The website dearailjewels.com is operated by Dea Rail di Giorgia De Angelis (hereinafter “we” or “Dea Rail”). Protecting your privacy is a top priority for us: we process personal data in full compliance with the EU Regulation 2016/679 (GDPR) and applicable national laws.
By subscribing to our newsletter, you may receive news and exclusive offers. You can unsubscribe at any time by clicking the link in each email or by writing to info@dearailjewels.com.
Types of data collected
1. Browsing data Certain personal data is collected automatically by the website’s systems during use (e.g., IP address, browser type, pages visited). This information is used for statistical and security purposes and is deleted after analysis.
2. Data provided voluntarily by the user Sending an email to the addresses listed on the website involves the acquisition of the sender’s personal data (such as name and email address).
3. Data required for purchase To place an order, you need to register or provide your contact and payment details. These are used to process your cart, finalize transactions, ship purchased products, and provide after-sales support.
4. Third-party services The website uses third-party tools that may collect personal data, including:
– Google Analytics (Google Ireland Limited) – for statistical analysis of site traffic;
– Google reCAPTCHA (Google Ireland Limited / Google LLC) – to protect the site from spam and automated abuse. The use of reCAPTCHA involves the transmission of the user’s IP address and other data to Google. Privacy Policy – Termini di servizio.
Purposes and legal basis of processing
Personal data is processed exclusively to:
– enable browsing and proper functioning of the website;
– manage orders and shipments;
– comply with contractual, fiscal, and legal obligations;
– send marketing communications (only with explicit consent);
– ensure site security and prevent abuse.
Processing is based on various legal grounds: performance of a contract, compliance with legal obligations, explicit user consent, and the legitimate interest of the controller.
Data processing methods
Personal data is processed using electronic and telematic tools, in compliance with GDPR security measures. Data is retained only for the time strictly necessary to fulfill the stated purposes and always in accordance with legal requirements.
Disclosure to third parties
Personal data may be accessed by internal and external parties working with Dea Rail, including:
– administrative and commercial staff;
– technical service providers, hosting providers, couriers, and shipping companies;
– payment institutions and professional consultants.
Data will never be sold or transferred to unrelated third parties for unauthorized commercial purposes.
User rights
Under the GDPR, you have the right to:
– withdraw consent at any time;
– object to the processing of your data;
– access your personal data and obtain a copy;
– request rectification or updates;
– request restriction of processing under certain conditions;
– request deletion of your data (“right to be forgotten”);
– lodge a complaint with the competent Data Protection Authority.(www.garanteprivacy.it).
We have implemented appropriate security measures to protect personal data against loss, misuse, or unauthorized access. All payment transactions are encrypted using SSL (Secure Socket Layer) technology, and all data exchanges with our server take place exclusively via secure HTTPS connections.
