Privacy Policy

Privacy Policy

Dear User, respect of the Privacy Policy is particularly dear to us.

In particular, the "General Regulation on Data Protection" (EU Regulation 2016/679, known by the English acronym "GDPR") requires us to provide you with the following information on the processing of your Personal Data, pursuant to art. 13 of the aforementioned Regulation.

The "Processing of Personal Data", in simple words, is any operation concerning any "information relating to an identified or identifiable natural person". For example, name and surname, or an e-mail address with a "user name" that identifies you (e.g. mariorossi@...), is considered "Personal Data", and the fact of collecting it, registering it with us and using it to send you a communication, are considered "Processing" operations; so also (always for example) communication to other subjects and storage.

The website of the Guarantor Authority for the Protection of Personal Data contains further information useful to better understand the subject (see for example:

We are defined as the "Data Controller", a subject who determines how and for what purposes we process information relating to natural persons.

You, as the "natural person to whom the Personal Data refer", are defined as the "Data Subject", and you are entitled to receive the following information about who we are, what personal data we process, why, how and for how long we process it, and what obligations and rights you have in this regard.

Depending on whether you are a simple Visitor or a Customer, we collect and/or need you to provide us with certain Data, which we need to allow you to browse the Site and/or use our services; in the first case this information does not allow you to be identified (and therefore we will not process Personal Data, but only "Browsing Data").

Le definizioni dei termini ed espressioni utilizzati sono contenuti nel Glossario in calce o nelle Condizioni Generali di Contratto

Who are we? ("Data Controller")

HDB S.R.L. with registered office in Milan, Via Corso di Porta Vittoria no. 18, VAT no. 08790700960 (a.k.a. HDB)

What types of Personal Data do we process?

"Common" Personal Data (e.g. name and surname, physical address, e-mail address, etc.), to the minimum extent necessary to achieve each of the Purposes indicated below.

Why do we process Personal Data (Purpose) and what is the basis for the Processing (Legal Basis) of each Data category?



Personal Data Types

Legal basis


Allow you to browse the Site

Common (nella misura in cui le informazioni raccolte consistano in Dati Personali)

Our legitimate interest (that of being able to present our services to you)


Meet your requirements regarding our products / services


The need to take pre-contractual measures at your request


Deliver our products / Deliver our services and everything related to them to you


The need to execute the Contract with you


Marketing (sending advertising material, commercial communication, direct sales and carrying out market research), by means of the Newsletter and/or by e-mail


Your consent, freely given and revocable at any time


Marketing (to the e-mail details provided by the Customer, on products and services similar to those provided, pursuant to art. 130 paragraph 4 Privacy Code)

Common (e-mail address)

Our legitimate interest (to consolidate our business relationship with you)


Fulfil obligations provided for by the Applicable Regulations and/or orders issued by Authorities


The need to perform the Contract with you or the need to fulfil legal obligations


To ascertain, exercise and/or defend a right in the competent courts


The need to pursue this aim in court


Statistics, but with the use of information made anonymous (which no longer allow me to trace his identity)

Anonymous information

None, because the information does not consist of Personal Data

To whom do we communicate the Data (Categories of Recipients)?

The data may be transferred to the following categories of subjects, to the minimum extent necessary to achieve each purpose, on the basis of applicable law or a contractual agreement with HDB:

  1. subjects necessary for the execution of the activities connected and consequent to the execution of the Contract, who act as Data Processors or as autonomous Data Controllers (e.g. suppliers of IT, banking, insurance, shipping and transport services, commercial agency, accounting, tax, legal, etc.);
  2. Partners whose products we sell, exclusively for the purpose of delivery of the product / provision of the service purchased;
  3. public organizations and Authorities, if and to the extent required by the Applicable Regulations or their orders, or for the exercise, assessment and/or defence of a right in court.
There is no Dissemination of Personal Data, except in cases where it is required, in accordance with the law, by Authorities, information and security bodies or other public entities for purposes of defence or State security or for the prevention, detection or repression of crimes.

How long do we keep the Data?

We process Data for Marketing purposes until you revoke your consent or unsubscribe from the Newsletter; for other purposes, the maximum retention time is subject to the provisions of the Applicable Law which allow us to (or oblige us to) retain the data for the protection of our rights. Your purchase data will be retained for 5 years.

Do we transfer Personal Data outside the European Union or to international organizations?

Yes, through the services of Shopify International Limited (based in Dublin, Ireland), which may in turn transfer data to countries outside the European Economic Area. Please see for further information.

Do we do profiling?

Yes, albeit in a limited way: we will keep a history of your purchases, and (with your consent) we will send you promotional emails based on automated analysis of your purchase preferences.

Does the Site use Cookies?

Yes. To find out more and to view our policy in this regard please see the Cookie Policy

Is the Interested Party obliged to provide us with Personal Data?

The communication of Navigation Data (which, however, does not normally consist of Personal Data) is mandatory in order for us to allow you to navigate the Site.

You are, of course, not obliged to use our products/services, to subscribe to our Newsletter, but if you wish to do so, you must provide us with the Personal Data we require from you.

What happens if the Interested Party refuses to communicate your Data?

Due to the functioning of the Internet network, the Visitor cannot refuse the communication of Navigation Data; the refusal to install technical cookies does not allow the correct use of certain functions of the Site; the refusal to install analytical cookies has no consequences.

If the Customer refuses to communicate the Data, we will not be able to execute the Contract.

The following individuals will not be able (or will no longer be able) to be informed about news related to our business, nor will we be able to benefit from any promotions, discounts or bonuses:
  • the Customer refusing the use of his/her e-mail address for sending Marketing communications;
  • the User who does not give consent to the Processing for Marketing purposes, or withdraws it subsequently

What rights does the interested party have?

The interested party has the right to:

  1. access your Data in our possession and request a copy of it, unless the exercise of this right violates the rights and freedoms of other natural persons; 
  2. request the correction of Personal Data that may be incomplete or inaccurate;
  3. obtain the deletion of data, except for the exclusions established by art. 17.3 GDPR;ù
  4. request the Limitation of the Processing, if the conditions are met, except for the exclusions established by art. 18.2 GDPR;
  5. oppose the Processing for Marketing purposes or the Profiling activity, not giving consent initially or revoking it subsequently;
  6. request and obtain an updated list of the subjects who process personal data on behalf of HDB ("data processors"), together with the data useful for their identification;
  7. request the portability of the data (i.e. to receive them in a structured format, in common use and readable by an automatic device, such as a computer, in order to transmit them to another data controller without hindrance), where technically possible and within the limits of processing based on consent or on the execution of a contract;
  8. lodge a complaint to the Data Protection Authority (in Italy,, or to the Guarantor Authority of the EU State in which he or she habitually resides or works, or of the place where the alleged breach has occurred.
The exercise of the above rights may also be delayed, limited or excluded in the cases provided for by art. 2-undecies of Legislative Decree 196/2003.

If you have any doubts or questions about the Processing of your Data, what can you do?

You can write us at the e-mail address or by paper mail at Via Corso di Porta Vittoria n. 18, 20122 Milan (MI).