Privacy Policy

This Privacy Policy describes how the operator of this website, operating under the brand CCD GROUP COMMERCIALE SOCIETA’ A RESPONSABILITA’ LIMITATA SEMPLIFICATA (“we”, “us”, or “our”), collects, uses, discloses, stores, and protects personal information when you visit, use our services, create an account, contact us, or make a purchase through our website (the “Site”) and related services (collectively, the “Services”).

This website is a self-hosted online store built on WordPress and powered by WooCommerce.

Our Services are intended for customers and visitors worldwide. You may browse and use the Site from different countries and regions. Shipping availability for specific destinations will be confirmed in accordance with our Shipping Policy and checkout availability.

(1) Who We Are

For purposes of applicable privacy laws, CCD GROUP COMMERCIALE SOCIETA’ A RESPONSABILITA’ LIMITATA SEMPLIFICATA is generally the “data controller”, “business”, or equivalent responsible party for the personal information described in this Privacy Policy. Because our legal entity name may differ from our brand name, we may operate and communicate with customers under the brand CCD GROUP COMMERCIALE SOCIETA’ A RESPONSABILITA’ LIMITATA SEMPLIFICATA.

(2) Contact Details

If you have questions, requests, or complaints regarding this Privacy Policy or the handling of your personal information, please contact us:

  • Email: [email protected]
  • Phone: +39 376 115 1213
  • Address: Contrada Tostini SNC, Erchie (BR), 72020, Italy

(3) Personal Information We Collect

Depending on how you use the Services, we may collect the following categories of personal information:

  • Identifiers and contact details: name, email address, phone number, billing address, shipping address, and account username.
  • Order information: purchased products, order number, order status, delivery details, returns, refunds, and customer service records.
  • Account information: login credentials, account preferences, saved addresses, and order history if you create an account.
  • Payment-related information: payment status, transaction confirmation, payment method type, payment provider reference, and fraud-screening results provided by third-party payment processors.
  • Customer support information: messages you send to us, attachments, photos, order-related documents, and related communication records.
  • Device and usage information: IP address, browser type, device type, operating system, pages viewed, referring pages, access times, cookie identifiers, and interactions with the Site.
  • Marketing preferences: email subscription status, communication preferences, and opt-out choices.

(4) Payment Processing and Payment Data

Payments are processed by third-party payment service providers, including Stripe and PayPal, or other payment methods displayed at checkout. When you make a payment, your payment details are entered directly into the secure payment environment provided by the applicable payment service provider.

We do not store, collect, process, or have access to your full payment card number, CVV/security code, full PayPal login credentials, full digital wallet credentials, or complete payment authentication details on our servers at any time.

We may receive limited payment-related information from payment service providers, such as payment status, payment confirmation, transaction/reference ID, payment method type, partial card identifier where available, billing verification results, chargeback status, and fraud-prevention signals. We use this limited information only for order processing, accounting, customer support, fraud prevention, dispute handling, and legal compliance.

(5) Payment Security

Payment security is handled by professional third-party payment service providers such as Stripe and PayPal. These providers use security technologies and controls that may include encryption, tokenization, secure payment forms, fraud monitoring, risk scoring, identity verification, and authentication tools such as 3D Secure where available or required.

Because payment credentials are handled directly by the payment provider, sensitive payment details are not stored in our WordPress/WooCommerce database or on our servers. We only retain limited transaction records necessary to confirm payment, complete orders, provide customer support, process refunds, manage disputes, and meet tax or accounting obligations.

(6) Sources of Personal Information

We collect personal information from the following sources:

  • Directly from you: when you place an order, create an account, contact us, submit a form, subscribe to emails, or request support.
  • Automatically from your device: through cookies, server logs, analytics tools, and similar technologies when you browse or interact with the Site.
  • From service providers: including payment processors, shipping carriers, logistics providers, fraud-prevention tools, email service providers, hosting providers, analytics providers, and customer support tools.

(7) How We Use Personal Information

We use personal information for the following purposes:

  • To provide, operate, maintain, and improve the Services.
  • To process orders, payments, shipping, delivery, returns, refunds, and customer support requests.
  • To communicate with you about orders, account activity, delivery updates, service notices, and policy changes.
  • To verify transactions, prevent fraud, detect abuse, protect account security, and reduce payment risk.
  • To personalize and improve the Site, shopping experience, product offerings, and customer service.
  • To send marketing communications where permitted by law and based on your preferences.
  • To comply with legal, tax, accounting, regulatory, dispute-resolution, and enforcement obligations.

(8) Legal Bases for Processing Personal Information

Where the General Data Protection Regulation, UK GDPR, Swiss data protection laws, or similar privacy laws apply, we rely on the following legal bases to process personal information:

  • Contract performance: to process and fulfill orders, provide customer support, manage accounts, and deliver requested Services.
  • Legal obligations: to comply with tax, accounting, consumer protection, fraud prevention, and lawful request obligations.
  • Legitimate interests: to operate and secure the Site, prevent fraud, improve Services, respond to inquiries, maintain records, and protect our rights, provided those interests are not overridden by your rights and freedoms.
  • Consent: where required for marketing emails, non-essential cookies, or certain optional data uses. You may withdraw consent at any time where processing is based on consent.

(9) Cookies and Similar Technologies

We use cookies, pixels, tags, logs, and similar technologies to operate the Site, remember preferences, enable shopping cart and checkout functions, understand Site performance, improve user experience, and support security and fraud prevention.

Cookies may include essential cookies, functionality cookies, analytics cookies, and marketing cookies where applicable. You can manage or disable cookies through your browser settings. Disabling certain cookies may affect core Site functions, including cart, checkout, account login, and order processing.

(10) How We Share Personal Information

We may share personal information with the following categories of recipients:

  • Payment processors: including Stripe and PayPal, to process payments, verify transactions, prevent fraud, process refunds, and manage disputes.
  • Shipping and logistics providers: to deliver orders, provide tracking, manage delivery issues, and process returns.
  • Technology and hosting providers: to host, maintain, secure, and operate the Site and related systems.
  • Email and communication providers: to send order confirmations, delivery updates, support replies, and marketing messages where permitted.
  • Analytics and performance providers: to understand Site usage, improve functionality, and troubleshoot technical issues.
  • Customer support and business service providers: to help us respond to inquiries, manage orders, and provide Services.
  • Legal, regulatory, and safety-related parties: where required by law, court order, lawful request, dispute process, or to protect rights, property, safety, customers, and business operations.
  • Business transfer parties: in connection with a merger, acquisition, financing, reorganization, sale of assets, or similar transaction, subject to appropriate safeguards.

We do not sell your personal information in the traditional sense. If “sale”, “sharing”, or “targeted advertising” is defined differently under applicable privacy laws, we will honor applicable opt-out rights where required.

(11) International Data Transfers

Because our Services may be accessed worldwide and our service providers may operate in different countries, personal information may be transferred to, stored in, or processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your region.

Where required by applicable law, we use appropriate safeguards for international transfers, such as contractual protections, data processing agreements, standard contractual clauses, technical security measures, and other lawful transfer mechanisms.

(12) Data Security Measures

We use administrative, technical, and organizational safeguards designed to protect personal information against unauthorized access, disclosure, alteration, loss, misuse, or destruction. These measures may include:

  • HTTPS/TLS encryption: to help protect data transmitted between your browser and the Site.
  • Secure payment handling: payment credentials are processed by third-party payment providers and are not stored on our servers.
  • Tokenized payment references: where available, payment providers use tokens or reference IDs instead of exposing full payment credentials to us.
  • Access controls: internal access to personal information is limited to authorized personnel or service providers who need it for business purposes.
  • Least-privilege permissions: system and account access is restricted based on role and necessity.
  • Strong authentication practices: including unique passwords and multi-factor authentication where available for administrative accounts.
  • WordPress/WooCommerce maintenance: regular software updates, plugin updates, theme updates, and security patching where applicable.
  • Malware and vulnerability monitoring: security tools may be used to detect suspicious activity, malware, unauthorized access attempts, and technical vulnerabilities.
  • Firewall and anti-abuse controls: technical controls may be used to reduce spam, bots, brute-force attacks, and malicious traffic.
  • Logging and monitoring: server and security logs may be maintained to detect, investigate, and respond to incidents.
  • Data minimization: we collect and retain only information that is reasonably necessary for the purposes described in this Policy.
  • Backups and recovery procedures: backup systems may be used to help maintain service continuity, integrity, and recovery after technical incidents.
  • Service provider safeguards: we work with third-party providers that are expected to apply appropriate confidentiality, security, and data protection measures.

No method of transmission, processing, or storage is completely secure. You are responsible for keeping your account login credentials confidential and for notifying us if you believe your account or information has been accessed without authorization.

(13) Data Retention

We retain personal information only for as long as reasonably necessary for the purposes described in this Privacy Policy, including order fulfillment, customer support, returns, refunds, fraud prevention, dispute resolution, accounting, tax records, legal compliance, and business operations.

Retention periods may vary depending on the type of information, the reason it was collected, legal requirements, and whether the information is needed to resolve a dispute or enforce our rights. When personal information is no longer needed, we will delete, anonymize, or securely retain it as required by applicable law and legitimate business needs.

(14) Your Privacy Rights

Depending on your location and applicable law, you may have certain rights regarding your personal information, including the right to:

  • Request access to the personal information we hold about you.
  • Request correction of inaccurate or incomplete personal information.
  • Request deletion of personal information, subject to legal and business retention requirements.
  • Request restriction of processing in certain circumstances.
  • Object to certain processing, including processing based on legitimate interests or direct marketing.
  • Request a copy of your personal information in a portable format where applicable.
  • Withdraw consent where processing is based on consent.
  • Opt out of marketing communications at any time.
  • Opt out of certain “sale”, “sharing”, or targeted advertising activities where such rights apply.
  • Lodge a complaint with a data protection authority or privacy regulator where applicable.

To exercise your rights, please contact us at [email protected]. We may need to verify your identity before processing your request. We will respond within the time required by applicable law.

(15) GDPR Privacy Rights

If you are located in a region where the GDPR, UK GDPR, or similar data protection laws apply, you may have additional rights, including the right to access, rectification, erasure, restriction, objection, data portability, and withdrawal of consent.

You also have the right to object to direct marketing at any time. Where we rely on legitimate interests, you may object to processing based on your specific situation. Where we rely on consent, withdrawing consent will not affect the lawfulness of processing carried out before the withdrawal.

If you believe our processing of your personal information violates applicable data protection law, you may contact us first at [email protected], and you may also have the right to lodge a complaint with your local data protection authority.

(16) Marketing Communications

If you subscribe to marketing messages, you can opt out at any time by using the unsubscribe link in our emails or by contacting us at [email protected]. Service-related messages, including order confirmations, payment confirmations, shipping updates, account notices, and customer support replies, are not marketing communications and may still be sent as needed.

(17) Children’s Privacy

The Services are not intended for children, and we do not knowingly collect personal information from children. If you believe a child has provided personal information to us, please contact us at [email protected] so we can take appropriate steps.

(18) Third-Party Links

The Site may contain links to third-party websites, payment services, shipping tracking pages, social platforms, or other external services. We are not responsible for the privacy practices, security, content, or policies of third parties. Please review the privacy policies of third-party services before providing information to them.

(19) Automated Decision-Making and Fraud Prevention

Payment processors, fraud-prevention tools, or security service providers may use automated systems to help detect fraud, prevent abuse, verify transactions, and protect the Services. These systems may evaluate information such as transaction details, device data, IP address, payment status, and fraud signals. Where required by applicable law, you may have rights related to automated decision-making.

(20) Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, Services, legal requirements, or business operations. The updated Privacy Policy will be posted on the Site. The date or availability of the updated version on the Site will indicate the current effective version.

(21) Contact Us

If you have any questions about this Privacy Policy, our data practices, payment data handling, security measures, or your privacy rights, please contact us:

  • Email: [email protected]
  • Phone: +39 376 115 1213
  • Address: Contrada Tostini SNC, Erchie (BR), 72020, Italy