Privacy Policy – DadArt
Last updated: November 8, 2025
DadArt by Eleonora Gullo (hereinafter “DadArt”, “we”, “Controller”) is committed to protecting your privacy. This policy describes how we collect, use, store, and protect your personal data in accordance with the Regulation (EU) 2016/679 (GDPR) and to Italian legislation.
Contacts
Data controller: Eleonora Gullo
Address: Via Piave 121, 98071 Capo d'Orlando (ME), Italy
E-mail: [email protected]
1. Types of data collected
a) Data provided voluntarily
We collect data provided voluntarily through contact forms, purchase forms, registration forms, and WhatsApp Business, including:
- Name and Surname
- Mailing address
- Telephone number
- Email address
- Payment and billing information
b) Browsing data (automatic collection)
We automatically collect technical information through log files and cookies (IP address, browser type, ISP, date/time, referring/exit URL, clicks, operating system). This data is used for technical, security, and statistical purposes and is stored for 3 months unless otherwise indicated.
c) Cookies and similar technologies
The Site uses technical, analytical, and marketing cookies. In particular, we use cookies to track items placed in the cart and detect the abandoned cart, also for the purpose of sending SMS reminders if the user has provided their number and given consent.
2. SMS Communications (Klaviyo)
We use Klaviyo for sending SMS messages regarding order updates, abandoned cart reminders, and promotional campaigns. Marketing SMS messages are sent only after prior consent. explicit consent of the interested party.
Telephone number management
Telephone numbers are processed exclusively for:
- service communications (e.g. order notifications);
- abandoned cart reminders;
- SMS marketing, only with explicit consent.
Consent can be revoked at any time by replying to the message or writing to [email protected]. Telephone numbers and SMS consent Not are shared with unaffiliated third parties:
“The above excludes the data and consent of the author of the messages. This information will not be shared with third parties.”
3. Purposes and legal bases of the processing
We process your data for the following purposes:
- Execution of contracts and orders (execution of purchases): legal basis art. 6(1)(b) GDPR;
- Customer support and service communications: contractual performance/legitimate interest;
- Email/SMS marketing: explicit consent (art. 6(1)(a) GDPR);
- Statistical analysis and site security: legitimate interest (site improvement and fraud prevention).
4. Third-party services (Processors) and links to their Privacy Policies
The Site uses third-party providers to provide its services. Below is a summary with links to their privacy policies (we recommend checking the official URLs periodically):
| Service | Purpose | Link to the Privacy Policy |
|---|---|---|
| Mailchimp / Mandrill | Sending newsletters / transactional emails | https://mailchimp.com/legal/privacy/ |
| Klaviyo | Email/SMS marketing, abandoned carts | https://www.klaviyo.com/privacy |
| Stripe | Online payments | https://stripe.com/privacy |
| Klarna | Payments / installments | https://www.klarna.com/ |
| PayPal | Online payments | https://www.paypal.com/privacy |
| Satispay | Mobile payments | https://satispay.com/it/privacy |
| Cryptocurrencies / Wallets | Crypto payments (wallet address, amount) | General information on privacy (e.g. Bitcoin) |
| Google (Analytics, Tag Manager, Fonts, Maps) | Analysis, tag management, fonts, maps | https://policies.google.com/privacy |
| Meta / Facebook / Instagram | Social, tracking and advertising | https://www.facebook.com/privacy |
| Cloudflare | CDN, security and DDoS mitigation | https://www.cloudflare.com/privacypolicy/ |
| New Relic | Infrastructure monitoring | https://newrelic.com/privacy |
| Tawk.to | Support Chat | https://www.tawk.to/privacy-policy/ |
| TrustIndex | Reviews and widgets | https://www.trustindex.io/privacy-policy |
Note: Links point to providers' public information pages and may vary depending on location or updates. Always check the provider's official URL if you wish to link to a specific version (e.g., GDPR/EU).
5. International data transfers
Some providers may process data in non-EU countries. In such cases, we adopt appropriate safeguards (e.g., standard contractual clauses - SCC) to ensure an adequate level of protection, in accordance with the GDPR.
6. Data retention
- Browsing data: 3 months
- Billing data and accounting documents: 11 years (tax obligations)
- Marketing data (email/SMS): until consent is revoked
- Payment data: for the time necessary to execute the transaction and for legal obligations
7. Security
We adopt appropriate technical and organizational measures to protect personal data (encryption, HTTPS, authorized access, backups, internal controls). However, no system is completely secure: in the event of a data breach, we will adopt the procedures required by law, including notifying the Data Protection Authority and the data subjects if requested.
8. Rights of the interested party
You have the rights provided for by Articles 15–21 of the GDPR:
- data access;
- rectification or integration;
- erasure (right to be forgotten) to the extent permitted by law;
- limitation of processing;
- opposition to processing;
- data portability;
- withdrawal of consent (without prejudice to the lawfulness of processing based on consent before its withdrawal).
To exercise your rights, send a request to: [email protected]. The data will be exported or deleted within 30 days, unless justified technical complexity or legal obligations require different timeframes.
9. Changes to this policy
This policy may be updated periodically. If significant changes are made, we will post the updated version on the Site and, where appropriate, notify registered users.
