Privacy Policy

This Privacy Policy is provided, in compliance with Articles 13 and 14 of the EU Regulation 679/2016 (hereinafter: “Regulation”), to the users (hereinafter: “Users” or “User”) of the website https://www.theartofshaking.com/ (hereinafter: “Site”) owned by “Cocktail Concierge FZE” with registered office in Fujairah – Creative Tower P.O.Box 4422 Fujairah, License No.: 15294/2019 (which is the Data Controller, hereinafter: “Data Controller”) or to those who subsequently purchase products offered on the Site itself or register to the newsletter service (hereinafter: “Newsletter”), giving us their consent for a specific purpose (hereinafter: “Newsletter”): “Data Controller”) or to those who subsequently purchase the products offered on the Site itself or register for the newsletter service (hereinafter: “Newsletter”), giving us their consent for a specific purpose (hereinafter: “Customers” or “Client”), and aims to describe how the Site is managed with reference to the processing of personal data, as well as to allow the Users of the Site to know the purposes and methods of processing of personal data by the Data Controller in case of their conferral. If, on the other hand, while browsing the Site, the User and/or the Customer accesses pages or sites managed by third parties via links, reference should be made to the Privacy Policy published therein for the processing of personal data.
In particular, this Privacy Policy describes how the Data Controller collects, uses, processes and communicates the User’s personal data when accessing and using the Site and the services provided therein, specifically:

1. Who is the data controller?
2. Principles applicable to the Processing of Personal Data
3. Type of users
4. What categories of data does the Data Controller collect and use?
5. Why are personal data collected?
6. Who sees, receives and uses the data and where can this be done?
7. Methods of processing and storage of personal data
8. What are the data protection rights and how can they be exercised?
9. Contact details of the data controller
10. Information on Cookies
11. Updating and previous versions of this Privacy Policy

This document also informs the User on how to exercise his/her rights (including the right to object to part of the data management carried out by the Data Controller). Further information on the rights and on how to exercise them is provided in the following paragraphs of this Privacy Policy.
As specified in the General Conditions and Terms of Service, the services offered by the Controller are intended for persons over the age of 18. Should the Controller become aware of the processing of data of minors under the age of 18 without the valid consent of their parents or legal guardian, the Controller reserves the right to unilaterally terminate the use of the service offered and to delete the data acquired.
Terms that are not defined in this Privacy Policy (such as “Service” or “Service Owner”) have the same meaning as described in the General Terms and Conditions of Service.

Principles applicable to the Processing of Personal Data
The Data Controller, in accordance with the Regulation, informs you that the aforementioned legislation provides for the protection of individuals with regard to the processing of personal data, and that such processing will be based on the principles of correctness, lawfulness, transparency and protection of confidentiality and fundamental rights.

What categories of data does the Data Controller collect and use?
If you visit the Site and use the search service or register with the Site, the Data Controller collects the following categories of personal data:
4.1. Personal data provided by the User
Personal data shared with the Data Controller, including data shared when registering for the Newsletter in order to receive marketing communications and data sent via the “Work with Us” Section of the Site, as well as data provided to us when using the services, including information entered into the platform and contained in comments, reviews or messages sent by email or through social media channels.
More precisely:
When contact occurs between the Data Controller and the User and/or Customer via email or through social media, the Data Controller may collect: personal data provided to it by the User and/or Customer when the latter connects with the Data Controller, including first and last name, user name (if available), telephone number (if necessary) and email address. In particular, Users are provided with a Live Chat system reserved for them, which allows them to reply to ads via chat. However, the messages exchanged between Users are encrypted and saved in the Data Controller’s database, generating a unique encryption key for each message. Both the encrypted message and the key needed to decipher the message will therefore be saved in the database. Moreover, Users may decide whether or not to receive notifications of advertisements by email.
When the User and/or Customer subscribes to personalised marketing services (“Newsletters”) the following data may be provided to the Data Controller: personal details (including first name, last name and email address), how the website is accessed, including IP address, online identifiers and browser details. We may also be provided with your browsing behaviour or personal interests. Please note that some of this information may be collected automatically in accordance with Section 4.2.
When there is a contact between the Controller and the User (hereinafter also “Candidate”) through the “Work with us” section of the Site, the Controller may collect the personal data provided to the Controller by the Candidate by filling in the online form available on the Site, including contact details (such as name, surname and email address), languages spoken and information relating to the Candidate’s education and training, together with any other information the Candidate may provide to the Controller in the Curriculum Vitae and/or in the cover letter attached to the online form or during any subsequent interviews with the Controller. Particular categories of personal data, such as data relating to the Candidate’s state of health, will be collected only with the Candidate’s consent and where their use is strictly necessary for the pursuit of the purposes of recruitment and selection of personnel and for the establishment of employment relationships (e.g. in the event of membership of certain protected categories), within the limits and in compliance with the provisions of applicable law. Sending an application via the Site and any related information is entirely spontaneous and optional for the User of the Site. If the latter decides to submit his or her application through the “Work with us” section of the Site, he or she will be free to provide the personal data he or she deems most appropriate for this purpose. However, if you do not provide the personal data required to identify you (such as, for example, your first and last name, email address or education) or the personal data specifically requested by the Company (during the interview or by email or indicated as mandatory by a notice shown below the field to be filled in), the Company may not be able to fully evaluate your application and complete the recruitment process. With reference to the particular categories of personal data, it should be noted that the Data Controller, where strictly necessary and within the limits and in accordance with the law, will use such data exclusively to fulfil or request the fulfilment of specific obligations or to perform specific tasks provided for by European Union legislation.
The aforementioned personal data, when requested, are necessary for the proper performance of the contract between the Data Controller and the User and/or the Customer and to enable the Data Controller to fulfil its legal obligations, except where the latter depends on the consent of the data subject as the legal basis for the processing and for the legitimate interest of the Data Controller. Without them, the latter may not be able to provide all the services requested.
It is important that all personal data provided by the User and/or Client is correct and accurate. This means, purely by way of example, the assurance by the User and/or the Client that the contact details held by the Data Controller (including the e-mail address) are always correct.
4.2. Personal data collected automatically by the Site, from communications sent by the Data Controller and/or third parties
The Data Controller collects information relating to visits to the Site and use of the Site, such as the device and browser used, the IP address or domain names of the computers connected to the Site, the URI (Uniform Resource Identifier) notation addresses of the requests made, the time of the request, the date and time of the visit, the duration of the visit, the referral site and the navigation path on the Site relating to the visit and the interactions on the Site itself, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system.) and other parameters relating to the operating system and computer environment of the User and/or the Customer.
For further information on the purposes for which the Data Controller collects and uses this information, please see the section on Cookies in this Privacy Policy (10. Information on Cookies). Please note that personal information may also be linked to Cookies, e.g. to collect information on how you use the Site and the services offered therein.
The Data Controller may automatically collect certain personal data of the User and/or the Customer also in order to understand how the User and/or the Customer interacts with the communication material sent to him/her by the Data Controller, e.g. e-mails, including the actions he/she takes in relation to such communications, e.g. clicks on links in the text of the e-mail, duration and frequency of interactions with the e-mail itself.
To the extent permitted by applicable law, the automatic collection of personal data of the User and/or the Customer may also take place in the event that the Controller receives additional information relating to the User and/or the Customer such as fraud detection information and warnings from third party service providers and/or partners for its fraud prevention activities.
5. Why are personal data collected?
In general terms, the Data Controller uses personal data to provide the services requested by the User and/or the Customer, to send service communications, to report important changes to the Site and possibly to propose content and advertisements that the Data Controller believes may be of interest to the User and/or the Customer.
More precisely, the personal data provided by Users through the use of the Site will be processed with their consent for the purposes described below:
Provision of services accessible through the Site:

In order to provide certain services such as:
create and maintain the contractual relationship established for the supply of the product and/or service requested in every phase and through any possible integration and/or modification requested by the User and/or the Customer;
in-depth study of the activities, events and other institutional and training initiatives organised or carried out by the Data Controller;
management and processing, in relation to what is indicated in the previous point, of requests and enquiries for interaction with the Data Controller and the subjects traceable to the latter’s organisation.

On what legal basis?
To fulfil a contract or for the performance of a service or measures related to a contract and/or a service (i.e. to provide the requested services, and/or to provide the User with assistance)

B. Compliance with legal, regulatory and compliance requirements
To meet legal, regulatory and compliance requirements and to respond to requests from government or law enforcement agencies that are conducting an investigation.
On what legal basis?
To comply with the law (i.e. to share personal data with regulatory authorities)

C. Supplementary statistical and behavioural analyses
To carry out aggregate statistical analysis on anonymous groups or to analyse the behaviour of identifiable individuals, so that we can see how they use the Site, the services provided therein and verify the performance of the relevant activity.
On what legal basis?
To pursue the legitimate interests of the Data Controller (i.e. to improve the Site, its functionalities and the services offered therein)

D. Sending personalised and profiled marketing communications
To send personalised and profiled marketing communications exclusively with the consent of the User and/or the Customer, as well as to share via e-mail and on the Site or third party sites (e.g. through advertisements) the best offers and promotions on products and services that the Data Controller considers may be of interest as they respond to the interests of the User and/or the Customer. Personalised services or offers may be marketed by the Data Controller or its partners or commercial collaborators operating in the following sectors: tourism, leisure, entertainment, high-tech, fashion, decoration, consumer goods, food & beverage, finance, banking, insurance, energy, environment, communication, mass media, real estate, pharmaceutical, clothing and textiles, education and training, publications and publishing, information and communication technologies, retail, sport, telecommunications and services in general. For this purpose, the Data Controller may:
– analyse the personal data collected to create a profile of the User’s and/or Customer’s interests and preferences, in order to create personalised and targeted communications that are relevant and consistent with the User’s and/or Customer’s profile;
– combine the information collected through cookies with information relating to purchases made on the Site and with information that the Data Controller may receive from third parties who collect the User’s and/or Customer’s data in a manner agreed with the same.
– analyse information about the interaction with the communication material sent by the Data Controller, e.g. data on when emails were opened or to determine whether advertisements were viewed and whether there was interaction with them, to record the number of times each advertisement was viewed, to prevent a single advertisement being shown too frequently, etc.
– temporarily share an encrypted version of the User’s and/or Customer’s email address with partners carefully selected by the Data Controller, who may combine this information with other forms of online identifiers or other personal data in order to show the same User and/or Customer the Data Controller’s offers on multiple devices or channels, for example on social networks (Facebook, Pinterest, Instagram, Twitter).
– use automated decision-making processes to segment and target product offers according to the requests and needs of the User and/or Customer, reducing the risk of proposing inappropriate or irrelevant information and/or offers to the same. The User and/or Customer has the right to request that a manual decision-making process be carried out, to express his or her opinion or to contest decisions based solely on automated processing, including profiling, if such decisions produce legal or other similar effects. For further details, you may contact our Data Protection Officer, whose contact details are provided in Article 9 of this Privacy Policy.
On what legal basis?
Where the User and/or Customer gives their consent

E. Security of the Site and of the systems used by the Data Controller
To maintain the security of the Site and the systems used by the Data Controller to provide the Services and to prevent and detect fraud, security incidents and/or other crimes.
On what legal basis?
To pursue the legitimate interest of the Data Controller (i.e. to ensure the security of the Site and the systems)

F. Verification of compliance and legal action
To verify compliance with the General Conditions and Terms of Service and for the establishment, exercise or defence of a legal claim.
On what legal basis?
To pursue the legitimate interests of the Data Controller (i.e. in accordance with the General Conditions and Terms of Service, to protect the rights of the Data Controller in the event of disputes or complaints)

G. Customising advertisements and online marketing notifications
To tailor and customise online advertising and marketing notifications based on information collected through cookies and relating to your and/or your Customer’s use of the Site, the products and services provided therein and other sites (for more information please refer to the section on cookies in this Privacy Policy).
On what legal basis?
Where the User and/or Customer gives their consent (i.e. via the Cookie banner or via the browser settings)
H. Staff recruitment and selection activities
To evaluate the applications sent by Users as part of the recruitment and selection process and, where appropriate for the open position, for the purposes of establishing the employment relationship and fulfilling the legal obligations relating to the relationship itself.
On what legal basis?
Where the User gives his consent, as well as the need to enter into a contract with him for the purpose of establishing an employment relationship.

Where the processing of personal information is based on legitimate interest, the Data Controller carries out an assessment to ensure that its interest in the use of the data is legitimate and that the User’s fundamental privacy rights are not overridden by its legitimate interests (“balancing test”). Further information on the comparative assessment can be found by contacting the Data Controller at info@theartofshaking.com.

Who sees, receives and uses the data and where can this be done?
6.1. Categories of data recipients
The Data Controller shares personal data, for the purposes described in this Privacy Policy, with the following categories of recipients:
its employees and/or authorised collaborators who provide support and consultancy services in the areas of administration, product, legal advice, information systems, as well as personnel in charge of maintaining the network and hardware and software equipment of the Data Controller;
the competent authorities, if required by the regulations in force;
the competent authorities and third party law enforcement authorities, where this is necessary to enforce the General Conditions and Terms of Service and to protect and defend the rights or property of the Data Controller or the rights and property of third parties;
third parties receiving the data (e.g., business consultants, professionals in the provision of tax due diligence services, “due diligence” or estimating the value and capabilities of the business), where it is necessary in connection with sales of the Data Controller’s business or assets (in which event the data will be disclosed to the Data Controller’s advisors and the advisors of any potential buyer and will be transferred to the new owners).
The personal data collected may also be processed by subjects or categories of subjects who act as data processors pursuant to Article 28 of the Regulations or who are authorised to process the data pursuant to Article 29 of the Regulations;
In addition, for some services, the data may be communicated to companies that collaborate with or use the services of the Data Controller with the sole purpose of providing the services requested by the User. In these cases the companies are autonomous holders of the personal data processing, therefore the Data Controller is not responsible for the processing of the data by these companies. The Data Controller is also not responsible for the contents and compliance with the legislation on the protection of personal data by sites not managed by the same.
The full list of subjects to whom personal data may be communicated is available at the registered office of the Data Controller and may be requested by writing to info@theartofshaking.com.
6.2. Data transfer
The processing of the User’s personal data will take place at the registered office of the Data Controller (see point 1), on the Data Controller’s servers and at the offices of any other entities to which the data may be transmitted for the purpose of providing the services requested by the User from the Data Controller.
Furthermore, personal data collected through the Site may be transferred outside the national territory, solely and exclusively for the purpose of providing the services requested through the Site and in compliance with the specific provisions of the Regulations.
Some personal data may be shared with recipients located outside the European Economic Area. The Data Controller ensures that the processing of personal data by these recipients will take place in compliance with the Regulation.
However, if you would like further details on the safeguards in place, you can contact the Data Controller by writing to info@theartofshaking.com.

7. Methods of processing and storage of personal data

The Data Controller ensures that personal data will be processed in full compliance with the Regulations, by means of manual, computerised or telematic systems and, where necessary, in paper format, and will be stored in the Data Controller’s database, protecting the privacy and rights of the User and/or Customer by adopting appropriate technical and organisational measures to ensure a level of security appropriate to the risk. The data may also be processed using automated tools for storing, managing and transmitting the data.
The data collected and processed will be protected by physical and logical methods such as to minimise the risks of unauthorised access, dissemination, loss and destruction of data, in accordance with Articles 25 and 32 of the Regulation.
Pursuant to Article 7(3) of the Regulation, the data subject has the right to withdraw consent to the processing at any time.
If the Data Controller does not receive a request for deletion, personal data will be retained by the Data Controller for as long as necessary to achieve the purposes and perform the activities described in this Privacy Policy, or as otherwise communicated to the User and/or the Customer, or for as long as permitted by applicable law.
Further information on the period of retention of personal data by the data controller is available below:

Data relating to purchases made on the Site (name and surname, address, contact information, etc.) – Storage period: 10 years from the date of purchase;

Contractual documents – Retention period: 10 years from the date of purchase;

Credit card data in plain text – Retention period: not retained;

Financial/transaction-related information – Retention period: 10 years from completion of financial transaction;

Data relating to checks for the detection of fraudulent transactions (anti-fraud) – Retention period: 5 years from the rejection of the transaction cause;

Data used for marketing purposes (data subject to the consent of the User and/or Customer and used for marketing activities towards them) – Storage period: 5 years from the granting or renewal of consent by the User and/or Customer through interaction with marketing communications.

Data collected during personnel recruitment and selection activities – Term of retention: Such personal data shall be retained for a period of time not exceeding that which is strictly necessary for the evaluation of the candidature for possible inclusion in the Company’s staff and, in any event, not exceeding 12 months, after which such data shall be removed by the Data Controller from both the computer systems and any paper files in its possession, without prejudice to any further retention obligations provided for by applicable law and unless otherwise requested by the User and/or the Candidate (in this case the legal basis for this further processing shall be the consent of the User and/or the Candidate itself).

The following retention periods apply to personal data collected through tags:

Technical cookies – Retention period: maximum 3 years, starting from the date of browsing the Site;
Non-technical cookies – Storage period: maximum 1 year, starting from the date of consent of the data subject.

Personal data collected through the “Work with us” section of the Site will be stored for a period of time not exceeding the period of time strictly necessary to assess the Candidate’s request for possible inclusion in the Data Controller’s staff (and, in any event, not exceeding 12 months), after which they will be removed from both the computer systems and any paper files, without prejudice to further storage obligations under applicable law, unless you request otherwise (in this case the legal basis for this further processing will be the Candidate’s consent).

8. What are the data protection rights and how can they be exercised?

You can exercise the rights guaranteed by the Regulation (Articles 15-22), including the rights to
Right of access: to receive confirmation of the existence of personal data, to access the content of personal data and to obtain a copy thereof.

Right of rectification: to update, rectify and/or correct personal data.

Right to erasure/right to be forgotten and right to restriction: to request the erasure of data or the restriction of data that have been processed in breach of the law, including data whose storage is not necessary for the purposes for which the data were collected or processed; where we have disclosed personal data to the public, you also have the right to request the erasure of personal data and the taking of reasonable steps, including technical steps, to inform other data controllers who are processing personal data of your request to erase any link, copy or reproduction of such personal data.

Right to data portability: to receive in a structured, commonly used and machine-readable format a copy of the personal data provided to the Data Controller for the purposes of a contract or with the User’s consent and to request the transfer of such personal data to another data controller.

Right to withdraw consent: in the event that the Controller depends on the User’s consent, the User will always be able to withdraw this consent, although the Controller may have other legal bases for processing the said data for other purposes.

Right to object at any time: the right to object at any time to the processing of personal data in certain circumstances (in particular, where it is not necessary to process the data in order to comply with contractual or legal requirements, or where the Company uses such data for direct marketing activities.

Right not to be subject to a decision based solely on automated processing, including profiling: You can always request that a manual decision-making process be carried out instead, express your opinion or contest decisions based solely on automated processing, including profiling, if such decisions produce legal or other similar effects.

You can exercise these rights at any time in the following ways:
by contacting the Data Controller by e-mail at info@theartofshaking.com.
Your rights in relation to personal data may be limited in certain situations. For example, if fulfilling this request would reveal the personal data of another person or if there are legal requirements or compelling legitimate reasons, the Controller may continue to process the personal data for which deletion has been requested.
You also have the right to lodge a complaint if you believe that your personal information has been handled incorrectly. You are invited to contact the Data Controller in the first instance, but you may, insofar as this right applies to you, lodge a complaint directly with the competent data protection supervisory authority.

9. Contact details of the data controller
The contact details of the Data Controller are:
Cocktail Concierge FZE – License No.: 15294/2019 – Fujairah- Creative Tower P.O.Box 4422 FUJAIRAH

10. Information on cookies
Please visit the following page for all Cookie related information.

11. Updating and previous versions of this Privacy Policy

This Privacy Policy may be subject to changes over time – also connected to the possible entry into force of new sector regulations, the updating or provision of new services or technological innovations. Therefore, the Data Controller reserves the right to amend this Privacy Policy at any time in accordance with this paragraph. If the Controller makes changes to this Privacy Policy, it shall publish the revised Privacy Policy on the Website and insert the “last updated” date at the beginning of this Privacy Policy.