Privacy & personal data

1. Data controller

The controller is AuraFunded, represented by its legal representative. To exercise GDPR rights or ask privacy questions, use the contact email shown on the site or in your order confirmation.

2. Data we process

• Browsing data (e.g. IP address, browser type, pages visited, timestamps) via server logs and, if enabled, technical analytics in aggregated or anonymized form where possible.
• Data you provide: name, shipping address, email, phone (if entered), files uploaded for product personalization, order notes.
• Purchase data: products, amounts, order status, invoicing or tax data where applicable.
• Cookies and similar: technical cookies required for the site and cart; any third-party cookies will be described in a banner or dedicated section if activated.

3. Purposes and legal bases

• Service and sales (cart, orders, payment, shipping, support, personalization): contract or pre-contract measures (Art. 6(1)(b) GDPR).
• Legal obligations (e.g. accounting records): legal obligation (Art. 6(1)(c) GDPR).
• Security and abuse prevention: legitimate interest (Art. 6(1)(f) GDPR), respecting your rights.
• Marketing, where offered: consent where required (Art. 6(1)(a) GDPR), withdrawable at any time.

4. Recipients and processors

Data may be processed by service providers appointed as processors where needed, including e-commerce and checkout, payment providers, carriers, hosting, and email. They are bound by contract and appropriate security measures.

Some providers may be outside the EEA: we use GDPR safeguards (e.g. EU Standard Contractual Clauses) unless an adequacy decision applies.

5. Retention

We keep data as long as needed for the purposes above and as required by law (e.g. accounting). Data related to enquiries that do not become orders may be kept for a limited period to handle the request.

6. Your rights

You may request access, rectification, erasure, restriction, data portability (where applicable), or object to processing based on legitimate interest. You may withdraw consent without affecting prior lawful processing.

You may lodge a complaint with the Italian supervisory authority: Garante per la protezione dei dati personali (www.garanteprivacy.it).

7. Nature of provision

Data required to fulfil your order are necessary to complete the sale and shipment. Other processing (e.g. marketing) is optional and explained at collection.

8. Automated decisions

We do not use solely automated decision-making that produces legal effects or similarly significantly affects you, except fraud-prevention tools from payment or platform providers within legal limits.