Privacy Policy
Last update: 4 November 2025
This Privacy Policy describes how Due D Calzature S.r.l. collects, uses, and protects the personal data of users who visit or make purchases on the websitewww.duedcalzature.comor use the related services (hereinafter, the “Services”).
By using the website, the user declares that they have read and understood this Privacy Policy.
1. Data Controller
Data controller: DUE D DIFFUSIONE CALZATURE S.R.L.
Trade name: Due D Calzature S.r.l.
Registered office: Via Sant’Andrea int.3, 135 – 76011 Bisceglie (BT), Italy
VAT number: 04547700726
Email/PEC: duedcalzature@pec.it
Phone: 0803926700
The controller has not appointed a Data Protection Officer (DPO).
2. Personal data collected
During the use of the website and Services, we may collect the following categories of personal data:
- Contact data: first name, last name, shipping and billing address, phone number, email.
- Account data: username, password, preferences.
- Order data: purchased items, amounts, dates, and delivery methods.
- Payment data: information needed to process bank transfers (no cards or online transactions are handled on the website).
- Communications: information voluntarily provided via email or contact forms.
- Technical data: IP address, device type, browser, and connection data necessary for the proper functioning of the website.
Sensitive or judicial data are not collected.
3. Purposes and legal bases of processing
Personal data are processed for the following purposes:
| Purpose | Legal basis |
|---|---|
| Order processing and management, shipping, and invoicing | Performance of a contract (Art. 6, para. 1, letter b GDPR) |
| Creation and management of customer account | Performance of a contract |
| Customer communication and post-sale support | Performance of a contract / legitimate interest |
| Compliance with tax and accounting obligations | Legal obligation (Art. 6, para. 1, letter c GDPR) |
| Security and fraud prevention, website maintenance | Legitimate interest of the controller |
| Handling requests and complaints | Performance of a contract / legal obligation |
No marketing activities or automated profiling are carried out.
4. Data processing methods and security
Data are processed using IT and telecommunication tools, adopting technical and organizational measures to ensure security and confidentiality.
The website uses a proprietary infrastructure developed on Directus and Next.js, deployed on AWS servers. Access to data is limited to authorized personnel and solely for the purposes of providing the Services.
5. Data retention
Personal data are retained for no longer than necessary to achieve the purposes for which they were collected:
- Order, invoice, and accounting data: 5 years (for tax and administrative purposes).
- Account data: until deletion is requested.
- Communications: for the time necessary to handle the request.
6. Data sharing and disclosure
Personal data may be shared with:
- Employees and collaborators of Due D Calzature S.r.l., duly authorized to process data.
- Accounting, legal, or tax consultants acting on behalf of the company.
- IT and hosting service providers (e.g., Amazon Web Services) acting as data processors.
No personal data is transferred outside the European Economic Area.
7. Data of minors
The website is also accessible to users under 18 years old, only with the consent of parents or legal guardians. We do not intentionally collect data of minors without such consent. In case of notification, the data will be immediately deleted.
8. Rights of the data subject
In accordance with Articles 15–22 of the GDPR, the user may exercise the following rights:
- Obtain confirmation of the existence of personal data and access them.
- Request correction, deletion, or restriction of processing.
- Object to processing for legitimate reasons.
- Request the portability of personal data.
- Withdraw consent (if applicable).
Requests can be sent via email to: duedcalzature@pec.it
9. Complaints
Data subjects who believe that their personal data is being processed in violation of the GDPR may lodge a complaint with the Italian Data Protection Authority(www.garanteprivacy.it).
10. Changes to this Privacy Policy
This Privacy Policy may be updated periodically. Any changes will be published on this page with the indication of the new update date. Users are encouraged to check it regularly.
