Privacy Policy

  

1.     Data Controller

The data controller for personal data is Ana Martins Mendes Matias, with tax identification number 239646312, and registered office at Rua Doutor Silvestre Falcão nº1, 1º dto, 8800-412 Tavira, Portugal.
Contact details for privacy and data protection purposes are provided in the "Data Subject Rights" section of this Privacy Policy.

2. Platform Used

Matissa's online store is developed on an e-commerce platform that ensures the technical infrastructure, hosting, order processing, and payment management securely and in compliance with legal data protection requirements.

To ensure a smooth, personalised browsing experience tailored to user preferences, additional functionalities provided by external providers may be used, namely for:

• Optimising website performance and navigation;
• Managing wish lists and stock replenishment notifications;
• Collecting and displaying customer reviews and ratings;
• Analysing browsing behaviour for statistical purposes and continuous improvement;
• Supporting the personalisation of communication and marketing campaigns, whenever consented by the user.

The aforementioned service providers act on behalf of and for Matissa, committing to comply with the provisions of the General Data Protection Regulation (GDPR), as well as other applicable legislation regarding personal data protection. Whenever necessary, Matissa enters into sub-contracting agreements with these providers, ensuring adequate levels of security and confidentiality.

3. Purposes of Personal Data Processing

Personal data collected by Matissa within its commercial activity are processed for specific, explicit, and legitimate purposes, including:

a) Order management and contractual execution

Data provided by customers is used for registering, processing, invoicing, and shipping orders placed through the online store. This processing also includes managing returns, exchanges, refunds, and customer support, whenever necessary for the proper execution of the purchase and sale contract.

This also includes the collection, transmission, and use of personal data (name, address, email, and telephone contact) for the purposes of sending, tracking, and delivering the order, as well as for any contacts with the customer regarding incorrect addresses or re-shipments.

b) Payment processing
Payment processing is carried out through duly contracted external platforms, which may include bank card operators, digital wallets, deferred payment solutions, or ATM reference payments.

Matissa offers payment methods such as Klarna, MB WAY, Multibanco, Visa, Mastercard, Maestro, American Express, PayPal, Google Pay, and Apple Pay.

Whenever the functionality is available, the customer may choose to save their payment details with the respective provider, subject to their explicit consent. Matissa does not directly store any sensitive payment card data.

In the case of using Matissa Gift Cards, usage and balance data are managed automatically on the platform and associated with the issue code. The Gift Card is valid for 1 year, and in case of returns, the refund will be credited to the same card, within its respective validity period.

c) Communication with customers
Data may be used for contacting customers, namely to clarify doubts, respond to information requests, or handle complaints related to orders, products, or services provided.

d) Direct marketing and promotional communications
Based on the customer's prior and explicit consent, Matissa may send commercial and promotional communications, such as newsletters, campaigns, or notifications about new products and offers, via email or other electronic channels. The customer may, at any time, withdraw their consent through the mechanisms provided for this purpose.

e) Personalisation of browsing experience
Matissa may use browsing behaviour analysis technologies to adapt the user experience on the site, based on their interests, viewing history, or previously demonstrated preferences. The purpose of this processing is to improve content presentation, product offerings, and the overall user experience.

f) Management of ratings and comments
Matissa may collect and publish opinions and ratings voluntarily submitted by customers after product purchase, with the aim of promoting transparency and sharing experiences with other users. Ratings may be subject to prior moderation to ensure compliance with conduct and website usage rules.

g) Statistical purposes and continuous improvement
Usage and interaction data with the online store may be used in an aggregated and anonymous form for statistical purposes, performance analysis, feature optimisation, and the development of new services or products.

h) Compliance with legal obligations
Matissa may process personal data collected for the purpose of complying with legal and fiscal obligations, as well as responding to legitimate requests from judicial or administrative authorities, whenever applicable.

i) Data of minors
The Matissa store is exclusively for individuals over 18 years of age. Data from minors are not intentionally collected. If any involuntary collection is detected, the data will be promptly deleted.

j) Management of Exchanges, Returns, and Refunds

Within the scope of the sales contract, we process the personal data provided (such as name, address, email, order number, IBAN) for the purposes of:

• processing requests for item exchanges or returns;
• validating the conformity of returned products;
• communicating data for refunding amounts paid;
• resolving logistical incidents related to returns.

This processing is based on Article 6(1)(b) of the GDPR (performance of a contract), and the data may be retained for the period necessary to manage the process, and may be kept for up to 6 years for contractual proof or compliance with legal obligations.

k) Management of Contests and Promotional Initiatives

When participating in contests promoted by Matissa, data such as username, image, and caption of posts submitted on social media may be processed.

The data will be used exclusively for the purposes of:

• Evaluation of entries;
• Contest management and prize awarding;
• Winner announcement and reposting of content on Matissa's official channels;
• Conducting public votes in case of a tie.

The processing is based on the consent given by the participant when submitting their public entry. The participant may request the removal of their publication or image at any time, understanding that this may imply the exclusion of the entry.

4. Legal Basis for Personal Data Processing

Personal data processing by Matissa is based on the legal grounds provided for in the General Data Protection Regulation (GDPR), according to the purpose of the processing. The main applicable legal bases are as follows:

a) Performance of a contract or pre-contractual steps
Processing is necessary for the conclusion and performance of the sales contract between the customer and Matissa, including:
– customer account registration and management;
– order processing, invoicing, and shipping;
– returns, exchanges, and refunds management;
– customer support.

b) Compliance with legal obligations
Processing is necessary for compliance with legal obligations to which Matissa is subject, namely tax and accounting obligations and responding to competent authorities.

c) Data subject's consent
Certain processing activities, such as those related to contests, sending promotional communications, and personalizing the browsing experience, are based on the data subject's prior, free, informed, and explicit consent. The data subject may withdraw this consent at any time, without affecting the lawfulness of processing carried out until that date.

d) Matissa's legitimate interest
Matissa may process certain data based on its legitimate interest, namely to:
– prevent fraud and abuse in the use of the online store;
– improve website experience and usability;
– ensure network and information security;
– conduct aggregated statistical analyses for business management.
This processing will always be carried out in a balanced manner, ensuring that the fundamental rights and freedoms of data subjects do not override this legitimate interest.

5. Recipients of Personal Data

Matissa may transmit its customers' personal data to third parties, exclusively when necessary to ensure the provision of its services, comply with legal obligations, or protect its legitimate interests. Data may be shared with the following categories of recipients:

a) Technology service providers and e-commerce platforms
This category includes the provider of the online store infrastructure, hosting services, database management, and functionalities associated with website operation.

b) Payment service providers and financial operators
For the purposes of order shipping and delivery management, personal data (name, address, contact) may be shared with contracted transport and logistics companies.
This data may be used by carriers for tracking, delivery notification, and possible reshipments, where applicable.

c) Entities responsible for logistics and transport
For the purposes of order shipping and delivery management, personal data (name, address, contact) may be shared with contracted transport and logistics companies.

d) Customer support and communication service providers
Including platforms that allow contact management, submission of requests, complaint tracking, or sending previously authorized commercial communications.

e) Analytics, personalization, and marketing platforms
Services that process data automatically may be used to improve the browsing experience, adapt content, and present personalized recommendations, based on previous behavior, whenever consented by the user.

f) Administrative or judicial authorities
Whenever Matissa is legally obliged to do so, it may communicate personal data to competent entities, particularly in cases of investigation, legal proceedings, or compliance with a legal obligation.

All external service providers act as Matissa's subcontractors, under written contracts, and commit to processing data exclusively for the determined purposes and in accordance with applicable legislation.

g) Social media and digital communication service providers, who may support the execution of contests and interaction management, acting as subcontractors, without undue access to data.

6. Information Security

As part of its activity, Matissa may transfer personal data to entities located outside the European Economic Area (EEA), particularly in the context of services provided by technological subcontractors or e-commerce platforms.

Whenever an international data transfer occurs, Matissa ensures that adequate safeguards are adopted to protect data subjects' rights, in accordance with applicable legislation, namely:

• Verification of the existence of an adequacy decision issued by the European Commission;
• Conclusion of standard contractual clauses approved by the European Commission with service providers;
• Prior assessment of the level of protection offered in the recipient country;
• Adoption of complementary technical and organizational measures, whenever necessary.
• In the case of refund requests, customers may be asked to provide banking details (e.g., IBAN). Matissa only requests such data through the official channels identified on the website. Customers must ensure they use a secure and reliable connection when providing this information. Matissa implements appropriate technical and organizational measures to protect personal data against unauthorized access, loss, or destruction.

These transfers only occur when strictly necessary for the execution of contracted services with customers or to ensure the technical operation of the online store. Data is processed with the same level of protection required by the General Data Protection Regulation.

7. Personal Data Retention Period

Matissa retains its customers' personal data only for the period strictly necessary to fulfill the purposes for which they were collected, as described in this Privacy Policy, and in accordance with legally required periods.

The adopted retention criteria are as follows:

• Billing and transaction data: retained for 10 years, in compliance with applicable legal and tax obligations;
• Customer account data: retained as long as the data subject maintains an active account. After prolonged inactivity or request for deletion, the data will be deleted or anonymized, unless otherwise provided by law;
• Data processed based on consent (e.g., promotional communications): retained until the data subject withdraws consent or exercises the right to object;
• Data processed based on legitimate interest: retained as long as necessary for the purpose that justified the processing, with periodic assessments of necessity and proportionality;
• Data collected for statistical purposes or internal improvement: retained in an aggregated and anonymized form, with no retention period applicable to identifiable personal data.
• Data related to exchanges, returns and refunds: retained for up to 6 years, for legal defense purposes and compliance with legal and tax obligations.
• Data processed for shipping and delivery purposes: retained for the period necessary to execute the contract and for an additional period of up to 6 years, for contractual liability purposes.
• Gift card data: retained anonymously while the card is active (maximum 1 year), for balance validation and refund processing.
• Data processed in the context of contests: retained for a maximum period of 6 months after the end of the initiative, unless a longer period is required by legal obligations or renewed consent.

After the indicated periods or once the purpose of processing ceases, data will be securely deleted or irreversibly anonymized.

8. Data Subject Rights

Under the General Data Protection Regulation, the data subject has the following rights, at all times and free of charge:

• Right of access: obtain confirmation as to whether their data is being processed and access it;
• Right to rectification: request the correction of inaccurate or incomplete data;
• Right to erasure: request the erasure of your personal data, where applicable;
• Right to restriction of processing: request the restriction of processing in certain circumstances;
• Right to object: object to the processing of your data, particularly for direct marketing purposes;
• Right to data portability: receive the personal data you have provided, in a structured, commonly used and machine-readable format, and transmit it to another controller, if you so wish;
• Right to withdraw consent: where processing is based on consent, this may be withdrawn at any time, without affecting the lawfulness of processing based on consent previously given.

To exercise any of these rights, or to clarify any question related to the processing of your personal data, the data subject may contact Matissa via email: info@matissa.pt.

The data subject also has the right to lodge a complaint with the National Data Protection Commission (CNPD), via the website www.cnpd.pt, if they consider that their rights have not been duly addressed.

Participants in contests may request the deletion of publications, images or data processed within the scope of these actions, by sending an email to info@matissa.pt.

9. Cookies

Matissa uses cookies and other similar tracking technologies on its website to ensure the correct functioning of the online store, improve user browsing experience, analyze usage patterns, and present personalized content and offers, provided the user has given their consent for this.

The cookies used can generally be classified into the following categories:

• Strictly necessary cookies: essential for the website's functioning and to enable basic functionalities, such as accessing a customer account or completing a purchase.
• Performance and statistics cookies: used to collect aggregated information about website usage, to help Matissa continuously improve its performance.
• Functionality cookies: allow remembering user preferences and customizations, such as language or location.
• Marketing and personalization cookies: used to present relevant ads based on user interests and measure the effectiveness of advertising campaigns.

The user can, at any time, manage their cookie preferences through browser settings or through the tools provided in the consent banner when accessing the website.

For more detailed information about the cookies used, their duration and specific purposes, please consult our Cookie Policy.

 

Cookie Policy

 

1. What are Cookies?

Cookies are small text files stored on the user's device (computer, mobile phone, or tablet) when visiting a website. These files allow the collection of information about browsing, such as preferences or visit history, with the aim of improving the user experience, ensuring the correct functioning of the website, and presenting personalized content.

2. Types of Cookies Used

Matissa uses different categories of cookies, grouped according to their purpose:

a) Strictly Necessary Cookies
Essential for the functioning of the online store. These include:

• cookie_consent: stores user consent preferences (duration: 1 year).
• session_id: keeps the user's session active during navigation (duration: session).
• cart_token: stores products added to the cart to maintain cart functionality (duration: 14 days).

b) Personalization and Functionality Cookies
These cookies enhance the user experience by remembering preferences or actions:

• _wishlist_id: saves items to the wishlist (duration: 30 days).
• _notify_stock: records notification requests for out-of-stock products (duration: 30 days).
• _translation_pref: sets the site language based on the browser (duration: 1 year).
• _review_session: supports the collection of product reviews (duration: session).
• _judge_user: stores user preferences and identifiers associated with the Judge.me review system (duration: 1 year).
• _inlight_event: saves user preferences or interactions with events displayed on the site (duration: 30 days).

c) Performance and Statistical Cookies
Help analyze user behavior and optimize the website:

• _analytics_id: collects aggregated data about website navigation (duration: 1 year).
• _hotjar_track: analyzes browsing behavior through heatmaps, clicks, and scroll (duration: session).
• _klaviyo_pageview: records page views for email marketing campaign performance (duration: 30 days).

d) Marketing and Advertising Cookies
Used to display personalized ads and measure campaign effectiveness:

• _ad_track: displays personalized ads based on user interests (duration: 3 months).
• _mkt_session: attributes traffic origin and campaigns to user behavior (duration: session).
• _fbp: identifies users for remarketing purposes via Meta Pixel (duration: 90 days).
• _klaviyo_tracking: collects information about interactions with newsletters and automated promotional campaigns (duration: 90 days).
• _klarna_ads: displays personalized messages related to Klarna payment options (duration: 30 days).
• _foxkit_session: enables upsell/cross-sell functionalities based on browsing behavior and purchase history (duration: session).
• _instafeed_track: collects interactions with Instagram content embedded on the site (duration: session).

3. Preference Management

Users can, at any time, manage or withdraw their consent through the consent banner visible when accessing the site for the first time, or by re-accessing the cookie settings.
Additionally, it is possible to configure the browser to block the installation of cookies or to alert when they are being set. However, disabling essential cookies may affect the correct functioning of the website.

4. Duration and Retention

Each cookie has a specific duration, defined according to its function:

• Session cookies: automatically deleted when the user closes the browser.
• Persistent cookies: remain on the device for the stipulated period (e.g., 14 days, 30 days, or 1 year), as detailed in the previous section.
  
  

5. Updates to the Cookie Policy

Matissa reserves the right to update this Cookie Policy whenever necessary, particularly to reflect legal or technological changes, or changes in cookie usage. Regular review of this policy is recommended to stay informed about any changes.