Carrito
No hay más artículos en su carrito
Privacy Policy
Last updated:
1. Who we are (Data Controller)
Controller: HOBBYKIT SRLS
VAT: 02966380640
Registered office: Via Michelangelo Buonarroti, 45 – 83035 Grottaminarda (AV) – Italy
Website: www.ideeinfeltro.com
Privacy email: privacy@ideeinfeltro.com
2. Personal data we process
2.1 Account and purchase data
- Identity and contact details (name, surname, email, phone).
- Shipping and billing addresses.
- Order, payment and customer support information.
2.2 Facebook / Google Social Login
If you choose “Continue with Facebook” or “Sign in with Google”, we receive the following platform data from those providers:
- App-scoped user ID (Facebook/Google internal ID limited to this app)
- First and last name (basic public profile)
- Email address (if available and authorized)
We do not request additional permissions and do not access your social content. We only use this data to authenticate you, create or recognize your customer account and pre-fill profile fields.
2.3 Technical data and cookies
- Server logs (IP address, user-agent, visited pages, timestamps) for security and operations.
- Cookies and similar technologies. See our Cookie Policy for full details.
3. Purposes and legal bases
| Purpose | Data used | Legal basis (GDPR) | Retention |
|---|---|---|---|
| Registration and login (email/password or Social Login) | Name, email, app-scoped ID | Contract / pre-contractual steps (Art. 6(1)(b)) | While the account remains active or until deletion request |
| Order, payment, shipping, returns | Account data, addresses, order data | Contract (Art. 6(1)(b)) & legal obligations (Art. 6(1)(c)) | Up to 10 years for civil/tax obligations |
| Customer support | Contact details, message contents | Contract / legitimate interest in support (Art. 6(1)(b)/(f)) | Up to 24 months |
| Security and anti-abuse | Technical logs, IP | Legitimate interest (Art. 6(1)(f)) | Up to 12 months |
| Analytics and marketing (subject to consent) | Non-essential cookies / online IDs | Consent (Art. 6(1)(a)) via the cookie banner | Per cookie lifetime or until consent is withdrawn |
4. Whether data is mandatory
Data needed to register, log in and purchase is required; without it we cannot provide the service. Analytics/marketing cookies are optional and require your consent.
5. Recipients and processors
We share data only with service providers acting as our processors under Art. 28 GDPR:
- Hosting / Server: Netsons (infrastructure within the EU) – hosting and maintenance.
- Email/SMTP: (e.g., Google Workspace / Microsoft 365) – communication services.
- Payments: (e.g., Stripe / PayPal / other used on the site) – receive the data required to process payments.
- IT support / Backups: appointed providers for technical maintenance and secure backups.
We do not sell your data. Social data (Facebook/Google) is not shared with third parties for purposes other than authentication.
6. International transfers
We prefer providers hosting data in the EEA. If any service processes data outside the EEA, transfers are made with appropriate safeguards (e.g., EU Standard Contractual Clauses) or other lawful mechanisms (Arts. 44–49 GDPR).
7. Retention and deletion
- Account & Social Login data: until your deletion request or account closure.
- Orders & invoices: as required by law (up to 10 years).
- Technical logs: up to 12 months.
- Cookies: per lifetime shown in the Cookie Policy.
You can delete or disconnect data as follows:
- Use our dedicated page: https://www.ideeinfeltro.com/en/delete-data (or the Italian page /it/cancella-dati)
- Email us at privacy@ideeinfeltro.com
- Revoke access directly from your Facebook/Google account (Settings > Apps and Websites).
8. Your rights
You may exercise, where applicable, the rights under Arts. 15–22 GDPR: access, rectification, erasure, restriction, portability, objection, and withdrawal of consent. Contact: privacy@ideeinfeltro.com. You can also lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it).
9. Security
We use HTTPS, role-based access control, strong authentication for back-office, regular backups and appropriate technical/organizational measures to protect personal data.
10. Children
Our services target users aged 13+. We do not knowingly collect data from children. If you believe a child has provided data to us, please contact us for removal.
11. Third-party policies and social plugins
When you use Social Login, Facebook and Google act as independent controllers under their policies:
- Meta (Facebook/Instagram): facebook.com/privacy/policy
- Google: policies.google.com/privacy
12. Cookies
For detailed information on cookies, purposes and management of preferences, visit our Cookie Policy. You can change your choices at any time via the on-site Cookie Preferences Center.
13. Changes to this notice
We may update this notice to reflect legal or technical changes. Updates will be posted on this page with the effective date above.
