Privacy information pursuant to EU Reg. 2016/679 (GDPR)

1. Data controller

The Data Controller is:
GISAR sas di Cucchiarini Sara and C.
Registered office: Via Santa Maria in Val D'Abisso 14 – 61046 Piobbico (PU) – Italy
VAT number: 02700650415
Email: info@gisar.it

2. Subject of the information

This policy describes the ways in which the Data Controller processes personal data collected through the website www.gisar.it (“Site”) and related services, including e-commerce, newsletters, contact forms, customer accounts, blog comments, and interactions with the brand's official social networks.

3. Types of data processed

The Data Controller may collect and process the following categories of personal data:

  • Identification data : name, surname, date of birth (if requested).

  • Contact details : address, email, telephone number.

  • Shipping and billing information : delivery and billing address, any notes for the courier.

  • Payment data : payment method, information necessary to execute the transaction (the complete credit card details are never stored by the Owner).

  • Browsing data : IP address, log data, browser and device type, information collected through cookies and similar tools.

  • Customer account data : username, email, purchasing preferences.

  • Data for marketing purposes : purchase history, any preferences expressed, interactions with newsletters or advertising campaigns.

  • Data provided voluntarily : messages sent via contact forms, email, or social media, product reviews, blog comments.

4. Purpose and legal basis of the processing

Personal data are processed for the following purposes:

  1. Performance of contractual and pre-contractual obligations

    • Order management, payments, shipping, returns, customer support.

    • Legal basis: Art. 6, paragraph 1, letter b) GDPR.

  2. Fulfillment of legal obligations

    • Tax and accounting obligations, responses to requests from judicial authorities.

    • Legal basis: Art. 6, paragraph 1, letter c) GDPR.

  3. Site management and user experience improvement

    • Creating and managing customer accounts.

    • Blog comment management.

    • Use of technical and analytical cookies.

    • Legal basis: Art. 6, paragraph 1, letter f) GDPR (legitimate interest).

  4. Promotional and marketing activities

    • Sending newsletters, promotions, and personalized offers.

    • Use of cookies and tracking pixels for targeted advertising.

    • Legal basis: Art. 6, paragraph 1, letter a) GDPR (consent).

  5. Security and abuse prevention

    • Prevention of fraud, unauthorized access, and illegal activities.

    • Legal basis: Art. 6, paragraph 1, letter f) GDPR.

5. Processing methods and security

Processing is carried out electronically and/or on paper, with appropriate technical and organizational measures to protect the data, including:

  • Access to data permitted only to authorized personnel.

  • Password protection and multi-factor authentication where possible.

  • Data encryption in transit via HTTPS protocol.

  • Periodic backups.

  • Monitoring systems for vulnerabilities.

6. Data retention

  • Contractual and billing data : 10 years (legal obligation).

  • Customer account data : until requested deletion.

  • Marketing data : until consent is revoked.

  • Browsing data : as specified in the Cookie Policy.

7. Mandatory nature of the provision

Providing contractual data is mandatory in order to complete a purchase.
Failure to provide this information may make it impossible to provide the requested services.
Providing data for marketing and newsletter purposes is optional.

8. Data recipients

Personal data may be disclosed to:

  • Employees and collaborators of the Owner.

  • Technical and IT service providers (e.g., Shopify Inc., hosting, maintenance).

  • Couriers and freight forwarders (e.g. SDA, GLS, DHL).

  • Payment service providers (e.g. PayPal Inc., Stripe Inc., Nexi).

  • Newsletter and marketing service providers (e.g. Mailchimp, Klaviyo).

  • Tax, legal, and accountant consultants.

  • Competent authorities where required by law.

All subjects are bound by a duty of confidentiality and, if they act on behalf of the Data Controller, are appointed as Data Processors pursuant to Art. 28 GDPR.

9. Transfer of data outside the EU

The Site is hosted on Shopify , a platform that can store data on servers located in countries outside the EU. Shopify adopts Standard Contractual Clauses approved by the European Commission (Article 46 GDPR).

Other providers (Google, Meta, TikTok, Pinterest, newsletter services) may involve transfers outside the EU; such transfers are carried out with adequate guarantees or adequacy decisions where required.

10. Rights of the interested party

The user can exercise the rights provided for by Articles 15-22 of the GDPR:

  • Access, rectification, updating.

  • Erasure (“right to be forgotten”).

  • Limitation of processing.

  • Data portability.

  • Object to processing for legitimate reasons or for marketing.

  • Withdrawal of consent.

Requests should be sent to: info@gisar.it

11. Complaint to the Guarantor

The user has the right to lodge a complaint with the Italian Data Protection Authority ( www.garanteprivacy.it ) if he or she believes that the processing of his or her data violates the law.

12. Cookies and tracking tools

The Site uses technical cookies and, with your consent, profiling and analytics cookies.
Consent is collected via a compliant banner and can be revoked at any time.
More information is available in the Cookie Policy .

13. Social networks and external links

The Site may include sharing buttons and plug-ins for social networks (Facebook, Instagram, Pinterest, TikTok).
Interaction with these platforms involves the transmission of data in accordance with their respective privacy policies.

14. Changes

This policy may be updated. The latest version is published on the Website, indicating the update date.

Last updated: August 2025