Privacy Policy -

1. Data Controller

The data controller responsible for your personal data is:

[Company Name]
[Address]
Email: [email@example.com]
VAT: [VAT Number]

2. Data We Collect

2.1 Information You Provide

Informazioni Account: Name, email address, phone number, company name, VAT number when you register an account.
Shipping & Billing Addresses: Addresses you provide for order delivery and invoicing.
Order Information: Products purchased, quantities, prices, and order history.
Communications: Messages you send us through contact forms or email.

2.2 Information Collected Automatically

Device Information: Browser type, operating system, device type.
Log Data: IP address, access times, pages viewed, referring URLs. IP addresses are retained for security and fraud prevention purposes.
Analytics Data: With your consent, we collect browsing behavior such as product views, search queries, cart actions, and checkout steps.

2.3 Cookies

We use cookies to provide essential website functionality and, with your consent, to analyze website usage. See Section 4 for details.

3. Legal Basis for Processing

We process your personal data based on the following legal grounds:

Purpose	Legal Basis	Data Categories
Order Processing	Contract Performance (Art. 6(1)(b) GDPR)	Name, email, addresses, order details
Account Management	Contract Performance (Art. 6(1)(b) GDPR)	Account information, login credentials
Security & Fraud Prevention	Legitimate Interest (Art. 6(1)(f) GDPR)	IP address, access logs, user agent
Operational Logging	Legitimate Interest (Art. 6(1)(f) GDPR)	User actions (login, cart, checkout) for system monitoring and debugging
Analytics & Improvement	Consent (Art. 6(1)(a) GDPR)	Browsing behavior, product views, searches
Legal Compliance	Legal Obligation (Art. 6(1)(c) GDPR)	Invoice data, tax records

About Legitimate Interest

For processing based on legitimate interest, we have conducted a balancing test to ensure our interests do not override your fundamental rights. Our legitimate interests include: ensuring website security, preventing fraud, maintaining system stability, and improving our services. You have the right to object to this processing (see Section 7).

4. Cookies and Tracking Technologies

4.1 What Are Cookies

Cookies are small text files stored on your device when you visit our website. They help us provide essential functionality and, with your consent, understand how you use our site.

4.2 Types of Cookies We Use

Categoria	Purpose	Consent Required	Retention
Essential	Required for basic website functionality: `session` - User session management `csrftoken` - Security protection `consent_prefs` - Your cookie preferences `lang` - Language preference `currency` - Currency preference	No (Always Active)	Session / 1 year
Analytics	Help us understand how visitors use our site: `_vid` - Anonymous visitor identifier Page views, product views, search queries Cart and checkout behavior	Sì	90 days
Marketing	Currently not in use. Reserved for future personalized advertising features.	Yes (if enabled)	-

4.3 Managing Your Cookie Preferences

You can manage your cookie preferences at any time by:

Clicking the "Cookie Settings" link in the website footer
Visiting your Account Profile page under "Privacy Settings"
Configuring your browser to block or delete cookies

4.4 Analytics Tracking Details

When you consent to analytics cookies, we collect:

Page Views: URLs visited, time spent, referrer
Product Interactions: Products viewed, added to cart, purchased
Search Queries: Search terms and result counts
Checkout Flow: Steps completed, abandonment points

This data is stored with a hashed (anonymized) IP address and is used solely to improve our website and services.

5. Data Retention

We retain your personal data only for as long as necessary for the purposes described in this policy:

Data Type	Retention Period	Motivazione
Account Data	Until account deletion	Service provision
Order History	10 years	Legal requirement (tax/accounting)
Invoices	10 years	Legal requirement (Italian law)
Access Logs (IP, requests)	30 days	Security, fraud prevention
Application Logs	30 days	System monitoring, debugging
Analytics Events	180 days (configurable)	Website improvement
Visitor Sessions	90 days	Analytics
Admin Audit Logs	365 days	Security, compliance

After the retention period expires, data is automatically deleted through our scheduled cleanup processes.

6. Data Sharing

We do not sell your personal data. We may share your data with:

6.1 Service Providers

Hosting Provider: Server infrastructure (data stored in EU)
Payment Processors: Secure payment processing (PCI-DSS compliant)
Shipping Carriers: Order delivery (name, address, phone)
Email Service: Transactional emails (order confirmations, etc.)

6.2 Legal Requirements

We may disclose your data when required by law, court order, or to protect our legal rights.

6.3 International Transfers

Your data is primarily stored within the European Economic Area (EEA). If any data is transferred outside the EEA, we ensure appropriate safeguards are in place (e.g., Standard Contractual Clauses).

7. Your Rights Under GDPR

As a data subject, you have the following rights:

Right of Access

You can request a copy of all personal data we hold about you.

Right to Rectification

You can request correction of inaccurate or incomplete data.

Right to Erasure

You can request deletion of your data ("right to be forgotten"), subject to legal retention requirements.

Right to Data Portability

You can request your data in a machine-readable format.

Right to Object

You can object to processing based on legitimate interest.

Right to Withdraw Consent

You can withdraw consent at any time (e.g., analytics cookies).

How to Exercise Your Rights

To exercise any of these rights, please:

Email us at: privacy@example.com
Use the Privacy Settings in your Account Profile
Contact us using the form on our Contact page

We will respond to your request within 30 days. You also have the right to lodge a complaint with your local data protection authority.

8. Security Measures

We implement appropriate technical and organizational measures to protect your data:

Encryption: All data transmitted via HTTPS/TLS encryption
Password Security: Passwords are hashed using industry-standard algorithms
Access Control: Role-based access to personal data
IP Hashing: IP addresses in analytics are stored as hashes, not plain text
Secure Infrastructure: Regular security updates and monitoring
Audit Logging: All administrative actions are logged for accountability

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will:

Update the "Last updated" date at the top of this page
Notify registered users via email for material changes
Request new consent if required for new processing activities

10. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Data Protection Contact
Email: privacy@example.com
Address: [Company Address]

For complaints, you may also contact the Italian Data Protection Authority (Garante per la protezione dei dati personali) at www.garanteprivacy.it.

Privacy Policy

Table of Contents