Privacy Policy

Privacy Policy

13 marzo 2026

Last updated: March 13, 2026

Data Controller: Davide Motta, private citizen

Address: Calle Moderna 12, Ático 4, Barcelona, Spain

Privacy email: [email protected]

1. DATA CONTROLLER

The Data Controller of personal data is Davide Motta, private citizen, with address in Calle Moderna 12, Ático 4, Barcelona, Spain. The website dallaterra.it is managed directly by Davide Motta as a private seller in accordance with Regulation (EU) 2016/679 (GDPR).

2. PERSONAL DATA COLLECTED

We collect the following personal data in relation to the use of the website and our services:

  • Registration data: first name, last name, email address, password (hashed)
  • Purchase data: shipping address, phone number, order history
  • Navigation data: IP address, browser type, pages visited, session duration (via analytics cookies, only with consent)
  • Payment data: we do not store payment data — transactions are handled by Stripe Inc. (PCI-DSS Level 1)

    • 3. PURPOSES AND LEGAL BASIS OF PROCESSING

  • Performance of the sales contract (Art. 6.1.b GDPR): order processing, shipments, after-sales assistance
  • Fulfillment of legal obligations (Art. 6.1.c GDPR): retention of accounting records for 7 years
  • Legitimate interest (Art. 6.1.f GDPR): fraud prevention, website security
  • Consent (Art. 6.1.a GDPR): newsletter, analytics cookies and marketing (revocable at any time)

    • 4. DATA RETENTION

  • Purchase data: 10 years (tax obligations)
  • Account data: until account deletion + 30 days
  • Analytics cookies: 13 months
  • Security logs: 12 months

    • 5. SHARING WITH THIRD PARTIES

    We share your data only with the following subjects, strictly necessary for the provision of the service:

  • Stripe Inc. (USA) — payment processing, PCI-DSS Level 1 certified, Privacy Shield/SCC
  • Logistics couriers (DHL, GLS, Poste Italiane) — order shipping
  • Hosting provider (Manus) — website infrastructure

    • We do not sell or transfer your data to third parties for marketing purposes.

    6. INTERNATIONAL TRANSFERS

    Stripe Inc. is based in the USA. The transfer is governed by the Standard Contractual Clauses (SCC) approved by the European Commission.

    7. COOKIES

    For detailed information on the cookies used, their purposes and how to manage preferences, please consult our Cookie Policy.

    8. DATA SUBJECT RIGHTS (Art. 15-22 GDPR)

    You have the right to: access your data, rectify it, erase it ("right to be forgotten"), restrict its processing, data portability, object to processing, withdraw consent at any time.

    To exercise your rights, please write to [email protected]. We will respond within 30 days. You can also lodge a complaint with the competent Supervisory Authority in your country of residence (in Spain: AEPD — www.aepd.es; in Italy: Garante Privacy — www.garanteprivacy.it).

    9. SECURITY MEASURES

    We adopt appropriate technical and organizational measures to protect your data from unauthorized access, loss, destruction or disclosure. These include: TLS encryption for communications, password hashing, role-based access control (RBAC), anomaly monitoring, and regular backups. Payments are handled exclusively by Stripe, which is PCI-DSS Level 1 certified.

    10. CHANGES TO THE PRIVACY POLICY

    We reserve the right to update this policy at any time. Substantial changes will be communicated via notice on the website or by email. The "Last updated" date at the top of the page indicates when the policy was last revised.

    Cookie PolicyTerms of Service[email protected]
    Privacy & Cookies

    We use cookies to ensure the site works and, with your consent, for analytics and marketing. Privacy Policy.