Privacy & GDPR Policy

Effective Date: 15 July 2025

This Privacy Policy describes how Thorne & Co ("we", "us", or "our") collects, uses, and protects the personal data of users who visit and interact with our website thorne-co.com (the “Site”) in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”).

1. Who We Are

Thorne & Co, Via Roma 28, Mombaruzzo, 14046, AT, Italy
Email: steve@thorne-co.com
Data Protection Officer Contact - Steve Thorne

2. What Data We Collect

We may collect and process the following categories of personal data:

  • Identity Data: name, username, or similar identifiers.

  • Contact Data: email address, telephone number, physical address.

  • Technical Data: IP address, browser type/version, time zone setting, operating system, platform, and other technology on the devices used.

  • Usage Data: information about how you use our website, products, and services.

  • Marketing and Communications Data: your preferences in receiving marketing from us and your communication preferences.

3. How We Collect Your Data

We collect data through:

  • Direct interactions: when you fill out forms, subscribe to our newsletter, or contact us.

  • Automated technologies: cookies, server logs, and similar technologies.

  • Third parties: such as analytics providers (e.g., Google Analytics), advertising networks, or social media platforms.

4. Legal Basis for Processing

We process your personal data under the following lawful bases:

  • Consent (Art. 6(1)(a) GDPR) – when you give us explicit permission.

  • Contract (Art. 6(1)(b) GDPR) – when processing is necessary to fulfill a contract.

  • Legal obligation (Art. 6(1)(c) GDPR).

  • Legitimate interests (Art. 6(1)(f) GDPR) – except where such interests are overridden by your rights.

5. How We Use Your Data

We use your personal data to:

  • Provide and maintain our services.

  • Respond to inquiries and support requests.

  • Manage your account.

  • Send marketing communications (with your consent).

  • Improve our website and services.

  • Comply with legal obligations.

6. Sharing Your Data

We do not sell your personal data. We may share your data with:

  • Service providers who process data on our behalf (e.g., hosting, email, analytics).

  • Regulatory authorities, if legally required.

  • Third parties involved in a business transfer or reorganisation.

7. International Transfers

If we transfer your personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as:

  • Adequacy decisions by the European Commission.

  • Standard Contractual Clauses (SCCs).

  • Binding Corporate Rules (BCRs).

8. Data Retention

We retain your data only for as long as necessary to fulfill the purposes we collected it for, including legal, accounting, or reporting obligations.

9. Your Rights Under GDPR

You have the right to:

  • Access your personal data.

  • Correct inaccurate or incomplete data.

  • Request erasure (“right to be forgotten”).

  • Restrict processing.

  • Data portability.

  • Object to processing.

  • Withdraw consent at any time.

  • Lodge a complaint with a supervisory authority.

To exercise any of your rights, please contact us at: [Insert Contact Email]

10. Cookies

Our website uses cookies to enhance your browsing experience. Please see our [Cookie Policy] for more information.

You can manage or disable cookies through your browser settings.

11. Security Measures

We implement appropriate technical and organisational measures to protect your personal data from unauthorised access, disclosure, alteration, or destruction.

12. Changes to This Policy

We may update this Privacy Policy periodically. When we do, we will revise the "Effective Date" at the top and, where appropriate, notify you by email or prominent notice on the site.

13. Contact Us

If you have any questions about this policy or our data practices, contact:

Email: steve@thorne-co.com