Privacy Policy

Data Controller

  • Name: Pixuprint – Marco Cotugno

  • Address: Corso Galileo Ferraris 80, Turin (Italy)

  • Email: info@pixuprint.net

  • DPO: not appointed

Scope

This policy describes the processing of personal data of users in relation to the website www.pixuprint.net (the “Website”), e-commerce services, contact forms, and marketing activities.

It applies in compliance with Regulation (EU) 2016/679 (GDPR), Italian Legislative Decree 196/2003 as amended, and applicable e-privacy laws.

Data Processed

  • Account/order data: first name, last name, email, phone, billing and shipping addresses, order content, notes.

  • Payments: transaction outcome, payment identifiers (token). The Controller does not store card details; they are processed by Stripe.

  • Contacts/support: data sent via forms (first name, last name, email, phone, message).

  • Reviews/content: published reviews, possible alias/name, anti-spam metadata.

  • Browsing data: IP address, user-agent, technical logs, online identifiers (cookies/SDK) according to preferences expressed in the cookie banner.

  • Language preferences: language settings (Polylang), language preference cookies.

  • Newsletter: email and preferences, aggregate statistics (opens/clicks) if subscribed.

Purposes and Legal Bases

  • Technical management of the Website and security: page delivery, abuse prevention, diagnostics. Legal basis: legitimate interest (Art. 6.1.f GDPR).

  • E-commerce: order management, accounts, delivery, invoicing, after-sales support. Legal basis: contract performance/pre-contractual measures (Art. 6.1.b) and legal obligations (Art. 6.1.c).

  • Payments: payment processing/anti-fraud security via Stripe. Legal basis: contract performance (Art. 6.1.b) and legitimate interest (Art. 6.1.f).

  • Contacts: responding to requests via form/email. Legal basis: pre-contractual measures and legitimate interest (Art. 6.1.b/f).

  • Reviews/content: publication and moderation. Legal basis: contract performance/legitimate interest (Art. 6.1.b/f).

  • Statistics: Google Analytics (via Site Kit) for aggregated traffic analysis. Legal basis: consent (Art. 6.1.a).

  • Marketing/newsletters: promotional communications with Mailchimp (opt-in, double opt-in recommended). Legal basis: consent (Art. 6.1.a).

  • Advertising/remarketing: Meta Pixel, TikTok Pixel, Google Ads/Remarketing. Legal basis: consent (Art. 6.1.a).

  • Language localization: storing language preference (Polylang). Legal basis: consent or functional necessity.

Mandatory Data

Data marked as mandatory at checkout/in forms are necessary to provide the service.

Marketing activities are optional and carried out only with consent.

Processing Methods

Processing is carried out with electronic tools and appropriate security measures.

Access is limited to authorized staff and providers acting as Processors under Art. 28 GDPR or, where applicable, as Independent Controllers (e.g., Stripe, Printful).

Recipients

  • Hostinger (hosting, servers in Germany – EU).

  • Payments: Stripe Payments Europe/Stripe Inc. (Privacy).

  • Production and shipping: Printful Inc. and group companies (print-on-demand/fulfillment, global network) — Privacy Policy.

  • Analytics/Google: Google Ireland/Google LLC (GA4, Site Kit; Privacy).

  • Newsletter: Mailchimp/Intuit (Privacy).

  • Advertising: Meta Platforms, TikTok, Google Ads.

  • Authorities/consultants: where required by law or judicial protection.

Transfers outside the EEA

Some providers (Stripe, Google, Mailchimp, Meta, TikTok, Printful for certain production sites outside the EU/EEA, e.g., USA) may process data outside the EEA.

Transfers take place on the basis of Standard Contractual Clauses (SCCs) and additional measures adopted by providers.

Data Retention

  • Orders/invoices: 10 years (accounting/tax obligations).

  • Accounts: for the duration of the account; order data retained for 10 years (legal obligation).

  • Contacts: up to 24 months.

  • Newsletter: until withdrawal/unsubscription. Consent logs kept up to 10 years for legal proof.

  • Technical logs: up to 6 months.

  • Cookies/identifiers: according to the durations in the Cookie Policy.

Cookies and Consent

A cookie banner (Complianz) is active with prior blocking: non-essential scripts/cookies remain disabled until consent is given.

You can change your choices at any time through “Manage consent”. Details in the Cookie Policy.

Newsletter (Mailchimp)

  • Data: email, optionally name/surname; aggregate statistics (opens/clicks).

  • Legal basis: consent; withdrawable at any time.

  • Provider: Mailchimp/Intuit (SCCs; privacy link above).

Advertising/Pixels (Meta, TikTok, Google Ads)

Active only with Marketing consent. They collect identifiers (cookies), IP, user-agent, events (view content, add to cart, purchase).

If “advanced matching” (Meta) is enabled, hashes of email/phone may be sent, only with consent.

reCAPTCHA (anti-spam)

Some forms may be protected by Google reCAPTCHA. Google’s privacy policy applies. Loaded only with consent if configured as a service subject to consent.

E-commerce, fulfillment and payments

  • Digital orders: files are made available after payment.

  • Printed orders: products printed and shipped via Printful (global network). Shipping data are shared with couriers and fulfillment partners.

  • Payments: managed by Stripe; the Website receives only tokens/outcomes.

Data Subject Rights

You have the right to: access, rectification, erasure, restriction, objection, portability, withdrawal of consent, and objection to automated decisions where applicable.

Requests: info@pixuprint.net

You have the right to lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it – Piazza Venezia 11, 00187 Rome).

Security

Appropriate technical and organizational measures (TLS/HTTPS, updates, hardening, access controls, backups).

Data are processed on servers in Germany (EU), except as indicated for transfers outside the EEA.

Children

The Website and services are not intended for children under 14 years of age (Art. 2-quinquies Italian Privacy Code).

If we become aware of unauthorized data from children, we will delete them.

Automated Decisions and Profiling

No solely automated decisions are made that produce legal effects on the data subject.

Advertising/remarketing activities may involve limited profiling for ad personalization, only with consent.

Changes

This policy may be updated. We invite you to check it periodically.

Last update: 07/09/2025

Scroll to Top