en
en

Privacy policy

Last update: February, 23 2026

Data Controller

The data controller is

Egidia Cassinese
Via Piero Martinetti 28a – 20147 Milano (MI), Italy
Email: ciao@chetipo.com

Purposes and legal basis

Personal data collected through chetipo.com are processed for the following purposes:

  • Performance of the contract for the occasional sale of used goods purchased on the website. (Legal basis: performance of a contract)

  • Compliance with tax and accounting obligations. (Legal basis: legal obligation)

  • Sending newsletters and promotional communications about products, initiatives and updates from che tipo!, via Hostinger Reach. Subscription occurs through explicit consent collected via a dedicated form on the website. (Legal basis: consent)

  • Handling requests sent via contact forms on the website (e.g., Support page), via Hostinger Reach. (Legal basis: pre‑contractual measures or legitimate interest, depending on the request)

  • Statistical analysis of website operation and user behaviour via Google Analytics 4 and Google Tag Manager. (Legal basis: consent)

  • Profiling and remarketing activities via Google Signals and marketing cookies. (Legal basis: consent)

  • Fraud prevention and detection, website security and protection of the controller's legitimate interests. (Legal basis: legitimate interest)

Types of data processed

The following personal data, among others, are processed:

  • Personal and contact details: name, surname, email address, shipping/billing address.

  • Newsletter subscription data: email address and, where provided, name and language preferences.

  • Contact form data: name, email and any information freely entered in text fields.

  • Tax code (codice fiscale), when required for invoicing individuals.

  • Order data: purchased products, amount, payment data managed by third parties (Stripe, PayPal, Amazon Pay – the website does not store complete card details, which are processed by the provider).

  • Browsing data: IP address, server logs, browser and operating system information. Browsing logs are stored for a maximum of 14 days.

  • Aggregated and anonymised usage data and interaction via cookies and analytics tools. Google Signals enables remarketing and marketing profiling activities. All data transferred outside the EU comply with GDPR safeguards.

Processing methods

Processing is carried out using electronic and automated tools, adopting adequate technical and organisational measures to ensure the security, integrity and confidentiality of personal data.

Data retention

  • Order and invoicing data: stored for the time necessary to fulfil the occasional sale and as required by applicable tax regulations.

  • Newsletter data: stored until unsubscription or withdrawal of consent.

  • Contact form data: stored for the time necessary to manage the request and for protection in case of disputes.

  • Browsing logs: stored for 14 days.

  • Analytics data: stored for 14 months.

  • Profiling/marketing data: until consent is withdrawn.

Data recipients

Personal data may be shared with:

  • Hosting service providers (Hostinger), e‑commerce platform, website security.

  • Hostinger Reach, for managing newsletters and contact forms, acting as a data processor.

  • Payment service providers (Stripe, PayPal, Amazon Pay).

  • Google LLC for Google Analytics 4, Google Signals, Google Tag Manager.

  • Technical, accounting or tax consultants in relation to legal obligations.

These parties act as data processors or independent data controllers.

Transfers to non‑EU countries

Some services used (e.g., Google Analytics, Google Signals, Google Tag Manager) involve transfers to countries outside the European Union. Such transfers are carried out on the basis of adequate contractual safeguards (Standard Contractual Clauses) and in compliance with applicable regulations.

Data subject rights

The data subject has the right to request at any time:

  • access to their personal data;

  • rectification or erasure of data;

  • restriction of processing;

  • objection to processing;

  • data portability;

  • withdrawal of consent at any time without affecting the lawfulness of processing based on consent before withdrawal.

For the newsletter, you can unsubscribe at any time via the "unsubscribe" link in every email or by writing to ciao@chetipo.com.

The data subject also has the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) at www.garanteprivacy.it

Requests can be sent by email to: ciao@chetipo.com

Cookies and tracking tools

For information on cookie use and consent preferences, please see the website's Cookie Policy.

Minors

The website is not intended for minors under 16 years of age. Any data accidentally collected from a minor will be deleted upon request by a parent or guardian.

Changes to this policy

This policy may be updated. Users are invited to check the "Last update" date at the top to verify any changes.

Privacy policy - Cookie policy - Terms & conditions

Follow us on Instagram!

©2026 - Designed by viewy