Alfredo Baratta — Registered office: Via Tullio Capone, Battipaglia 84091 (SA), Italy — VAT No. IT06286180655 — Email: [email protected]
2. Personal data processed
| Data category | Source | Plugin/service detail |
|---|---|---|
| Personal, contact and shipping data | Provided by the user at WooCommerce checkout | WooCommerce core |
| Tokenised payment data | Provided at the time of purchase | WooPayments / Stripe |
| Shipping and tracking data | Generated during fulfilment | Printify (POD) |
| Browsing data and logs | Collected automatically | Cloudflare CDN / WAF |
| Marketing data (abandoned cart) | Generated in the cart | WooCommerce Cart Abandonment Recovery (GDPR‑ready) |
| Contact forms | Voluntarily submitted | WPForms Lite |
3. Purposes and legal bases
| Purpose | Legal basis Art. 6 GDPR | Retention period* |
| Order, payment and delivery management | b) contract | 10 years (statutory requirement) |
| Tax and accounting obligations | c) legal obligation | 10 years |
| Fraud prevention (Cloudflare, Stripe) | f) legitimate interest | 24 months (logs) |
| Email marketing (abandoned cart, newsletter) | a) consent | Until withdrawal |
| Anonymous traffic analysis (SureRank) | f) legitimate interest / anonymisation | 24 months |
Retention criteria communicated pursuant to Art. 13 §2 (a) GDPR
4. Recipients and extra‑EU transfers
- Stripe Payments Europe / Stripe Inc. (payments) — SCC & DPA in force
- Printify, Inc. (on‑demand production and logistics) — EU/US SCC
- Cloudflare, Inc. (CDN, WAF) — DPA v. 6.3, sub‑processor list
- Email provider (Gmail — EU)
Servers may be located outside the EEA; transfers occur pursuant to Standard Contractual Clauses or adequacy decisions.
5. Data subject rights
Access, rectification, erasure, restriction, portability, objection, lodging a complaint with the supervisory authority (Art. 15–22 GDPR).
Requests to [email protected].
6. Security measures
TLS 1.2+, Cloudflare firewall, two‑factor authentication in admin area, daily backups, principle of least privilege for accounts.
To manage the cookies and similar technologies used (tracking pixels, web beacons, etc.) and related consents, we use the consent tool “Real Cookie Banner”. Details on how “Real Cookie Banner” works can be found at https://devowl.io/rcb/data-processing/.
The legal basis for the processing of personal data in this context are Art. 6 (1) (c) GDPR and Art. 6 (1) (f) GDPR. Our legitimate interest is the management of the cookies and similar technologies used and the related consents.
The provision of personal data is neither contractually required nor necessary for the conclusion of a contract. You are not obliged to provide the personal data. If you do not provide the personal data, we will not be able to manage your consents.