This policy describes how we process personal data when you browse the site, purchase products, or contact us. This processing is carried out in compliance with Regulation (EU) 2016/679 (GDPR) and applicable Italian law.

1. Object of processing

We process identification and contact data (e.g., name, email), purchase and billing data, technical logs, and data necessary to manage the website and e-commerce.

2. Purpose and legal basis

• Contract execution and order management/assistance.
• Legal and tax compliance.
• Site security and abuse/fraud prevention.
• Responding to requests sent via form or email.

3. Processing methods and security

We adopt appropriate technical and organizational measures (access control, backups, logging, updates) to protect data. Access is limited to authorized personnel and necessary suppliers.

4. Communication, responsible parties and transfers

Data may be processed by providers acting as data processors (Art. 28 GDPR), such as hosting providers (OVHcloud, which provides a DPA) and payment processors such as Stripe. Transfers occur, where possible, within the EU/EEA or in accordance with appropriate safeguards provided by the GDPR.

5. Conservation

We retain data for the time necessary for the purposes indicated and for legal obligations (e.g., accounting/tax).

6. Rights of the interested party

You can exercise the rights provided by the GDPR (access, rectification, erasure, restriction, portability, objection) and revoke any consent, within the applicable limits.

7. Data controller and contacts

Data Controller: EquiPart with registered office: Contrada Ombrece SNC, San Donato di Ninea (CS) and VAT: IT03927050785.