Privacy Policy

The Honeyland — Integra Values S.r.l.

Last updated: June 20, 2026

We are committed to protecting your privacy. This page provides information on how we process and protect your personal data: what data we collect, why, on what legal basis, to whom it may be disclosed, and for how long we retain it.

Unless otherwise specified, this information refers exclusively to the website www.thehoneyland.com (hereinafter the "Site"). This privacy policy is provided pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 ("GDPR") and Legislative Decree 196/2003 (Italian Personal Data Protection Code), as amended and adapted by Legislative Decree 101/2018.


1. Data Controller

The Data Controller of the data collected through this Site is Integra Values S.r.l., with registered office at via Palestro 4 bis, 10010 Cossano Canavese (TO), Tax Code/VAT No. 03258921208, registered with the C.C.I.A.A. of Turin.
For any question, clarification, or request relating to the processing of your personal data, you can write to the following e-mail address: info@thehoneyland.com.


2. How We Process Your Data

Personal data are processed with automated and paper tools, for the time strictly necessary to achieve the purposes for which they were collected and in any case within the limits indicated in the subsequent “Retention periods” section.

We adopt specific technical and organizational security measures to prevent data loss, illicit or incorrect use, and unauthorized access. All information transmitted on the Site travels via encrypted HTTPS/SSL protocol. We do not register or store payment card data, which are managed directly in a secure and encrypted manner by the payment service providers.


3. Place of Data Processing

Data are processed at the operational headquarters of the Data Controller and in the places where the parties involved in the processing are located. In addition to the Data Controller, authorized internal subjects (administrative, sales, marketing, and customer service staff) and external suppliers performing activities on behalf of the Data Controller (technical service providers, couriers, hosting providers, IT companies, communication agencies) may access the data, appointed as Data Processors pursuant to Art. 28 GDPR where necessary. Personal data are not subject to public dissemination.


4. What Data We Collect

The personal data collected on the Site, independently or through third parties, include: first name, last name, shipping and billing address, phone number, e-mail address, company name, tax code, VAT number, payment data (managed securely by the relevant financial providers), cookies, and usage data.

The data requested as mandatory in the order form are necessary for the execution of the order itself: in their absence, it will not be possible to conclude the sales contract. The data indicated as optional may not be provided without any consequence on the use of the Site and the purchase of products.


5. Purposes and Legal Bases of Processing

We process your data only in the presence of an appropriate legal basis provided for by law. In particular:

  • Execution of a contract (Art. 6.1.b GDPR): for the conclusion and execution of the purchase contract of products, for registration on the Site, and for the use of services reserved for registered users.
  • Legal obligation (Art. 6.1.c GDPR): to comply with tax, accounting, and legal obligations related to commercial activities and purchases made.
  • Legitimate interest / "Soft-Spam" (Art. 6.1.f GDPR and Art. 130, paragraph 4, Legislative Decree 196/2003): for sending, to the e-mail address provided at the time of purchase, commercial and informative communications relating to products similar to those already purchased. It is always possible to object to such sending in a simple and free manner, both at the time of collection and in any subsequent communication, using the unsubscribe link in the footer of the e-mails.
  • Consent of the data subject (Art. 6.1.a GDPR): for sending newsletters and promotional communications to those who register voluntarily through the subscription forms without having made a purchase, and for profiling and tracking activities through non-technical cookies, as described in the Cookie Policy. Consent can be revoked at any time.
  • Management of requests (Art. 6.1.b / Art. 6.1.f GDPR): to respond to and follow up on requests for information or assistance forwarded to Customer Service.

6. Retention Periods

We retain personal data for the time strictly necessary for the purposes for which they were collected, in compliance with the terms of the law:

  • Data relating to orders and billing: retained for 10 years from the date of purchase, in compliance with the civil, accounting, and tax obligations provided for by Italian law (Art. 2220 of the Italian Civil Code).
  • Registered account data: retained until the user requests deletion. In case of prolonged inactivity, personal data associated with the account will be removed or anonymized after 36 months from the last recorded access or active interaction.
  • Data for marketing and newsletter purposes: processed until consent is withdrawn (unsubscribed) by the user or, for active customers (soft-spam), until the right to object (opt-out) is exercised. To guarantee proportionate processing, data processed for promotional purposes are in any case kept for a maximum period of 24 months from the customer's last active interaction with our communications.
  • Navigation data and cookies: retained according to the specific timeframes indicated in detail in the Cookie Policy.

7. Communication of Data and Categories of Recipients

Personal data collected are not sold or transferred to third parties. They may, however, be communicated to external partners and service providers operating on our behalf as Data Processors (Art. 28 GDPR) or as independent Data Controllers. These categories include:

  • E-commerce platform: Shopify International Limited, used for the technological and operational management of our online store.
  • Payment services: providers of electronic payment services and banking institutions (such as PayPal, Stripe, Apple Pay, Google Pay) for the secure management of financial transactions.
  • Shipping management and integrated logistics: Sendcloud B.V. (based in the Netherlands), used as a central platform for logistical organization, label processing, and transmission of shipping data to the individual express couriers/carriers in charge of the physical delivery of the products (such as GLS, BRT, DHL, Poste Italiane).
  • E-mail marketing and automated communications: Omnisend (UAB Omnisend, based in Lithuania), used for the planned or automated sending of newsletters, commercial communications, and transactional notifications.
  • Statistical analysis and marketing: Google LLC (for Google Analytics and ad tracking services) and Meta Platforms, Inc. (for the Facebook pixel) to analyze Site traffic and manage advertising campaigns.

8. Transfer of Data Outside the European Union

Some of the external providers we use to deliver services on the Site are based or process personal data outside the European Economic Area (EEA). In particular:

  • Shopify Inc., Google LLC, and Meta Platforms Inc. transfer and process data in the United States of America. Such transfer is protected and legitimized by the respective providers' adherence to the EU-US Data Privacy Framework (DPF) (adequacy decision of the European Commission) or, alternatively, by the signing of Standard Contractual Clauses (SCCs) together with appropriate technical security measures.
  • Omnisend (UAB Omnisend), despite having its main headquarters within the European Union (Lithuania), relies on affiliate companies and technological infrastructures located in the United States of America. The transfer of data is governed by the relevant Data Processing Agreement (DPA) incorporating the Standard Contractual Clauses approved by the European Commission to ensure levels of protection equivalent to those in the EU.
  • Data processed through the Sendcloud B.V. platform reside and are processed mainly within the European Union, except for the use of specific sub-processors listed in Sendcloud's processing agreement, who are always bound to comply with the GDPR.

9. Navigation Data and Cookies

The computer systems and software procedures used to operate the Site acquire, during their normal operation, some data whose transmission is implicit in the use of Internet communication protocols (e.g., IP addresses, browser type, operating system, pages visited, access times).

The Site also uses cookies and similar technologies, both first and third-party, for technical and proper functioning purposes, as well as for statistical and — subject to your explicit consent provided through the cookie banner — profiling and marketing purposes. To learn in detail the list of cookies used, their respective expiration dates, and to manage your preferences at any time, please consult our Cookie Policy.


10. Your Rights

You can exercise the rights provided by Articles 15-22 of the GDPR at any time by contacting the Data Controller at the e-mail address info@thehoneyland.com. In particular, you have the right to:

  1. Access your personal data and know their origin, purposes, and methods of processing.
  2. Request the rectification or updating of inaccurate or incomplete data.
  3. Obtain the erasure (right to be forgotten) of your personal data, if they are no longer necessary for the purposes of the processing or in the absence of legal obligations of retention.
  4. Request the restriction of processing in the cases provided by law.
  5. Request the portability of your data in a structured, commonly used, and machine-readable format.
  6. Object at any time to the processing of your data for direct marketing purposes (including soft-spam) or based on legitimate interest.
  7. Withdraw your consent previously given, without affecting the lawfulness of the processing based on consent before its withdrawal.

If you believe that the processing of your data violates the GDPR, you have the right to lodge a complaint with the competent supervisory authority of the EU State in which you reside. In Italy, the reference authority is the Garante per la Protezione dei Dati Personali (Piazza Venezia n. 11, Rome - www.garanteprivacy.it).


11. Third-Party Data and Minors

If you provide the Site with the personal data of third parties (for example, by entering shipping data to send a gift to another person), you agree to ensure that such subjects have been previously informed and have consented to the processing in accordance with this privacy policy.

The Data Controller does not knowingly process personal data relating to minors under 18 years of age. By using the Site and completing an order, you declare that you have reached the age of majority according to the law of your state of residence.


12. Changes to This Privacy Policy

This privacy policy may be modified or updated over time, including following the entry into force of new sectoral regulations or the activation of new services on the Site. The updated version will always be published on this page indicating the date of the last update; we therefore invite you to consult it periodically to remain informed on how we protect your data.