€0,00 (0)
€0,00 (0)

Privacy Policy

Privacy Notice

Last revised: 4 May 2026 — Version 1.0

This notice is provided pursuant to Article 13 of Regulation (EU) 2016/679 (the “GDPR”) and applicable national data protection law, to users who visit algaplay.com (the “Site”) or who interact with the services and commercial channels of the Algaplay brand.

1. Data Controller

The Data Controller is Major Prodotti Dentari S.p.A. (“Major” or the “Controller”), an Italian joint-stock company:

  • Registered office: Via Luigi Einaudi 23, 10024 Moncalieri (TO), Italy
  • Italian Tax ID and VAT: 07002860018
  • REA No.: TO-829391
  • Certified email (PEC): majordental@pec.it
  • Tel: +39 011 6400211

Algaplay is a commercial brand of Major Prodotti Dentari S.p.A. and identifies the product line distributed through the Site and the e-commerce / marketplace channels operated by the Controller.

2. Privacy contact

For any data protection matter — including the exercise of the rights set forth in Articles 15–22 GDPR, reports of suspected violations, and clarifications regarding this notice — please write to:

privacy@algaplay.com

Major Prodotti Dentari S.p.A. carries out the data protection oversight function internally and is available to provide any necessary clarification through the channel above.

3. Categories of data processed

The Controller processes the following categories of personal data:

a) Browsing data. IP addresses, device identifiers, system logs, pages visited, timestamps, referrer, browser user-agent. Such data is collected automatically by the IT systems operating the Site.

b) Data voluntarily provided by the user. Name, surname, email address, and any further information entered in contact forms, information requests, or sign-ups to brand communications.

c) E-commerce and marketplace transaction data. When the user purchases Algaplay products through the algaplay.com online store or third-party marketplace channels (Amazon, TikTok Shop, and any others activated over time), the Controller receives information necessary to manage the order: order identifier, products purchased, amounts, shipping information strictly required for fulfilment, within the limits permitted by each sales channel.

d) Aggregated sales and commercial performance data. For the purpose of internal analysis of commercial performance, the Controller ingests sales, returns, fee, and product-performance data from its marketplace channels. Such data is processed in aggregated form and does not include personally identifiable data of the marketplace end customers. In particular, the Controller does not request or process so-called Restricted Data of the marketplace partners.

e) Cookies and similar technologies. Please refer to the Cookie Policy available at the foot of the Site.

4. Purposes of processing and legal bases

Data is processed for the following purposes:

Purpose Legal basis (Art. 6 GDPR)
Operation of the Site and provision of services requested by the userPerformance of pre-contractual / contractual measures, Art. 6(1)(b)
Handling of contact and support requestsPerformance of pre-contractual / contractual measures, Art. 6(1)(b)
Compliance with accounting, tax and regulatory obligationsLegal obligation, Art. 6(1)(c)
Internal aggregated analysis of commercial performance and sales channelsLegitimate interest, Art. 6(1)(f). Balanced by absence of processing of personally identifiable data of marketplace end customers
Site security, fraud prevention, system integrityLegitimate interest, Art. 6(1)(f)
Algaplay brand marketing communications (newsletters, product news)Express and revocable consent, Art. 6(1)(a)

The Controller does not carry out automated profiling producing legal effects significantly affecting the data subject and does not share data with third parties for their own marketing purposes.

5. Recipients of the data

Data may be disclosed to the following categories of recipients, strictly within the limits of the purposes set out above:

  • Technical service providers (hosting, content delivery, application security, transactional email) appointed as Processors under Article 28 GDPR. In particular: Shopify Inc. (e-commerce platform), Cloudflare Inc. (CDN, security, DNS), and cloud infrastructure providers for the internal analytical pipeline (IaaS providers located in the European Union).
  • Marketplace partners from which the Controller receives order-related data necessary for its commercial operations (Amazon Services Europe S.à r.l. and its affiliates, ByteDance / TikTok Shop affiliates, and any further channels activated over time). Such parties act as independent controllers vis-à-vis their own end customers; the Controller receives only the data necessary to manage the seller relationship.
  • Professional advisors and providers of administrative, accounting and legal services bound by confidentiality obligations.
  • Competent authorities where required by applicable law.

An updated list of the main technical sub-processors is available upon request to privacy@algaplay.com.

6. International data transfers

For reasons connected to the use of cloud services and to the integration with international marketplaces, certain data may be transferred outside the European Economic Area, in particular to:

  • The United States of America, principally in connection with the Amazon Selling Partner APIs (North America region) and the cloud services of the technical providers indicated above.
  • The United Kingdom, subject to a European Commission adequacy decision under Article 45 GDPR.
  • Other third countries where marketplace partners host their systems (e.g. Middle East / KSA / UAE region for future expansions).

In the absence of an adequacy decision, transfers take place on the basis of the Standard Contractual Clauses approved by the European Commission (Decision 2021/914, “SCCs”), supplemented, where necessary, by additional technical and organisational measures assessed on a case-by-case basis through a Transfer Impact Assessment, in line with the judgment of the Court of Justice of the European Union C-311/18 (Schrems II) and EDPB Recommendations 01/2020. Where applicable, the principal U.S. recipients adhere to the EU-U.S. Data Privacy Framework.

A copy of the safeguards adopted is available upon request.

7. Retention periods

Data is retained only for as long as is strictly necessary to pursue the purposes for which it was collected, and in any event:

  • Browsing data and technical logs: maximum 12 months unless required for the investigation of unlawful conduct.
  • Contact data and information requests: 24 months from the last interaction.
  • Order, invoicing and accounting data: 10 years pursuant to Article 2220 of the Italian Civil Code and applicable tax law.
  • Marketing data based on consent: until consent is withdrawn or, failing that, periodically reviewed every 24 months.
  • Aggregated commercial analytics data: for the operational duration of the analytical pipeline, in non-identifying form.

8. Rights of the data subject

The data subject may at any time exercise the rights set forth in Articles 15–22 GDPR:

  • right of access;
  • right of rectification;
  • right to erasure (“right to be forgotten”);
  • right to restriction of processing;
  • right to data portability;
  • right to object to processing based on legitimate interest;
  • right to withdraw consent, where processing is based on consent, without prejudice to the lawfulness of processing carried out prior to withdrawal.

Requests should be addressed to privacy@algaplay.com. The Controller will respond within one month of receipt, subject to extensions duly justified under Article 12(3) GDPR.

The data subject also has the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali, Piazza Venezia 11, 00187 Rome, www.gpdp.it) or with the supervisory authority of the EU Member State of his/her residence, place of work, or of the alleged infringement.

9. Cookies and tracking technologies

The Site uses cookies and similar technologies as described in the Cookie Policy accessible from the Site footer. User consent is collected through a mechanism compliant with the Italian Data Protection Authority’s Guidelines on Cookies and Other Tracking Tools dated 10 June 2021 and with the ePrivacy Directive 2002/58/EC.

10. Compliance with marketplace partner terms

The processing described herein is structured in compliance with the requirements of the partnership programmes of the marketplaces used by the Controller, including:

  • Amazon Services API Developer Agreement, Amazon Marketplace Web Service Acceptable Use Policy, and Amazon Selling Partner API Data Protection Policy;
  • TikTok Shop Partner Terms of Service and the related data-handling policies.

The Controller implements technical and organisational measures appropriate to the risk (Article 32 GDPR), including encryption in transit and at rest, least-privilege access control, security event logging, and incident management procedures.

11. Changes to this notice

This notice may be updated at any time. Previous versions are retained by the Controller. The date of last revision is indicated at the top of the document. Material changes will be communicated with reasonable advance notice through the Site and, where appropriate, through any further channels available.