Privacy Policy

Privacy Policy (articles 13–14 GDPR)

Last updated: 10/16/2025
Domain: ferruccicomfort.net

1) Data controller

Ferrucci Group Srl
Headquarters: Via Bruxelles 15, 76011 Bisceglie (BT), Italy
Contact email: amministrazione@ferruccigroup.it

Ferrucci Group Srl determines the purposes and means of processing personal data collected through the website and the Shopify e-commerce site.

DPO: Not named, as the obligations of Articles 37–39 of the GDPR do not apply. For any privacy concerns, please write to us at the address above.

2) Types of data processed

  • Identification and contact details: name, surname, shipping and/or billing address, email, telephone number.
  • Order and logistics data: products purchased, quantities, amounts, order notes, tracking code, shipping status.
  • Billing information: VAT number/tax code (where applicable) and data required for accounting/tax compliance.
  • Technical and navigation data: security logs, device identifiers, information essential for the functioning of the cart/checkout.
  • Cookies and similar technologies:
  • Technical/necessary (always active for functional purposes).
  • Google Ads And Google Analytics only with prior consent expressed by the user via banner/preference center.

Special categories of data (Article 9 GDPR): the Owner does not request or intend to process health dataAny health information voluntarily provided by the user (e.g., in order notes or messages) will be limited to managing the request, minimized, and deleted when no longer needed.

3) Purposes and legal bases (Article 6 GDPR)

We process data exclusively for:

  1. Order management, payments and delivery (art. 6.1.b – execution of the contract): order processing, preparation, shipping, customer support.
  2. Legal obligations (art. 6.1.c): accounting and tax obligations, legal guarantees.
  3. Security, anti-fraud and legal protection (art. 6.1.f – legitimate interest): prevention of abuse, management of disputes and defense in court.
  4. Measurement/marketing cookies (Google Analytics/Google Ads) (art. 6.1.a – consent): aggregate analysis of site usage and advertising activities Alone if the user gives consent via banner; in the absence of consent, the tags remain blocked.

Commitment to data minimization and purpose limitation: customer data are used and communicated to third parties exclusively for the shipping and execution of the order, as well as to comply with legal obligations. No data will be sent to third parties for marketing purposes without specific and separate consent.

4) Recipients/categories of recipients (Article 13.1.e, 28 GDPR)

  • E-commerce platform: Shopify (platform provider).
  • Transport carriers (only if necessary for shipping): FedEx, DHL, DDP, GLS.
  • Technical/IT suppliers (hosting, maintenance, security) and administrative-accounting consultants (for legal compliance).
  • Any public authorities/bodies in the cases provided for by the legislation.

The above recipients act:

  • as Data Processors (Article 28 GDPR) on the instructions of the Data Controller, with access only to the necessary data; or
  • as independent owners (e.g. couriers for shipping purposes), processing the data strictly necessary for delivery.

5) Transfers outside the EU/EEA (Articles 44–49 GDPR)

Some providers (e.g. Shopify platform, cloud tools) may involve transfers to non-EEA countriesIn such cases, the transfers take place in compliance with Chapter V of the GDPR, on:

  • Adequacy decisions of the European Commission, or
  • Standard Contractual Clauses (SCC) and, where required, additional measures (p.es. encryption, minimization).

Information on the guarantees applied is available upon request at amministrazione@ferruccigroup.it.

6) Retention periods (art. 5.1.e)

  • Account/Order/Shipping Information: preserved for about 24 months from the last useful interaction (delivery/assistance), for logistics traceability and after-sales service.

  • Accounting and tax documents (e.g. invoices): kept for the statutory period applicable (up to 10 years).

  • Google Ads/Analytics Cookies: according to the choices expressed in the banner and the limits indicated in the relevant policies; consent can be revoked at any time from the preference center.

At the end, the data is deleted or anonymized securely.

7) Cookies and tracking tools

  • Technical/necessary cookies: They guarantee basic functionality (session, cart, checkout, security) and are installed without consent.

  • Google Analytics and Google Ads: disabled by default; are activated only if the user gives consent in the banner. All tracking is finalized to improve the user experience on ferruccicomfort.net (e.g., site performance, navigation paths, content and campaign effectiveness).

  • Manage preferences: The user can modify/revoke consent at any time from the banner or from the cookie preference center.

Note: The identifiers collected by these tools, where active, are processed in aggregate form/at the necessary level; no automated decisions with legal effects on the user are made.

8) Nature of the transfer

Providing data marked as mandatory during checkout is necessary To conclude and execute the contract (shipping and assistance). Failure to provide this information will prevent the order from being processed.

9) Rights of the data subject (Articles 15–22 GDPR)

The user can exercise at any time:

  • Access to the data and information (art. 15);
  • Correction (art. 16);
  • Cancellation/oblivion (art. 17);
  • Limitation (art. 18);
  • Portability (art. 20);
  • Opposition (art.21) for processing based on legitimate interest;
  • Revocation of consent (art. 7.3) for cookies/analytics/ads, without prejudice to the previous lawfulness.

Requests to: amministrazione@ferruccigroup.it. Verification of identity may be required.

10) Complaints to the Supervisory Authority (Article 77 GDPR)

The user can lodge a complaint with the Guarantor for the protection of personal data (Italy) or to the Authority of his/her Member State of residence, without prejudice to any other administrative or judicial remedy.

11) Security (Article 32 GDPR)

The Owner adopts technical and organizational measures adequate measures to protect the data (e.g. encryption in transit, access control, segregation of environments, logging, minimization, contracts pursuant to Article 28 with suppliers). In the event of violations likely to present a risk to the rights and freedoms of the data subjects, the following measures will be taken: notifications provided for by Articles 33–34 GDPR.

12) Minors

The site and services are intended for users aged 18 years of age or older (Article 2-quinquies of the Privacy Code). We do not knowingly collect data from minors under this age without the consent of their parent or guardian. If you believe a minor has provided us with data, please contact us. amministrazione@ferruccigroup.it for removal.

13) Automated decisions and profiling

We do not carry out decisions based solely on automated processing that produce legal effects or similarly significantly affect the user (Article 22 GDPR). Any statistical/performance analyses via Analytics, if activated with consent, operate on an aggregate basis and to improve the site experience.

14) Changes to this policy

This policy may be updated to reflect regulatory changes or technical developments. The current version is always published on this page, indicating the update date.

Contacts Privacy

For questions or to exercise your rights: amministrazione@ferruccigroup.it.