Privacy notice

Data controller

Carlo Bazzoni, with registered office in Italy. Controller's email for GDPR requests: privacy@carlobazzoni.com.

Data collected

• Purchase data: name, shipping address, email, telephone (necessary to fulfil the order)
• Payment data: handled directly by providers (Stripe, PayPal, BTCPay) — do not pass through our servers
• Navigation data: aggregated and anonymous via self-hosted Plausible Analytics (no cookies, no fingerprinting)
• Newsletter: email + language only, with double opt-in

Legal basis

Performance of contract (purchases), explicit consent (newsletter, contact), legitimate interest (anonymous aggregated analytics).

Retention

Order data: 10 years (Italian tax obligations). Newsletter emails: until consent is withdrawn. Server logs: 30 days.

Your rights

You have the right of access, rectification, erasure, restriction, portability and objection. Write to privacy@carlobazzoni.com to exercise any of these rights — we will respond within 30 days.

Extra-EU transfers

Some providers (Stripe, Cloudflare) also process data in the USA. All adhere to the EU-US Data Privacy Framework or provide Standard Contractual Clauses.