(General Data Protection Regulation or “GDPR”)



   Daniele Magrì ditta individuale

+ info



  1. Allowing users to access the website, purchasing of goods and provision of services, replying to customers’ queries.

  2. Direct marketing including by sending newsletters.

  3. Statistics.

  4. Legal obligations.

+ info



  1. Performance of a contract to which the data subject is party, including the provision of services, or in order to take steps at the request of the data subject prior to entering into a contract.

  2. Consent.

  3. Legittimate interest.

  4. Comply with a legal obligation.

+ info



  1. Hosting and e-commerce service providers.

  2. Web marketing service providers.

  3. Couriers and shipping companies.

  4. Payment service providers.

  5. Consulting companies or firms that provide assistance in accounting, administrative, fiscal, law, tax and financial matters.

+ info



  1. Information sent through online forms or by e-mail.

  2. Information automatically collected through the website.

+ info


   United States, Israel and other third countries

+ info



   Criteria to evaluate data storage time of personal data

+ info



   Access, rectify, restrict processing, object to processing, data portability, data erasure, as further explained under this privacy policy.

+ info


Name: Daniele Magrì ditta individuale

Office location: via Ernesto Schiaparelli, 4, 52100 Arezzo.

E-mail address:





  • Allow users to purchase the Products sold through the website, provision of services and answer queries sent by the data subject. Data Controller will process users’ personal data to offer its services, including the use of the website and the purchase of products online. Data Controller will also process personal data to answers queries from customers. If users do not accept and agree to such processing, Data Controller will not able to provide the requested services, products and information.


  • Direct marketing purpose. Data Controller may process personal data for marketing purposes which may include sending data subjects e-mail or traditional mails related to its products.


  • Statistical purposes. Data Controller reserves the right to monitor the use of the website by using Google Analytics, to understand how users browse the website and to improve its usability.


  • Legal reasons or complying with legal obligations. Data Controller may be required to process certain personal data for legal reasons or complying with legal obligations.




  • Taking steps at the request of the data subject prior to entering into a contract and for the performance of a contract, including provision of services. Data Controller will process users’ personal data collected through the website forms, by e-mail or telephone or automatically collected when the website is visited. Such processing is required for the conclusion and performance of the sale contract, in order to take steps at the request of the data subject prior to entering into a contract, including to allow proper functioning of the website.


  • Consent. With users’ consent, Data Controller may also process personal data for direct marketing purposes, namely sending e-mails and newsletters. Users will always have the opportunity to opt-out and withdraw their consent, by contacting Data Controller directly by e-mail at or by clicking the cancellation link (“unsubscribe”) found at the bottom of each e-mail received. Users are free to give their consent or refuse it without any consequences on the services provided.


  • Legitimate interest. According to article 6, paragraph 1, letter f) of GDPR, Data Controller reserves the right to monitor the use of the website to improve the quality of the site and services, according to the cookie policy, by using Google Analytics while implementing IP-address anonymization. In compliance with article 13 paragraph 2 of Directive 2009/136/EC, as well as with reference to Recital (27) of REGULATION 2016/679 Data Controller may use the e-mail address obtained through the online forms and in the context of the sale of its products, to send users electronic communications concerning the direct marketing of its products or services and as long similar to those users have purchased. Users may object immediately to receiving promotional e-mails by sending a request to the Data Controller at and will have the right, at any time and free of charge, to oppose this processing for direct marketing purposes by clicking the cancellation link (“unsubscribe”) found at the bottom of each e-mail received.


  • Legal reasons or complying with legal obligations. According to article 6, paragraph,letter f) of the GDPR, in some circumstances, Data Controller may be required to process certain personal data for legal reasons or complying with legal obligations, regulations, laws, a government authorities orders, including for tax and accounting purposes.




  • Hosting and e-commerce service providers. This Site is hosted on the platform. provides Data Controller with the online platform that allows it to sell its products and services to users. Personal data may be stored through’s data storage, databases and the general applications. It stores your data on secure servers behind a firewall. Ltd 40 Namal Tel Aviv St., Tel Aviv 6350671, Israel. Ltd has been appointed as Data Processor.

  • Marketing and data analytics service providers. The following service providers process personal data according to a data processor contract that sets out the subject-matter and duration of the processing, the nature and purpose of the processing, the type of personal data and categories of data subjects and the obligations and rights of the controller.


  • Personal data will be shared with Ltd. Newsletters will be sent using Ltd. platform. The provision of the services by Ltd. involves it in processing the personal data on behalf of the Data Controller. Under EU Regulation 2016/679 General Data Protection Regulation (“the GDPR”) (Article 28, paragraph 3), the Data Controller is required to put in place an agreement in writing between the Data Controller and any organization which processes personal data on its behalf governing the processing of that data. Therefore, the Data Controller has entered into a data processing agreement with Ltd.  (“Data Processor”) to ensure compliance with the said provisions of the GDPR in relation to all processing of the Personal Data by the Data Processor for the Data Controller. You can find more information on how Ltd. is processing your personal data at the following link: :


  • Couriers and shipping companies. Data Controller will need to communicate personal data to third party providers that deliver the Products to the Data Subjects.

  • Payment Processors. Payment data collected on the website will not be stored on Data Controller’s servers but directly on payment processor’s servers. Data Controller uses both Paypal and Stripe as payment options on the website. Here data subject can find more information on how Paypal is processing personal data at the following link:

  • Consulting companies or firms that provide assistance and consulting in accounting, administrative, fiscal, law, tax and financial matters. Data Controller may need to disclose personal to accounting, tax and law firms that provide assistance and consultancy services, in order to comply with legal obligations as required by the law. Data Controller will take steps to ensure that personal data is handled safely, securely, and in accordance with data subject rights.




Information user send us through online forms and e-mail. Personal data collected when purchasing goods online: full name, e-mail address, contact data, address, address, fiscal code, VAT number, payment data (to authorized payment service providers). This data is freely given by users through the online forms or by e-mail and are necessary for the contract performance.

Information We collect automatically . The information systems and software procedures relied upon to operate this website acquire personal data as part of their standard functioning; the transmission of such data is an inherent feature of Internet communication protocols. This data category includes the IP addresses, visited pages, visitors by time/date, geographical areas of origin. These data are necessary to use web-based services and are also processed in order to extract statistical information on service usage (most etc.) and check functioning of the services.




Data Controller will only store or transfer personal data within the European Economic Area. Controller will transfer persona data to a third party based in the US or outside the European Economic Area, as long as the data recipient guarantees an adequate level of protection to the fundamental right of individuals (data subjects) to data protection according to an adequacy decision by the European Commission or agreeing to the EU Commission standard contractual clauses (2010/87/EU). To have more information or a copy of the guarantees put in place by the Data Controller for the transfer of personal data to countries located outside the European Economic Area, please send a an e-mail to or visit the web page




Data storage may vary depending on the purpose of processing. All data collected for contractual purposes will be kept only for the time strictly necessary to perform our services and thereafter deleted.

Personal data may be stored, to the extent strictly necessary, for a longer period following specific regulatory obligations, including for the fulfillment of tax and accounting obligations.
When processing subject to your consent, the Data Controller will keep the data until user object to such processing and withdraw consent.




The exercise of the data subject's rights is free of charge. Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the Data Controller may either charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested or refuse to act on request. Under the GDPR, data subjects have the following rights:


  • The right to obtain from Data Controller confirmation as to whether or not personal data concerning him/her are being processed.

  • The right to access personal data.

  • The right to have personal data rectified if any of his/her personal data held by data controller is inaccurate or the right to have incomplete personal data completed, including by means of providing a supplementary statement.

  • The right to be forgotten, including to delete the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed or because data subject withdraws consent on which the processing is based.

  • The right to restrict the processing of personal data according to article 18 of GDPR.

  • The right to object to Data Controller using personal data for a particular purpose or purposes.

  • The right to data portability. This means that, if data subjects have provided personal data to Data Controller directly, the latter is using it with his/her consent or for the performance of a contract, and that data is processed using automated means, data subject can ask Data Controller for a copy of that personal data to re-use with another service or business in many cases.

  • Rights relating to automated decision-making and profiling.

  • Right to file a complaint with a supervisory authority.


Data subjects can enforce their rights at any time by sending an e-mail to the following address:

Data Controller has a duty to respond to requests at the latest within one month of receiving them. This deadline may be extended by two additional months if necessary, considering the complexity and the number of requests received. In case of extension data subjects will be informed of the delay and the reasons. If data subjects do not take action on their request, Data Controller will inform them without delay and at the latest within one month of receipt of their request of the reasons for not taking action and on the possibility of filing a complaint with a supervisory authority and seeking a judicial remedy.