PRIVACY POLICY

1. Data Controller

FRATELLI LEO SRL ("we", "us", "our") is the data controller responsible for your personal data. Registered office: Italy. For any privacy-related enquiries, please contact us at [email protected].

2. Data We Collect

When you register or use our B2B wholesale platform, we may collect:

• Account data: name, email address, company name, VAT number, phone number, billing and shipping address.
• Order data: part numbers ordered, quantities, prices, order history, payment status.
• Technical data: IP address, browser type, device information, access logs (for security and fraud prevention).
• Communication data: messages you send us, support requests.

3. Legal Basis for Processing

We process your personal data on the following legal bases (GDPR Art. 6):

• Contract performance (Art. 6(1)(b)): to create and manage your account, process orders, and arrange delivery.
• Legal obligation (Art. 6(1)(c)): to comply with tax, accounting, and other regulatory requirements.
• Legitimate interests (Art. 6(1)(f)): to prevent fraud, ensure platform security, and improve our services.
• Consent (Art. 6(1)(a)): for optional marketing communications (you may withdraw consent at any time).

4. How We Use Your Data

• To create and manage your B2B wholesale account.
• To process, fulfil, and track your orders.
• To send transactional emails (order confirmations, shipping notifications, payment receipts).
• To communicate account approvals, status changes, and important updates.
• To comply with legal and regulatory obligations.
• To detect and prevent fraud or abuse of the platform.

5. Data Sharing

We do not sell your personal data. We may share data with trusted third parties only where necessary:

• Payment processors: Stripe Inc. processes payments. Stripe's privacy policy applies to payment data.
• Email service providers: Resend or similar services for transactional emails.
• Logistics partners: shipping carriers receive your delivery address to fulfil orders.
• Regulatory authorities: where required by law (e.g., tax authorities, customs).

All processors are contractually bound to handle your data in accordance with GDPR.

6. Data Retention

We retain your personal data for as long as your account is active or as required by law. Order records are retained for a minimum of 10 years for tax and accounting compliance. Account data is deleted within 90 days of a verified account closure request, unless a longer retention period is required by law.

7. Your Rights (GDPR)

Under the GDPR, you have the following rights regarding your personal data:

• Right of access (Art. 15): request a copy of the data we hold about you.
• Right to rectification (Art. 16): request correction of inaccurate or incomplete data.
• Right to erasure (Art. 17): request deletion of your data ("right to be forgotten"), subject to legal retention obligations.
• Right to restriction (Art. 18): request that we limit processing of your data in certain circumstances.
• Right to data portability (Art. 20): receive your data in a structured, machine-readable format.
• Right to object (Art. 21): object to processing based on legitimate interests.
• Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting prior processing.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) at www.garanteprivacy.it.

8. Cookies

We use strictly necessary cookies to maintain your login session and ensure the platform functions correctly. We do not use advertising or tracking cookies. A session cookie is set when you log in and is automatically removed when you log out or close your browser.

You can control cookies through your browser settings. Disabling session cookies will prevent you from logging in to the platform.

9. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or destruction. These include encrypted connections (HTTPS/TLS), access controls, and regular security reviews.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on the platform. The current version is always available at this URL.

11. Contact

For any questions or requests regarding this Privacy Policy or your personal data, please contact: