Privacy Notice (EU 2016/679 – GDPR)
Last updated: [●]
You can withdraw from this contract within 14 days, without giving any reason. It takes two short steps and we will email you a confirmation straight away.
How it works & what happens next
- You have 14 days to withdraw — counted from when you (or someone you nominated) received the goods, or from the day the contract was concluded for a service.
- You do not need to explain why. There are no hidden steps and no obligation to call us.
- Fill in your name and email, then confirm. Right after confirming, we email you an acknowledgement of receipt — keep it as your proof.
- We refund all payments you made for the order, including the standard delivery cost, within 14 days, using the same payment method you used.
- If your order is physical goods, please send them back within 14 days of telling us. We may wait until we receive them (or your proof of return) before refunding; return shipping may be at your expense unless we stated otherwise.
- Some items cannot be withdrawn by law (for example, sealed items unsealed after delivery, event tickets for a specific date, or digital content you agreed to start immediately). If that applies, we will let you know.
If anything is unclear, contact us before confirming — we are happy to help.
Enter your order number and the email you used at checkout to start a withdrawal. You can also use the link in your order confirmation email, or log in to your account.
This notice describes how personal data of users who visit and/or purchase on the website [● Domain] (hereinafter, the “Site”) is processed, pursuant to Regulation (EU) 2016/679 (“GDPR”) and applicable national legislation.
1. Data Controller
The data controller is: [● Company Name], with registered office at [● Address], VAT/Tax Code [●], e-mail: [●] (hereinafter, the “Controller”).
2. Types of data processed
- Browsing data: IP addresses, device identifiers, technical logs, data relating to visited pages and interactions, collected through IT systems and cookies/similar technologies.
- Data provided by the user: first name, last name, e-mail, shipping/billing address, contacts, data relating to orders and support requests.
- Payment data: the Controller does not store full card details. Payments are handled by third-party providers (e.g. PSPs) according to their own policies.
3. Purposes and legal bases
The Controller processes data for the following purposes:
- Performance of the contract (art. 6(1)(b) GDPR): order management, payments, shipping, returns, customer support, account management.
- Legal obligations (art. 6(1)(c) GDPR): accounting and tax compliance, invoicing management, obligations toward authorities.
- Legitimate interest (art. 6(1)(f) GDPR): Site security, fraud prevention, protection of the Controller’s rights, dispute management, service improvement and aggregated analysis.
- Consent (art. 6(1)(a) GDPR): marketing (newsletter/promotions) and non-technical cookies, where required.
4. Processing methods and security measures
Data is processed using IT tools and, where necessary, paper records. The Controller adopts appropriate technical and organizational measures to ensure confidentiality, integrity and availability of data, including access controls, tracking and protections against unauthorized access.
5. Recipients and processors
Data may be disclosed to third parties, acting as data processors or independent controllers, strictly necessary to provide services, including:
- hosting, maintenance and IT service providers;
- payment and anti-fraud providers;
- couriers and logistics operators;
- consultants (legal, accounting) and competent authorities, in cases provided by law.
The updated list of processors may be requested from the Controller at the contacts indicated.
6. Transfers outside the EEA
If some providers process data outside the European Economic Area, the Controller ensures the adoption of appropriate safeguards (e.g. adequacy decisions, Standard Contractual Clauses, supplementary measures), in compliance with arts. 44 et seq. GDPR.
7. Retention
Data is retained for the time necessary for the purposes indicated and, in any case:
- purchase and invoicing data: for the periods required by accounting/tax legislation;
- account data: until deletion request, subject to obligations or legitimate interests;
- support data: for the time necessary to manage the case and protect the Controller;
- marketing data: until withdrawal of consent or objection.
8. Data subject rights
The user may exercise the rights under arts. 15-22 GDPR (access, rectification, erasure, restriction, portability, objection, not being subject to automated decisions) by contacting the Controller. It is also possible to lodge a complaint with the Data Protection Authority.
9. Cookies and similar technologies
For detailed information on cookies used and how to manage preferences, please refer to the Cookie Policy.
10. Updates
The Controller may update this notice. The version published on the Site is the current one.