Privacy Policy

Date of last update: 01.04.2026

This Privacy Policy describes how HERC collects and processes the personal data of users of the website www.hercwear.eu

1. DATA CONTROLLER

  • Data Controller: Gilberto Riato
  • VAT Number: 04908700273
  • Contact Information: support@hercwear.eu

The Controller is responsible for decisions regarding the purposes and methods of personal data processing and for the tools used, including security measures.

2. PERSONAL DATA COLLECTED

While browsing the Site or during registration/purchase, we may collect various types of personal data:

  1. Browsing data
    • IP addresses, domain names of the computers used by users connecting to the Site, information on visited pages and access times.
    • This data is collected in aggregate and anonymous form for statistical purposes and to monitor the proper functioning of the Site.
  2. Data voluntarily provided by the user
    • Personal information (name, surname, date of birth), contact data (email, phone), shipping and billing addresses, etc.
    • Such data is provided by the user, for example, when creating an account, placing an order, or requesting contact.
  3. Payment method data
    • If the user purchases products, payment-related data (e.g., credit card number, PayPal) is processed by payment service providers and is not directly available to the Controller, who only receives limited information (e.g., transaction outcome).
  4. Cookies and similar technologies
    • For details on the types of cookies used by the Site, their purposes, and how to deactivate them, please refer to the dedicated section or any specific information provided on the Site.

3. PURPOSES OF PROCESSING AND LEGAL BASES

The collected personal data will be processed for the following purposes and according to the indicated legal bases:

  1. Contract performance (Art. 6(1)(b) GDPR)
    • Order management, shipping, invoicing, and customer support service.
    • Registration of a personal account to use the features reserved for registered users.
  2. Fulfillment of legal obligations (Art. 6(1)(c) GDPR)
    • Accounting, invoicing, tax archiving, and other activities required by Italian and/or European legislation.
  3. Legitimate interest (Art. 6(1)(f) GDPR)
    • Prevention and combating of cyber fraud or illicit use of the Site.
    • Improvement of Site functionality and user experience (statistical analysis of aggregated and anonymized data).
  4. Consent (Art. 6(1)(a) GDPR) – where required
    • Sending newsletters or commercial communications if the user has voluntarily given their consent (e.g., subscribing to the mailing list).
    • In this case, the user may withdraw consent at any time.

4. METHODS OF PROCESSING

  • Processing is primarily carried out electronically or telematically, using organizational and logical tools strictly related to the indicated purposes.
  • Appropriate technical and organizational security measures are adopted to protect data from unauthorized access, disclosure, alteration, or unauthorized destruction.

5. DATA RETENTION PERIOD

Personal data will be stored for the time necessary to achieve the purposes for which it was collected, in compliance with the principles of minimization and storage limitation:

  • Data relating to contract performance: stored for the duration of the contractual relationship and for the subsequent 10 years (in compliance with legal obligations of a civil and tax nature).
  • Data collected for marketing purposes: stored until the user withdraws consent or, in the absence of withdrawal, for periods compatible with commercial communication purposes (usually 24 months).
  • Browsing data: stored in aggregated form for statistical purposes, for a period strictly necessary for the analysis of the Site's performance.

6. COMMUNICATION AND DISCLOSURE OF DATA

  • Personal data may be communicated to third parties, duly appointed Data Processors, who provide services instrumental to the aforementioned purposes (e.g., couriers for shipping, payment providers, accounting and tax consultants).
  • Personal data will not be disseminated to unspecified individuals or published online, unless specifically required by law or legal obligations.

7. TRANSFER OF DATA OUTSIDE THE EU

  • If the Data Controller uses cloud services or providers located outside the European Union, the processing will take place in compliance with the GDPR, through the adoption of Standard Contractual Clauses (SCC) approved by the EU Commission or other equivalent guarantees.

8. USER RIGHTS

As a data subject, the user can exercise the rights provided for in articles 15-22 of the GDPR. In particular:

  1. Right of access: to obtain confirmation as to whether or not personal data concerning them are being processed, and to receive a copy of such data.
  2. Right to rectification: to obtain the correction of inaccurate data or the integration of incomplete data.
  3. Right to erasure (right to be forgotten): to obtain the erasure of personal data, if the reasons provided for in art. 17 GDPR apply.
  4. Right to restriction of processing: to request the restriction of processing under certain circumstances.
  5. Right to object: to object at any time to the processing of data based on legitimate interest, unless there are compelling legitimate grounds for the processing.
  6. Right to data portability: to receive personal data concerning them in a structured, commonly used and machine-readable format and, where technically feasible, to transmit them to another controller without hindrance.
  7. Right to withdraw consent: where processing is based on consent, it is possible to withdraw it at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

To exercise these rights or for more information, the user can send a request to the Data Controller using the contact details provided at the beginning of this document. It is also always possible to lodge a complaint with the competent supervisory authority (in Italy, the Garante per la Protezione dei Dati Personali).

9. PROTECTION OF MINORS

  • The Website is not intended for users under 16 years of age, nor do we knowingly collect personal data from minors under 16 years of age.
  • If you believe that we have inadvertently collected data from a minor, please contact us immediately to request its deletion.

10. AMENDMENTS TO THIS PRIVACY POLICY

  • The Data Controller reserves the right to modify or update, in whole or in part, this Privacy Policy at any time, to comply with new legal provisions or for technical or business needs.
  • Changes will be published on the Website and will take effect immediately upon their publication. We therefore invite users to regularly consult this page to check for any updates.

For further information or clarification on our Privacy Policy, please contact the Data Controller at the addresses indicated at the beginning of this document.