Privacy Policy
Last updated: 1 January 2025
Data Controller
Heartly DesignVia Carlo Lorenzini, 72, 00137 Roma (RM), Italy
P.IVA: IT15203060582
hello@heartlydesign.com
Data we collect
We collect first and last name, email address, phone number, country of residence, and anonymous navigation data. We never sell data to third parties.
Payment data is never stored on our servers. All payments are processed by Stripe, Inc., which operates in compliance with the PCI DSS standard.
Purpose of processing
- Process orders and coordinate execution of design projects
- Send payment confirmations, receipts, and project updates
- Respond to enquiries via the contact form or chat widget
- Anonymous statistical analysis of site behaviour
Legal basis
Processing is based on: Art. 6(1)(b) GDPR for contract performance; Art. 6(1)(a) GDPR for consent to optional cookies; Art. 6(1)(c) GDPR for legal tax obligations.
Data retention
Order data is retained for 10 years under Italian tax law. Contact data not linked to orders is deleted within 24 months of last contact.
Your rights
You have the right to access, rectification, erasure, portability, restriction, and objection. Write to: hello@heartlydesign.com
You may also lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it).
International transfers
Data may be transferred to Stripe, Inc. (USA) for payment processing, under the European Commission's Standard Contractual Clauses. No other transfers outside the EEA.