Privacy Policy

1. Data Controller

The data controller for this website is the private individual operating DIY Machining, reachable at: diymachining@gmail.com — diymachining.it

This policy is provided in accordance with the EU General Data Protection Regulation (GDPR — Regulation (EU) 2016/679) and the Italian Privacy Code (D.Lgs. 196/2003 as amended by D.Lgs. 101/2018).

2. What Data We Collect

We collect the following personal data when you use this website or place an order:

• Identity data: first name, last name
• Contact data: email address, phone number (if provided)
• Delivery data: shipping address (for physical orders)
• Payment data: processed securely by our payment provider — we do not store card details
• Technical data: IP address, browser type, pages visited, time and date of access (collected via server logs and cookies)
• Communications data: messages you send us via the contact form or email

3. How We Use Your Data

We use your personal data for the following purposes:

• Processing and fulfilling your orders (legal basis: contract performance — Art. 6(1)(b) GDPR)
• Sending order confirmations and shipping updates (legal basis: contract performance)
• Responding to your enquiries (legal basis: legitimate interest — Art. 6(1)(f) GDPR)
• Complying with legal and fiscal obligations under Italian law (legal basis: legal obligation — Art. 6(1)(c) GDPR)
• Improving our website and services through analytics (legal basis: legitimate interest)
• Sending marketing communications, only if you have given explicit consent (legal basis: consent — Art. 6(1)(a) GDPR)

4. Cookies

This website uses cookies. Cookies are small text files stored on your device to help the site function correctly and to analyse traffic. We use:

• Essential cookies: required for the website and shopping cart to work
• Analytics cookies: to understand how visitors interact with the site (e.g. Google Analytics, if enabled)
• reCAPTCHA cookies: set by Google to protect our contact form from spam (Google Privacy Policy applies)

You can control cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of the site. By continuing to use this site you consent to the use of essential cookies.

5. Data Sharing & Third Parties

We do not sell your personal data. We may share it with the following categories of third parties:

• Shipping carriers (e.g. Poste Italiane, DHL, UPS) — to deliver your order
• Payment processors (e.g. Stripe, PayPal) — to process transactions securely
• Hosting providers — to operate this website
• Google — for reCAPTCHA and analytics services

Where data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place (e.g. Standard Contractual Clauses) in accordance with GDPR Chapter V.

6. Data Retention

We retain your personal data only for as long as necessary for the purpose it was collected:

• Order data: 10 years, as required by Italian fiscal and accounting law
• Contact form messages: up to 2 years
• Technical/log data: up to 12 months
• Marketing consent: until you withdraw consent

7. Your Rights

Under the GDPR, you have the right to:

• Access the personal data we hold about you
• Rectification of inaccurate or incomplete data
• Erasure ("right to be forgotten") where data is no longer necessary
• Restriction of processing in certain circumstances
• Data portability — receive your data in a structured, machine-readable format
• Object to processing based on legitimate interest or for direct marketing
• Withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at diymachining@gmail.com. You also have the right to lodge a complaint with the Italian data protection authority: Garante per la protezione dei dati personali — www.garanteprivacy.it.

8. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated date. We encourage you to review this page periodically.