The Data Controller of personal data collected through this site is:

[Company name]Registered office: [full address]VAT / Tax Code: [number]E-mail: [email]PEC: [optional PEC]Phone: [number]

Types of data collected

Through this site, we may collect the following categories of personal data:

  • identification and contact data, such as name, surname, address, email, and phone number;
  • billing and shipping data;
  • data related to orders and purchases made;
  • payment data, managed through third-party payment providers;
  • browsing data, IP addresses, technical logs, and data collected through cookies or similar tools;
  • any data voluntarily provided through contact forms or support requests.

Purpose of processing

Personal data is processed for the following purposes:

  • to allow navigation and proper functioning of the site;
  • to manage registration, orders, payments, shipments, deliveries, and customer support;
  • to fulfill contractual, administrative, fiscal, and accounting obligations;
  • to respond to requests for information or support;
  • to prevent fraud, abuse, and unlawful use of the site;
  • to send commercial communications or newsletters, only when permitted by law and, where necessary, with prior consent;
  • to analyze traffic and improve services, performance, and usability of the site.

The GDPR requires that purposes be communicated transparently to the data subject.

Legal basis for processing

The processing of personal data is based, depending on the case, on one or more of the following legal bases:

  • execution of a contract or pre-contractual measures requested by the data subject;
  • compliance with legal obligations to which the Data Controller is subject;
  • legitimate interest of the Data Controller, within the limits provided by applicable law;
  • consent of the data subject, when required, for example for marketing activities or for certain non-technical cookies.

Processing methods

Data is processed using IT and telematic tools, as well as, where necessary, in paper form, adopting adequate security measures to protect them from unauthorized access, loss, disclosure, modification, or unlawful use. The GDPR imposes an adequate security approach and data protection by design.

Data provision

The provision of data for contractual, fiscal, and operational purposes is necessary to manage orders, payments, shipments, and support. Failure to provide them may make it impossible to conclude or properly execute the purchase.

The provision of data for promotional or marketing purposes, when provided, is optional.

Data recipients

Data may be communicated, within the limits relevant to the purposes indicated above, to:

  • couriers and logistics operators;
  • payment service providers;
  • hosting providers, technical maintenance, and IT services;
  • administrative, fiscal, accounting, and legal consultants;
  • subjects authorized to process or appointed as data processors, where necessary;
  • public authorities or competent bodies, in cases provided by law.

Transfer of data outside the European Economic Area

If some suppliers used by the site process data outside the European Economic Area, the transfer will take place in compliance with the guarantees provided by the GDPR. The GDPR specifically regulates international transfers of personal data.

Retention period

Personal data is retained for the time strictly necessary to achieve the purposes for which they were collected and, in any case, within the limits provided by law, particularly for administrative, fiscal, accounting obligations, and for the protection of the Data Controller's rights.

In general:

  • data related to orders and billing: for the period required by applicable tax and civil law;
  • data collected for contact requests: for the time necessary to manage the request;
  • data processed for marketing purposes: until consent is withdrawn or opposed, unless otherwise justified;
  • cookies and tracking tools: as indicated in the Cookie Policy.

Data subject's rights

The data subject can exercise the rights provided by Articles 15-22 of the GDPR, including:

  • to obtain confirmation of the existence or not of personal data concerning them;
  • to access the data and receive information on the processing;
  • to request rectification, deletion, or limitation of processing;
  • to oppose processing in the cases provided;
  • to receive data in a portable format, when applicable;
  • to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
  • to lodge a complaint with the Data Protection Authority.

To exercise their rights, the data subject can contact the Data Controller at the contact details indicated in this information.

Changes to this information

The Data Controller reserves the right to update or modify this Privacy Policy at any time. Changes will be published on this page with an indication of the update date.