Privacy Policy

Last updated: 20 January 2022

This document describes how We process Your data under applicable privacy legislation, including but not limited to the General Data Protection Regulation (EU) 2016/679 (“GDPR”). Please read this document carefully before using the Service.

Interpretation and Definitions


The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or plural.


Under this Privacy Policy:

Account refers to an individual account created for You to access the Service or parts of the Service.

Company (also referred to as either “the Company”, “We”, “Us” or “Our”) refers to Alessandro Rossini Photography. Under the GDPR, the Company is the Data Controller.

Cookies refer to small files placed on Your Device by a website. They contain Your browsing history on that website, among its many uses.

Country refers to Norway.

Data Controller, under the GDPR, refers to the Company as the legal person who alone, or jointly with others, determines the purposes and means of the processing of Personal Data.

Device refers to any device that can access the Service, such as a computer, phone, or tablet.

Personal Data refers to any information that relates to an identified or identifiable individual.

Service refers to the e-commerce application at the Website.

Service Provider refers to any natural or legal person who processes the data on behalf of the Company. It may be a third-party company or individual employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service, or to assist the Company in analyzing how the Service is used. Under the GDPR, Service Providers are Data Processors.

Third-Party Social Network refers to any website or social network through which a user can create an account or authenticate to use the Service.

Usage Data refers to automatically-collected data that is not Personal Data, either generated by using the Service or by the Service infrastructure itself (e.g., the duration of a page visit).

Website refers to Alessandro Rossini Photography, accessible from

You refers to the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable. Under the GDPR, You can be referred to as the Data Subject or the User.


The Company is the Data Controller for the Personal Data processed by the Company in connection with the Service offered.

Types of Data Collected

Personal Data

While using the Service, We may ask You to provide Us with certain Personal Data, such as:

  • First name and last name
  • E-mail address
  • Phone number
  • Address, ZIP/Postal code, City, State, Country

Usage Data

While using the Service, We may automatically collect Usage Data.

Usage Data may include information such as Your Device’s Internet Protocol (IP) address, unique device identifier, device type, device version, operating system type, operating system version, browser type, browser version, the time and date of Your visit, the pages You visit, the time spent on these pages, and other diagnostic data.

Tracking Technologies and Cookies

We use Cookies and similar tracking technologies to track the activity on the Service and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to analyze and improve the Service.

You can instruct Your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if You do not accept Cookies, You may not be able to use the Service.

Cookies can be “Persistent” or “Session” Cookies. Persistent Cookies remain on Your Device when You go offline, while Session Cookies are deleted from Your Device as soon as You close Your browser. For more information about cookies, please read All About Cookies at

We use both Persistent and Session Cookies for the following purposes:

Necessary / Essential Cookies

Type: Session Cookies

Administered by: Service Providers

Purpose: These Cookies are essential to provide You with the Service and enable You to use some of its functionalities. They help to authenticate users and prevent fraudulent use of user accounts. Without these Cookies, We cannot provide You with the Service.

Functionality Cookies

Type: Persistent Cookies

Administered by: Service Providers

Purpose: These Cookies allow Us to remember the choices You make when You use the Service, such Your language preference. They provide You with more personal experience and avoid that You re-make Your choices every time You use the Service.

Tracking and Performance Cookies

Type: Persistent Cookies

Administered by: Service Providers

Purpose: These Cookies are used to track information about traffic to the Service and how users use the Service. The information gathered via these Cookies may directly or indirectly identify You as an individual visitor because it is typically linked to a pseudonymous identifier associated with Your Device. We may also use these Cookies to test new pages or functionalities of the Service to see how Our users react to them.

Purposes for Processing Your Personal Data

We may process Your Personal Data for the following purposes:

  • To provide and maintain the Service, including monitoring and analyzing the use of the Service.
  • To manage Your Account, including giving You access to functionalities of the Service available to You as a registered user.
  • To contact You by e-mail, text message, telephone call, or other equivalent forms of electronic communication regarding updates or informative communications related to functionalities, products, or services, when necessary or reasonable for their implementation.
  • To provide You with news, special offers, and general information about functionalities, products, or services similar to those You have already purchased or enquired about, unless You have opted not to receive such information.
  • To manage Your requests to Us.

Legal Basis for Processing Your Personal Data

We process Your Personal Data on the following legal basis:

  • For the performance of a contract: The development, compliance, and undertaking of the purchase contract for the products or services You have purchased, or of any other contract with Us through the Service.

Disclosure of Your Personal Data

We may share Your Personal Data in the following situations:

  • With Service Providers: We may share Your Personal Data with Service Providers to buy and sell products, process payments, print products, contact You, and monitor and analyze the use of the Service.
  • With business partners: We may share Your information with Our business partners to offer You certain products, services, or promotions.
  • With other users: When You share Your Personal Data or otherwise interact in the public areas with other users, such information may be viewed by all users and may be publicly distributed outside. If You register through a Third-Party Social Network, Your contacts on the Third-Party Social Network and other users may see Your name, profile, pictures, and activity.
  • With public authorities: Under certain circumstances, We may be required to disclose Your Personal Data by law or in response to requests by public authorities (e.g., law enforcement agencies).

Transfer of Your Personal Data

Your information, including Personal Data, is processed at the Company’s operating offices in Oslo, Norway, and other places where Service Providers are located. Your information may be transferred to- and stored on computers located outside of Your state, country, or other governmental jurisdiction where the data protection laws may differ from those from Your jurisdiction.

Service Providers have access to Your Personal Data only to perform their tasks on Our behalf and are obligated not to disclose or use it for any other purpose.


We may use third-party Service Providers for e-commerce.


Shopify provides services to buy or sell products online. For more information about the privacy practices of Stripe, please read the Stripe Privacy Policy at

Payment Processing

We may use third-party Service Providers for payment processing.


Stripe provides services to process payments online. We will not collect or store Your payment information. Stripe processes Your payment information according to their Privacy Policy. Stripe complies with the Payment Card Industry Data Security Standard (“PCI-DSS”) managed by the PCI Security Standards Council, which is a joint effort of companies such as Visa, Mastercard, American Express, and Discover. Moreover, Stripe complies with the Revised Directive on Payment Services (EU) 2015/2366 (“PSD2”) for authenticating online payments. PCI-DSS and PSD2 help ensure the secure processing of payment information. For more information about the privacy practices of Stripe, please read the Stripe Privacy Policy at


We may use third-party Service Providers for print-on-demand.


Gelato provides print-on-demand services. For more information about the privacy practices of Gelato, please read the Gelato Privacy Policy at

Retention of Your Personal Data

We will retain Your Personal Data only for as long as You use the Service, except when We are legally obligated to retain this data for longer periods.

We will also retain Usage Data for internal monitoring and analysis purposes. Usage Data is generally retained for a shorter period, except when this data is used to strengthen the security or to improve the functionality of the Service, or We are legally obligated to retain this data for longer periods.

Security of Your Personal Data

We adopt all adequate measures to ensure that Your Personal Data is treated securely and according to this Privacy Policy. We do not transfer Your Personal Data to an organization or a country unless there are adequate controls in place for the security of Your Personal Data. However, please remember that no method of electronic storage or transmission over the Internet is 100% secure.

Your Rights Under the GDPR

Under this Privacy Policy, and by law if You are within the European Economic Area (EEA), you have the right to:

  • Access. You have the right to request the Company for copies of Your Personal Data. We may charge You a small fee for this service.
  • Rectification. You have the right to request that the Company corrects any information You believe is inaccurate. You also have the right to request the Company to complete the information You believe is incomplete.
  • Erasure. You have the right to request that the Company erase Your Personal Data, under certain conditions.
  • Restrict processing. You have the right to request that the Company restrict the processing of Your Personal Data, under certain conditions.
  • Object to processing. You have the right to object to the Company’s processing of Your Personal Data, under certain conditions.
  • Data portability. You have the right to request that the Company transfer the data that we have collected to another organization, or directly to You, under certain conditions.

You may exercise Your rights by contacting Us. We may ask You to verify Your identity before responding to such requests. If You make a request, We will try Our best to respond to You as soon as possible.

You have the right to complain to the competent data protection authority about Our collection and use of Your Personal Data.

Changes to This Privacy Policy

We reserve the right to change this Privacy Policy at any time. We will post the new Privacy Policy on this page and update the “Last updated” date at the top of this page.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us

If You have any questions about this Privacy Policy, You can contact Us at