Privacy Policy

Privacy Policy

Privacy Policy

Last update: 19.11.2025

Pursuant to Art. 13 of EU Regulation 2016/679 (GDPR)

1. Data Controller

The Data Controller is:

B’AUREA SAS

Via Carlo Noè, 45 – 21013 Gallarate (VA) – Italy

VAT: 04059940124

Email: contact@b-aurea.com

Website: https://b-aurea.com

2. Types of Data Collected

We collect and process the following personal data:

  • Identification data (first name, last name)
  • Contact data (email, phone number, address)
  • Payment data (processed only through secure providers such as PayPal or Stripe — we do not store payment details directly)
  • Browsing data (IP address, browser type, visited pages, through technical and analytics cookies)

3. Purposes of the Processing

The collected data are processed for the following purposes:

  • Order fulfillment and shipment management
  • Communications regarding orders or customer requests
  • User account management
  • Sending newsletters (with prior consent)
  • Anonymous statistical analysis to improve the website
  • Legal and tax compliance

4. Legal Basis for Processing

Data processing is based on:

  • Execution of a contract (Art. 6(1)(b) GDPR)
  • Consent from the data subject (for promotional communications)
  • Legal obligations (Art. 6(1)(c) GDPR)
  • Legitimate interest of the Controller (e.g., defending legal rights)

5. Processing Methods

Data are processed using electronic and/or manual tools, in compliance with the security measures established by law.
We do not use automated decision-making or profiling.

6. Data Retention

Data will be retained for the time necessary to achieve the purposes indicated:

  • Order-related data: 10 years (legal/tax obligations)
  • Marketing data: until consent is withdrawn
  • Browsing data: up to 26 months

7. Data Communication and Disclosure

Data will not be publicly disclosed but may be communicated to:

  • Couriers and logistics service providers
  • Payment providers (e.g., PayPal, Stripe)
  • Legal and tax advisors
  • Subjects authorized by the Controller

All third parties are bound by contractual confidentiality and GDPR compliance.

8. Data Transfer Outside the EU

Some data may be transferred outside the EU only when adequate safeguards are in place (adequacy decisions, Standard Contractual Clauses, or other GDPR-compliant mechanisms).

9. Data Subject Rights

Users may exercise their rights under Articles 15–22 GDPR at any time, including:

  • Access to personal data
  • Rectification or update
  • Erasure (right to be forgotten)
  • Restriction of processing
  • Objection to processing
  • Data portability
  • Withdrawal of consent (without affecting the lawfulness of processing before withdrawal)

Requests can be sent to: contact@b-aurea.com

10. Complaints

If you believe your data have been processed in violation of GDPR, you may lodge a complaint with the Data Protection Authority: www.garanteprivacy.it