Privacy Policy

We care about your privacy. This policy explains what we collect, why, and how you can exercise your rights under the GDPR and Austrian law (DSG, TKG 2021).

1. Controller & Contact

Controller: Silvia Iacobescu

Email: silvia@piccinotime.com

If you have any questions or requests about your data, email us at the address above.

2. What we collect (no user accounts)

We only collect what’s necessary to run the shop and deliver your order. That typically includes:

• Order & delivery details: name, billing/shipping address, email, phone (if provided), items purchased.
• Payment status/IDs: processed by Stripe or PayPal; we do not see or store your full card or bank details.
• Communications: emails or messages you send us (e.g., via contact form).
• Basic technical information: limited data collected by our hosting provider to operate and secure the site (see “Hosting by Webflow”).
  

3. Purposes & legal bases

• Order processing & delivery (Art. 6(1)(b) GDPR — contract).
• Invoicing/accounting & tax retention (Art. 6(1)(c) GDPR — legal obligation; typically 7 years under §132 BAO).  
• Customer support & communications (Art. 6(1)(b) and/or 6(1)(f) GDPR — contract/legitimate interests).
• Security & fraud prevention (Art. 6(1)(f) GDPR — legitimate interests).
  

4. Hosting by Webflow (our processor)

Our website and shop are hosted on Webflow. Webflow acts as our processor for content/forms and provides the infrastructure.

• Webflow Privacy: https://webflow.com/legal/privacy (incl. DPF & SCCs for international transfers).  
• EU & Swiss Privacy Policy: https://webflow.com/legal/eu-privacy-policy.  
• Data Processing Addendum (DPA): https://webflow.com/legal/dpa.  
• Sub-processors list: https://webflow.com/legal/subprocessors.  
• Cookie Policy (note: Webflow says it does not add cookies to customer sites by default; cookies may be added only if we enable tools like analytics or ads): https://webflow.com/legal/cookie-policy.  
  

Server logs & telemetry: Webflow controls technical logs needed to keep the service secure and reliable. We don’t have direct access to or control over Webflow’s log retention; Webflow’s privacy terms and DPA govern that processing.  

5. Payments (independent controllers)

We offer Stripe and PayPal. When you pay, you are interacting directly with these providers, who act as independent controllers for payment data.

Stripe (Stripe Payments Europe, Ltd., Dublin):

• Privacy Policy: https://stripe.com/privacy
• DPA / Data Transfers Addendum (SCCs, international transfers): https://stripe.com/legal/dpa and https://stripe.com/legal/dta
• Privacy Center & EU rights: dpo@stripe.com / https://support.stripe.com/ (privacy topics).  
  

PayPal (PayPal Europe S.à r.l. et Cie, S.C.A., Luxembourg):

• Privacy Statement (EU): https://www.paypal.com/gb/legalhub/paypal/privacy-full (PayPal’s legal hub routes to EU/EEA statements; region may localize)
• Binding Corporate Rules (intra-group transfers): https://www.paypal.com/gb/legalhub/paypal/bcr
• Help & privacy contacts/portal: https://www.paypal.com/us/legalhub/paypal/privacy-full or via your PayPal account’s Message Center.  
  

We never receive your full card or bank details. We only get payment status/IDs to match your order.

6. Sharing of data

We share personal data only when necessary:

• Carriers/fulfilment (to deliver your order).
• Payment providers (Stripe/PayPal, as above).
• Professional service providers (e.g., accountants) where required by law.
• Authorities if we have a legal obligation.
  

7. Cookies & tracking (Austria – TKG 2021)

We use only the cookies necessary to operate the site and checkout. If we ever add analytics/marketing tools, we will ask for your consent via a banner before such cookies run, in line with §165(3) TKG 2021 and the ePrivacy rules. Guidance from the Austrian DPA and others confirms consent is needed for non-essential/marketing cookies.    

Note: Webflow states it does not add cookies to customer-built sites by default; optional tools you or we enable (e.g., Google Analytics, ad pixels) may set cookies.  

8. How long we keep data

• Invoices, accounting and order records: generally 7 years to meet Austrian tax/commercial retention duties (§132 BAO; additional or longer periods may apply in specific cases).  
• Customer support emails: normally until your request is resolved and for up to 12 months afterwards (unless needed longer for legal reasons).
• Payment data: retained by Stripe/PayPal under their own policies — see their privacy pages.  
  

9. International transfers

Where data is transferred outside the EEA/UK/CH, our providers use recognized safeguards:

• Webflow: participates in the EU-U.S. Data Privacy Framework (DPF) and also offers SCCs under its DPA.  
• Stripe: uses SCCs and provides a Data Transfers Addendum; see Privacy Center.  
• PayPal: uses Binding Corporate Rules and other mechanisms.  
  

10. Your rights

Under the GDPR you have the right to access, rectification, erasure, restriction, data portability, and objection. To exercise these rights, email silvia@piccinotime.com.

Because we don’t offer user accounts, please include your order number and the email address used at checkout so we can identify your data. We will correct/delete what we hold and, where relevant, forward your request to our processors (Webflow/Stripe/PayPal) and coordinate with them. Webflow’s DPA confirms it will assist controllers with data-subject requests.  

You also have the right to lodge a complaint with the Austrian Data Protection Authority

11. Updates to this policy

If we change how we process personal data, we’ll update this page.