Home
Estate 26
— privacy · policy · mmxxvi

What we keep.

We respect your privacy. This is what we collect, why, who we share it with, and how long we keep it when you visit 2GET2U or place an order. Plain language — but it covers what GDPR (Article 13) asks us to tell you.

— 01

Who’s responsible

The data controller for 2GET2U is Thomas Colangelo, Milano, Italia. You can reach us about anything in this policy — or request our full postal address — at ssota@2get2u.com.

— 02

What we collect

  • Email address for drop alerts — only if you opt in.
  • Your name, shipping address, email, and order details when you make a purchase.
  • Payment is handled by Stripe — we never see or store your card number.
— 03

Why we’re allowed to

  • Orders— to perform our contract with you (Art. 6(1)(b)).
  • Marketing emails— your consent, given when you confirm the opt-in (Art. 6(1)(a)). Withdraw it anytime.
  • Bounce/complaint suppression & fraud prevention — our legitimate interest (Art. 6(1)(f)).
  • Tax & accounting records— a legal obligation (Art. 6(1)(c)).
— 04

Who we share it with

Only the providers that make the shop run, each acting for us:

  • Stripe — payments.
  • Amazon Web Services— order & subscriber storage and processing.
  • Resend— sending transactional & marketing email.
  • Vercel— hosting and cookieless analytics.
  • Telegram— new-order alerts to the owner (these include your email & shipping address).

We never sell your data or share it for third-party advertising.

— 05

Where it goes

Some of these providers process data in the United States. When they do, the transfer relies on the EU–US Data Privacy Framework and/or the European Commission’s Standard Contractual Clauses, so your data keeps EU-level protection.

— 06

How long we keep it

  • Order & invoice records: 10 years, as required by Italian tax law.
  • Marketing subscription: until you unsubscribe.
  • Suppression list (bounces/complaints): as long as needed so we don’t email you again.
— 07

Cookies & storage

  • A theme cookie that remembers light or dark.
  • Your cart, kept in your browser so it survives a refresh.
  • A checkout session token, only while you’re paying.
  • Anonymous, cookieless analytics (Vercel) to count visits and see which pages people land on — no cookies, no personal data stored, no cross-site tracking, no ad trackers, no third-party pixels. That’s why there’s still no cookie banner: we don’t set anything on your device that needs one.
— 08

Your rights

Under GDPR you can ask us to:

  • Access a copy of your data, or correct it.
  • Delete it, or restrict how we use it.
  • Get it in a portable format, or object to a use.
  • Withdraw marketing consent — unsubscribe anytime via the link in any email.

Email ssota@2get2u.com for any of these. You also have the right to complain to the Italian supervisory authority, the Garante per la protezione dei dati personali.

— 09

Updates

We may update this policy from time to time. Changes will be posted here.

Milano · Italiaeffective mmxxvi