Privacy Policy
Last updated: 1 January 2025
Data Controller
Five Towers Design SrlsVia Bergamo, 3, 20089 Rozzano (MI), Italy
P.IVA: IT11427360159
hello@fivetowersdesign.com
Data we collect
We collect first name, last name, email address, phone number, country, and anonymised navigation data. We do not sell data to any third party.
Payment data is never stored on our servers. All payments are processed by Stripe, Inc. under their PCI DSS compliance policies.
Purpose of processing
- Process orders and communicate about the commissioned project
- Send payment confirmations and invoices
- Respond to enquiries submitted via the contact form
- Anonymised statistical analysis of site behaviour
Legal basis
Processing is based on: Art. 6(1)(b) GDPR - contract performance; Art. 6(1)(a) GDPR - consent for optional cookies; Art. 6(1)(c) GDPR - legal tax obligations.
Data retention
Order data is retained for 10 years under Italian tax law. Contact data not linked to orders is deleted within 24 months of last contact.
Your rights
You have the right to access, rectification, deletion, portability, restriction, and objection. Write to: hello@fivetowersdesign.com
You also have the right to lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it).
Data transfers
Data may be transferred to Stripe, Inc. (USA) for payment processing under the European Commission's Standard Contractual Clauses. No other transfers outside the EEA.