Close
Language:

Privacy Policy

Last updated: 2026/02/27

1. Data Controller

The Data Controller is AndRed.it di Savarin Andrea.
Email: info@xtec.it
PEC (certified email): andrea.savarin@pec.it

2. Categories of personal data

Depending on how you use the website, we may process:

  • Technical and usage data: IP address, user-agent, device/browser identifiers, system logs, security events, website usage data.
  • Data you provide: name, email, phone (if provided), shipping/billing address (if applicable), the content of messages sent via forms or email.
  • Orders/payments data (if applicable): order and delivery information, payment status, refunds/disputes where applicable, and technical transaction identifiers (e.g., order/payment IDs). Payments are handled by external providers (e.g., Stripe, PayPal, Scalapay, Satispay) and, in general, we do not process full card details. We may receive from the provider information necessary to manage the order (e.g., payment outcome, status, and where applicable, strong customer authentication such as 3D Secure).
  • Privacy preferences and consents: cookie/tracking choices.

3. Purposes and legal bases

We process personal data for:

  1. Website operation and security (necessary cookies, security, debugging, abuse prevention).
    Legal basis: legitimate interests and/or technical necessity to provide the service.
  2. Handling contact requests and support.
    Legal basis: contract/pre-contract measures or legitimate interests.
  3. Order fulfilment, delivery, returns (if applicable), including fulfilment by third-party suppliers/logistics.
    Legal basis: performance of a contract.
  4. Legal/accounting/tax compliance (if applicable).
    Legal basis: legal obligation.
  5. Payment processing and fraud/abuse prevention via payment providers (e.g., Stripe, PayPal, Scalapay, Satispay), including security checks and, where applicable, strong customer authentication (e.g., 3D Secure).
    Legal basis: performance of a contract (payment processing) and, where applicable, legitimate interests (security and fraud prevention).
  6. Analytics and experience improvement.
    Legal basis: consent, where non-necessary cookies/tracking are used.
  7. Newsletter, marketing, remarketing and personalised advertising (including third parties).
    Legal basis: consent (withdrawable at any time).

4. How we process data and security

We process data using IT and telematic tools and adopt appropriate technical and organisational measures to protect data (access controls, backups, logging, anti-abuse measures).

5. Recipients (categories)

Data may be shared with processors or independent controllers, including:

  • Hosting/Infrastructure: ARUBA.
  • Payment providers: Stripe, PayPal, Scalapay, Satispay (payment processing, security and fraud prevention). Payment providers may act as independent controllers for processing necessary to execute payments and prevent fraud, under their respective notices.
  • Shipping and logistics: various couriers/logistics operators, including those selected by the supplier fulfilling the order.
  • IT vendors, maintenance, consultants: as needed.
  • Analytics/marketing/advertising tools: when enabled with consent (see Cookie Policy and cookie settings).

6. International transfers

Some providers (especially analytics/advertising and, in some cases, payment and fraud-prevention services) may process data outside the EEA. Where applicable, transfers rely on appropriate safeguards (e.g., Standard Contractual Clauses or adequacy decisions, when applicable).

7. Retention

  • Support/contact: as needed to manage the request.
  • Orders/legal compliance (if applicable): for the time required by applicable laws.
  • Marketing/newsletter/remarketing: until consent is withdrawn or deletion is requested.
  • Technical/security logs: for a limited and proportionate period.

8. Your rights

You may exercise GDPR rights under Articles 15–22 (access, rectification, erasure, restriction, portability, objection) and withdraw consent at any time. Withdrawal does not affect lawfulness before withdrawal. You may also lodge a complaint with the competent supervisory authority.

Contact: info@xtec.it or andrea.savarin@pec.it.

9. Cookies and tracking

We use necessary cookies and—subject to consent—preference, analytics and marketing tracking tools. You can change/withdraw choices at any time via the “Cookie settings” panel and by reading the Cookie Policy.

Payments with Stripe: when using Stripe-based payment methods (for example during checkout), technical cookies related to security and fraud prevention may be set on our domain by the Stripe.js library (e.g., __stripe_mid and __stripe_sid).

Cookie Policy: Read the Cookie Policy
Manage preferences: Open cookie settings

10. Changes to this notice

We may update this notice; the latest version will be published on this page with the “Last updated” date.