, tags and pixels — electronic files used to record information about how you browse the Site.

Additionally, when you make a purchase or attempt to make a purchase through the Site, we collect your name, billing address, shipping address, payment type, email address, and phone number (Order Information). We do not store full credit card details — all online payments are processed by PCI-compliant third-party providers such as Shopify Payments and PayPal.

When you subscribe to our newsletter, we collect your name and email address. This information is processed using Klaviyo, our email marketing platform. You may unsubscribe at any time using the link provided in our emails.

Legal Basis for Processing Personal Data

Under the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG), we rely on the following lawful bases:

• Contractual necessity — where processing is necessary to perform a contract with you (e.g. when you place an order).
• Legal obligation — where we are required to comply with legal or regulatory obligations, including tax, accounting, fraud prevention, food safety, and consumer protection laws.
• Legitimate interests — where processing is necessary for our legitimate business interests, including operating and improving our Site, preventing fraud, and conducting marketing activities, provided those interests are not overridden by your rights.
• Consent — where you have given clear consent, including for email marketing communications and non-essential cookies. You may withdraw your consent at any time.

How Do We Use Your Personal Information?

We use the Order Information we collect generally to fulfil any orders placed through the Site (including processing payment, arranging shipping, and providing invoices and order confirmations). We also use this information to communicate with you, screen orders for potential risk or fraud, and provide you with information or advertising relating to our products or services where you have opted in.

We use Device Information to help us screen for potential risk and fraud (in particular, your IP address), and more generally to improve and optimise our Site.

Sharing Your Personal Information

We share your Personal Information with third parties to help us use your Personal Information as described above. For example:

• Shopify — we use Shopify to power our online store. You can read more about how Shopify uses your Personal Information at https://www.shopify.com/legal/privacy.
• Courier companies — we share your delivery details with Royal Mail, DPD, APC, Street Stream and others as necessary for delivery of the goods.
• Analytics and advertising platforms — including Google Analytics, Meta (Facebook, Instagram), and TikTok. We also use providers for accounting purposes such as Xero and Quickbooks.
• Klaviyo — for email marketing and automation.

We may also share your Personal Information to comply with applicable laws and regulations, to respond to a lawful request for information, or to otherwise protect our rights.

You can opt out of Google Analytics using the following link: https://tools.google.com/dlpage/gaoptout

Behavioural Advertising

We use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. You can opt out of targeted advertising by visiting:

• Facebook: https://www.facebook.com/settings/?tab=ads
• Google: https://www.google.com/settings/ads/anonymous
• Digital Advertising Alliance: http://optout.aboutads.info/

Links to Other Websites

Our Site may include links to third-party websites. We do not control and are not responsible for the privacy practices, security, or content of those external websites. You should review their privacy policies before providing any personal data.

Your Rights

Under the GDPR, you have the right to access, correct, or request deletion of your personal data, to restrict or object to processing, and to data portability. You also have the right to lodge a complaint with the competent data protection supervisory authority in your country of residence within the European Union, if you believe we have not handled your personal data in accordance with applicable data protection law.

To exercise any of these rights, please contact us at hello@thefinesource.com. We will respond to all legitimate requests within one month.

Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, tax, or regulatory requirements.

• Order Information is retained for a minimum of six (6) years to comply with UK tax and accounting obligations.
• Marketing data (such as newsletter subscriptions) is retained until you withdraw your consent or unsubscribe.
• CCTV recordings are retained for a limited period (typically no longer than 30 days) unless required for investigation or legal purposes.

Changes

We may update this Privacy Policy from time to time in order to reflect changes to our practices or for other operational, legal or regulatory reasons.

Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us at: hello@thefinesource.com