Privacy / GDPR

PRIVACY NOTICE

PURSUANT TO ARTICLES 13-14 OF EU REGULATION 2016/679 (GDPR)

Last updated: 06/15/2026

This notice is provided in accordance with Regulation (EU) 2016/679, the General Data Protection Regulation (hereinafter "GDPR"), Legislative Decree 196/2003 as amended by Legislative Decree 101/2018 (hereinafter "Privacy Code") and the Guidelines of the Italian Data Protection Authority.

1. Data Controller

The Data Controller is Omega Srl, with registered office at Corso Venezia 19/A, 10147 Turin (Italy), VAT and Tax Code: 11676860015, REA: TO-1232113.

Contact email for privacy matters: privacy@dream-shop.it

Data Protection Officer (DPO): not appointed.

The User assumes responsibility for the Personal Data of third parties obtained, published, or shared through this Website.

2. Types of data processed

Personal data voluntarily provided: first name, last name, email, phone number, shipping and billing address, VAT number, payment data (e.g. credit card via Stripe), purchase preferences, order history.

Browsing and usage data: IP address, device, browser, pages visited, behaviour on the site, time spent, clicks, abandoned carts.

Data collected through third-party tools: Meta pixels (Facebook/Instagram), Google Analytics 4, WhatsApp Business, newsletters via email platform (Omnisend).

Data from social login (if active): name, email, profile picture (within the limits of the consent given to the social account).

In summary, the categories of data processed are:

• Identification data
• Contact data
• Shipping and billing data
• Payment data (never stored by the Data Controller)
• Browsing and site usage data
• Purchase-related data
• Data voluntarily provided via WhatsApp, email, or forms
• Online identifiers (cookies, pixels, device ID)

3. Purposes of processing and legal bases

4. Tools, services, and third-party providers

4.1 eCommerce platform

The site is hosted on Shopify, which provides the technical infrastructure for e-commerce, including order management, payments, and security.

4.2 Payment services

Payments are managed through certified external providers. The Data Controller does not store or have access to complete payment card data.

The services used include:

• PayPal
• Shop Pay
• Google Pay
• American Express
• Visa
• Mastercard

Payment data processing takes place directly on the systems of the respective providers, acting as Independent Data Controllers.

4.3 Analytics and tracking services

Google Analytics 4 — used to analyse site traffic and usage in aggregate form. IP addresses may be anonymized or pseudonymized.

Meta Events Manager and Meta Pixel — used for conversion tracking, remarketing, and measuring the effectiveness of advertising campaigns. Processing takes place with consent via the cookie banner.

Pinterest (Account access and OAuth) — used for access and integration of the Pinterest account and for marketing and promotion activities.

4.4 Communication services

WhatsApp Business – Customer support — used for communications related to orders, shipments, returns, and post-sale assistance.

WhatsApp Business – Direct marketing — used exclusively with the user's explicit consent for sending promotional communications.

Mailgun — service used for sending transactional emails (orders, confirmations, notifications).

4.5 Security, infrastructure, and monitoring

Cloudflare — used for protection against cyber attacks, performance improvement, and site security.

Sentry — used for monitoring technical errors and site performance, without profiling purposes.

5. Mandatory provision of data

The provision of data is mandatory for contractual and legal purposes (e.g. order fulfillment, invoicing). Failure to provide data makes it impossible to deliver the services. For marketing or statistical analysis purposes, providing data is optional and consent can always be revoked.

6. Methods of processing and security measures

Processing takes place using electronic tools, in compliance with the principles of lawfulness, fairness, transparency, data minimization, and integrity. The data is protected by:

• Authentication systems and controlled access
• SSL/TLS encryption
• Regular backups
• Certified data centers (e.g. OVH, EU)

7. Authorized persons and recipients

Data may be processed by authorized personnel (sales, administration, customer support) and by external parties designated as Data Processors (e.g. IT providers, accountants, hosting providers, couriers, Stripe, Meta, Google).

The updated list is available upon request.

8. Data transfer outside the EU

Some tools and providers (e.g. Meta, Google, Stripe, Shopify) involve a transfer to third countries (e.g. USA). In such cases, the transfer is carried out in compliance with Chapter V of the GDPR, through:

• Standard Contractual Clauses (SCC) approved by the European Commission
• Adequacy decisions of the Commission

9. Rights of the data subject (Arts. 15-22 GDPR)

The user has the right to:

• access their data
• request its rectification, erasure, or restriction
• object to processing for legitimate reasons or for direct marketing
• withdraw consent at any time
• obtain data portability
• file a complaint with the Italian Data Protection Authority (www.garanteprivacy.it)

Requests should be sent to: privacy@dream-shop.it

10. Data retention

Data is retained:

• 10 years for tax/contractual obligations
• 26 months for web and Analytics data
• Until revoked for marketing purposes
• 24 months for contacts and general requests

At the end, the data is deleted or anonymized.

11. Changes and updates

Omega Srl reserves the right to modify this notice. Changes will be communicated via the site or by email if necessary. We encourage you to consult this page regularly.

12. Cookie Policy

The site uses technical, analytical, and profiling cookies. Full details are available in the separate Cookie Policy, accessible from the cookie banner.

Data Controller: Omega Srl
Email: info@dream-shop.it
Website: www.dream-shop.it