TRIO Online Shop

Team by esatcy

Cart 0
Cart 0

Privacy Policy

Summary

  • We collect only data needed to process orders and manage salon reservations.
  • We do not store payment card details — payments are processed by Paysera (PCI DSS compliant).
  • We use service providers (e.g., Hostinger, Wordfence, Google reCAPTCHA, LatePoint, Paysera, UPS/DHL) only to operate, secure, and fulfill services.
  • You have rights under Law No. 06/L-082 on the Protection of Personal Data (access, correction, deletion, restriction, objection, etc.).
  • We currently use functional/essential cookies only (no Google Analytics/Meta Pixel at this time).

1. Purpose of this document

This Privacy Policy explains how THE TRIO SH.P.K. (“TRIO”, “we”, “us”) collects, uses, stores, and protects personal data of visitors and customers of triosalon.net, in accordance with Law No. 06/L-082 “On the Protection of Personal Data” and generally accepted security best practices.

2. Who we are (Data Controller)

Controller: THE TRIO SH.P.K.
Address: Ukshin Hoti Street, Prishtina, Kosovo
Email: contact@triosalon.net | Phone: +383 48 414 474
Website: triosalon.net

3. What personal data we process

Depending on how you use the website, we may process:

A) Identity and contact data

  • First name and last name
  • Email address
  • Phone number

B) Address data (orders)

  • Shipping address
  • Billing address

C) Booking and account data (LatePoint / customer account)

  • Booking data (date, time, selected service, location)
  • Account data (login/account identifiers, reservation and order management)
  • Date of birth only if you provide it via booking/account fields (where enabled)

D) Order data (WooCommerce e-shop)

  • Order history (products, quantities, totals, timestamps)
  • Delivery status and shipment details (where applicable)

E) Technical and security data

  • IP address (typically via security logs)
  • Limited device/browser information
  • Security events (failed logins, suspicious behavior, abuse prevention logs)

Payment data (important)

We do not process or store card numbers, CVV codes, or card expiry dates.
All online payments are handled exclusively via Paysera, a licensed platform certified with PCI DSS. We may receive limited transaction information (e.g., payment status and reference IDs) needed to confirm payment and reconcile orders.

4. Purposes of processing (why we use your data)

We process personal data for legitimate operational purposes, including:

  • Management of bookings and orders
  • Creation and operation of customer accounts
  • Essential communications related to our services (order/booking confirmations, updates, support)
  • Delivery fulfillment (sharing necessary data with shipping providers where shipping is used)
  • Website security, fraud prevention, and protection against abuse
  • Improving user experience and website functionality (technical improvements)

We do not use personal data for profiling, aggressive marketing, or hidden purposes.

5. Legal bases for processing (Law No. 06/L-082)

We process personal data only where a lawful basis applies, including:

  • Contract / service necessity: when you request a booking, purchase, or create an account
  • Legitimate interest: website security, preventing abuse, ensuring technical operation and service continuity
  • Consent: only for marketing notifications (if enabled and if you opt in)

Where processing relies on consent, you may withdraw it at any time.

6. Data storage, retention, and protection

Where data is stored

Personal data is stored and processed using:

  • Secure Hostinger Premium servers (website hosting)
  • SSL/TLS (HTTPS) encryption
  • Wordfence Premium firewall and malware protection
  • Two-Factor Authentication (2FA) for administrative accounts
  • Google reCAPTCHA v3 on specific forms (anti-spam/anti-abuse)

Data retention periods

We retain data only as long as necessary and never longer than required by law.
Current retention schedule:

  • Booking history: 24 months
  • User accounts: until closed by the user (or removed after prolonged inactivity where appropriate)
  • Backups: 30 days
  • Email communications: as required for service provision and dispute handling

Important note: Some order/invoice-related information may need to be retained longer if required by applicable accounting/tax obligations or to resolve disputes.

7. Your rights as a data subject

Under Law No. 06/L-082, you may request:

  • Access to your personal data
  • Correction/updates of inaccurate data
  • Deletion of your account and data (“right to be forgotten”), where legally possible
  • Restriction or objection to processing in certain cases
  • Withdrawal of consent (where consent is the legal basis)

Requests should be sent to: contact@triosalon.net
We aim to process requests within the legal deadline of 1 month. Requests may be logged and archived as part of compliance records.

8. Third-party services (processors) and data sharing

We use third-party services only when necessary for functionality, security, booking, payments, and delivery. We do not sell personal data.

Services that may process data or place technical cookies:

  • Hostinger — website hosting infrastructure
  • Wordfence Premium — security protection (cookies for security functions)
  • Google reCAPTCHA v3 — spam/abuse prevention on specific forms
  • LatePoint — booking/reservation processing
  • Paysera — payment processing (TRIO does not store card data)
  • Shipping providers (UPS and sometimes DHL) — name, phone, address, shipment details for delivery
  • Cloudflare (if enabled/used) — traffic filtering and protection; may set security cookies to verify legitimate traffic

We share only what is necessary and apply appropriate safeguards.

9. Cookies (functional/essential only)

Our website currently uses only essential/functional cookies required for operation and security, such as:

  • WooCommerce functional cookies (cart/session)
  • WordPress technical cookies
  • Wordfence security cookies
  • reCAPTCHA signals/cookies on specific forms
  • Cloudflare security cookies (only if Cloudflare is enabled)

If non-essential cookies are enabled in the future, visitors will be able to manage preferences through the cookie/privacy banner.

10. International transfers

Some providers (e.g., Paysera, UPS/DHL, Wordfence infrastructure, Cloudflare if used) may process data outside Kosovo depending on their systems. Where this happens, we apply appropriate safeguards consistent with applicable data protection requirements.

11. Personal data breaches

In case of a personal data breach, TRIO will take steps to contain and assess the incident and will notify:

  • the competent supervisory authority (Agency for Information and Privacy — AIP) and
  • affected individuals,
    where and as required under applicable data protection rules.

12. Children’s privacy

Our services and online shop are intended for adult customers and professionals. If a minor provides personal data without appropriate involvement/authorization, please contact us so we can take appropriate action.

13. Changes to this policy

We may update this Privacy Policy due to legal changes, security requirements, or service improvements. The latest version is published on this page and becomes effective upon publication.

14. Contact

Email: contact@triosalon.net
Phone: +383 48 414 474
Address: Ukshin Hoti Street, Prishtina, Kosovo — THE TRIO SH.P.K.

Cart 0
Shopping Cart 0