Privacy Policy

Data Controller

Data we collect

We collect first name, last name, email address, phone number, country, and anonymous navigation data. We never sell data to any third party.

Payment data is never stored on our servers. All payments are processed by Stripe, Inc. in compliance with PCI DSS.

Purpose of processing

• Process orders and manage project-related communication
• Send payment confirmations, receipts, and project updates
• Respond to requests submitted via the contact form or chat widget
• Anonymised statistical analysis of site usage

Legal basis

Processing is based on: Art. 6(1)(b) GDPR - contract performance; Art. 6(1)(a) GDPR - consent for optional cookies; Art. 6(1)(c) GDPR - legal tax obligations.

Data retention

Order data is retained for 10 years under Italian tax law. Contact data not linked to orders is deleted within 24 months of last contact.

Your rights

You have the right to access, rectification, deletion, portability, restriction, and objection. To exercise your rights write to: ciao@rosies-designs.com

You may also lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it).

Data transfers

Data may be transferred to Stripe, Inc. (USA) for payment processing under the European Commission's Standard Contractual Clauses. No other transfers outside the EEA.