Privacy policy


PRIVACY POLICY

Last updated: February 2, 2026

DATA CONTROLLER

Brand Mara-Amara

WEB-SITE mara-amara.com

Business name: Ditta Fundu a Susu di Pietro Zedda
Registered office: Località Caddas, Antiche Terme 09083 Fordongianus - OR
VAT number:01222450957
Tax code:ZDDPTR90S01E004W 
Email: mara-amara@mara-amara.com
Phone: +39 342 691 4084
REA: OR- 139976

1. INTRODUCTION

This Privacy Policy describes how Mara-Amara mara-amara.com website collects, uses, and protects users' personal data, in compliance with EU Regulation 2016/679 (GDPR) and Italian data protection legislation (Legislative Decree 196/2003 as amended).

By using our website and services, you accept the data processing methods described in this policy.

2. PERSONAL DATA COLLECTED

We collect and process the following categories of personal data:

Identification and contact data:

  • First and last name
  • Email address
  • Phone number
  • Billing address
  • Shipping address
  • Tax code or VAT number (for invoices)

Navigation data:

  • IP address
  • Browser and device type
  • Pages visited
  • Date and time of access
  • Technical and analytics cookies

Payment data:

  • Transaction information (managed by Shopify Payments)
  • We do not directly store credit card data

Order data:

  • Products purchased
  • Order history
  • Purchase preferences
  • Customization details (graphics, sizes)

3. PURPOSE AND LEGAL BASIS OF PROCESSING

Your personal data is processed for the following purposes:

a) Contract performance (Art. 6.1.b GDPR):

  • Order processing and management
  • Product production via Printify (print-on-demand)
  • Shipping via Printify partner carriers
  • Issuance of invoices and tax documents
  • Returns and refunds management
  • Customer support

b) Legal obligations (Art. 6.1.c GDPR):

  • Tax and accounting compliance
  • Document retention for 10 years (Italian tax regulations)
  • Response to requests from competent authorities
  • Customs procedures for non-EU shipments

c) Explicit consent (Art. 6.1.a GDPR):

  • Newsletter and marketing communications
  • Profiling for personalized offers
  • Non-technical cookies

d) Legitimate interest (Art. 6.1.f GDPR):

  • Site security and fraud prevention
  • Service improvement
  • Anonymous statistical analysis

4. DATA SHARING WITH PRINTIFY AND PARTNERS

IMPORTANT: For the production and shipping of your orders, we share your personal data with:

Printify (print-on-demand partner):

  • First and last name
  • Complete shipping address
  • Phone number (for carrier)
  • Email (for shipping notifications)
  • Order details (product, size, custom graphic)

Printify production partners: Your data is transmitted to Printify's certified production centers located in:

  • Europe (Germany, Latvia, United Kingdom)
  • United States
  • Other countries based on availability

Carriers and shippers:

  • Name, surname, address, phone
  • Information necessary for delivery
  • Customs data for non-EU shipments

Protection guarantees:

  • Printify is GDPR compliant
  • We use Standard Contractual Clauses (SCC) for extra-EU transfers
  • All partners are bound by confidentiality agreements
  • Printify Privacy Policy: https://printify.com/privacy-policy/

5. RETENTION PERIOD

Your personal data will be retained for the following periods:

  • Order and invoice data: 10 years (Italian tax obligation)
  • Account data: until account deletion
  • Marketing data: until consent withdrawal
  • Navigation data (cookies): maximum 24 months
  • Customer support data: 2 years from case closure
  • Data shared with Printify: according to their retention policy (max 7 years)

6. DATA RECIPIENTS

Your personal data may be communicated or shared with:

Essential service providers:

  • Shopify Inc. (Canada/USA) - e-commerce platform, hosting, payments
  • Printify (USA/Latvia) - production and fulfillment
  • Printify production partners (various locations) - product printing
  • Carriers (DHL, UPS, Italian Post, etc.) - order shipping
  • Payment processors
    • transaction management

Authorized parties:

  • Tax consultants and accountants
  • IT and maintenance service providers
  • Marketing service providers (only with consent)

Public authorities:

  • Italian Revenue Agency
  • Financial Police
  • Customs authorities (for non-EU shipments)
  • Judicial authorities (upon request)

All service providers are bound by confidentiality agreements and process data only according to our instructions, in compliance with GDPR.

7. EXTRA-EU DATA TRANSFER

Some of our providers (Shopify, Printify, production partners) are based in the United States or other non-EU countries. Data transfer occurs in compliance with GDPR through:

  • Standard contractual clauses (SCC) approved by the European Commission
  • Adequacy certifications (e.g., EU-US Data Privacy Framework)
  • Adequate guarantees for data protection

Destination countries:

  • United States (Shopify, Printify, production centers)
  • Canada (Shopify)
  • Latvia (Printify HQ)
  • Other EU and non-EU countries for production and shipping

8. NON-EU SHIPMENTS: DUTIES AND CUSTOMS DATA

For orders shipped outside the European Union:

Customs data sharing: For non-EU shipments (United Kingdom, Switzerland, USA, Canada, Australia, etc.), your data is shared with:

  • Customs authorities of the destination country
  • International carriers
  • Customs agents

Data shared:

  • First and last name
  • Complete address
  • Phone number
  • Goods value
  • Product description
  • Tax code/Tax ID (if required by country)

Customs duties and taxes:

  • Any customs duties, local VAT, import taxes and clearance fees are entirely the responsibility of the recipient
  • These costs are not included in the product price
  • We are not responsible for delays or customs costs
  • The customer is responsible for paying all required duties

We do not refund:

  • Customs duties paid
  • Import taxes
  • Clearance fees
  • Orders refused for non-payment of duties

9. COOKIES AND SIMILAR TECHNOLOGIES

Our site uses cookies and similar technologies:

Technical cookies (necessary):

  • Cart and session management
  • Account authentication
  • Language preferences
  • Site security

Analytics cookies:

  • Google Analytics (anonymized)
  • Site usage statistics
  • Performance analysis

Marketing cookies (only with consent):

  • Remarketing and personalized advertising
  • Conversion tracking
  • Facebook/Instagram pixels

You can manage cookie preferences through the banner on the site or your browser settings.

10. DATA SUBJECT RIGHTS

In accordance with Articles 15-22 of GDPR, you have the right to:

Right of access (Art. 15): obtain confirmation of processing and a copy of your data

Right to rectification (Art. 16): correct inaccurate or incomplete data

Right to erasure (Art. 17): request data deletion (right to be forgotten), except for legal obligations

Right to restriction (Art. 18): restrict processing in certain circumstances

Right to portability (Art. 20): receive data in structured format and transfer it to another controller

Right to object (Art. 21): object to processing for legitimate reasons

Right to withdraw consent (Art. 7.3): withdraw consent at any time (for marketing)

Right to lodge a complaint: file a complaint with the Data Protection Authority

11. HOW TO EXERCISE YOUR RIGHTS

To exercise your rights or for any privacy-related request, you can contact us:

  • Email: mara-amara@mara-amara.com
  • Phone: +39 342 691 4084
  • Mail: Vico Doria 4 09083 Fordongianus OR

We will respond to your request within 30 days, as required by GDPR.

For data processed by Printify: You can also exercise your rights directly with Printify:

12. COMPLAINTS TO THE PRIVACY AUTHORITY

You have the right to lodge a complaint with the supervisory authority:

Italian Data Protection Authority (Garante Privacy)
Piazza Venezia, 11 - 00187 Rome, Italy
Email: garante@gpdp.it
PEC: protocollo@pec.gpdp.it
Tel: +39 06 696771
Website: www.garanteprivacy.it

13. DATA SECURITY

We adopt adequate technical and organizational measures to protect your personal data:

  • SSL/TLS encryption for all communications
  • Limited access to data only for authorized personnel
  • Regular and secure backups
  • Protection systems against unauthorized access
  • Staff training on data protection
  • Periodic security audits

Printify and partners:

  • ISO 27001 certifications (information security)
  • PCI-DSS compliance for payments
  • Secure and certified data centers

14. MINORS

Our services are not intended for minors under 16 years of age. We do not knowingly collect data from minors. If you are a parent or guardian and discover that your child has provided us with personal data, contact us immediately for deletion.

15. CHANGES TO THE POLICY

We reserve the right to modify this Privacy Policy at any time for:

  • Compliance with new regulations
  • Changes to services or providers
  • Improvements in data protection

Changes will be published on this page with an updated date. We recommend checking this page periodically.

16. CONTACT

For any questions or requests regarding this Privacy Policy:

Data Controller:
Email: mara-amara@mara-amara.com
Phone: +39 342 691 4084
Address: Località Caddas, Antiche Terme 09083 Fordongianus -OR
Hours: Mon-Fri 9:00-18:00 CET

Data Processor (Printify):
Email: privacy@printify.com
Website: https://printify.com/privacy-policy/