Information pursuant to Article 13 of Regulation (EU) 2016/679 (General Data Protection Regulation – “GDPR”)
Last updated: [23/02/2026]
1. Data Controller
The Data Controller is:
CRACKERS SNC
Via Istanbul, 4
07026 Olbia (SS), Italy
Email: info@tobecrackers..com
(hereinafter referred to as “Pas De Mer” or the “Controller”).
For any request regarding the processing of personal data, you may contact the Controller at the email address above.
2. Categories of Personal Data Collected
We may collect and process the following categories of personal data:
a) Registration and Identification Data
-
First name and last name
-
Residential and/or shipping address
-
Country
-
Date of birth
-
Gender (if voluntarily provided)
-
Email address
-
Username and password
b) Transaction and Purchase Data
-
Products purchased
-
Billing and shipping address
-
Tax code or VAT number (where required)
-
Telephone number
-
Payment information (processed securely via certified payment providers)
c) Communication Data
-
Information provided when contacting customer service
-
Emails, chat messages, and social media communications
d) Technical and Usage Data
-
IP address
-
Device identifiers
-
Browser type and version
-
Access logs
-
Date and time of visit
-
Pages viewed and interactions
e) Data Collected Through Cookies and Tracking Technologies
(See our dedicated Cookie Policy for detailed information.)
3. Purposes of Processing and Legal Bases
Personal data are processed for the following purposes:
A. Account Registration and Management
Legal basis: Article 6(1)(b) GDPR (performance of a contract)
-
Creation and management of user accounts
-
Access to reserved areas
-
Customer support
-
Management of authentication credentials
B. Order Management and Sales
Legal basis: Article 6(1)(b) GDPR
-
Processing and fulfillment of orders
-
Shipping and delivery of products
-
Payment processing
-
Invoicing
-
Returns and refunds management
C. Compliance with Legal Obligations
Legal basis: Article 6(1)(c) GDPR
-
Compliance with tax and accounting obligations
-
Compliance with applicable laws and regulations
-
Responding to lawful requests from authorities
D. Marketing Communications
Legal basis: Article 6(1)(a) GDPR (consent)
-
Sending newsletters
-
Promotional communications
-
Offers and commercial information via email, SMS, or other electronic means
Consent is freely given and may be withdrawn at any time by:
-
Clicking the unsubscribe link in communications
-
Contacting us at info@pasdemer.com
Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.
E. Profiling and Personalized Marketing
Legal basis: Article 6(1)(a) GDPR (explicit consent)
-
Analysis of purchasing preferences
-
Customer segmentation
-
Personalized offers and targeted advertising
Profiling activities do not produce legal effects or similarly significant effects on the data subject.
F. Legitimate Interests of the Controller
Legal basis: Article 6(1)(f) GDPR
-
Prevention of fraud
-
IT security and system protection
-
Legal defense and protection of rights
-
Service improvement and analytics
Data subjects have the right to object at any time to processing based on legitimate interests.
4. Methods of Processing
Personal data are processed using electronic and automated tools, in compliance with the principles of:
-
Lawfulness
-
Fairness
-
Transparency
-
Data minimization
-
Storage limitation
-
Integrity and confidentiality
Appropriate technical and organizational measures are implemented to ensure data security.
5. Data Retention Period
Personal data are retained only for as long as necessary for the purposes described above:
-
Order and invoicing data: 10 years (legal obligations)
-
User accounts: 24 months after last activity if inactive
-
Marketing data: until withdrawal of consent and in any case no longer than 24 months
-
Profiling data: maximum 12 months
-
Customer support communications: 24 months
After these periods, data will be deleted or irreversibly anonymized.
6. Nature of Data Provision
Providing data for contractual and legal purposes is necessary to complete purchases and receive services.
Failure to provide mandatory data may result in the inability to process orders or provide services.
Providing data for marketing and profiling purposes is optional.
7. Recipients of Personal Data
Personal data may be shared with:
-
Shipping and logistics providers
-
Payment service providers
-
IT and hosting service providers
-
Email marketing platforms
-
Accounting and legal consultants
Such parties act either as:
-
Data Processors pursuant to Article 28 GDPR
or -
Independent Data Controllers
8. Transfers of Data Outside the European Union
Some service providers may be located outside the European Economic Area (EEA).
In such cases, transfers are carried out in compliance with Articles 44–49 GDPR, through:
-
European Commission adequacy decisions
-
Standard Contractual Clauses (SCCs)
-
EU–US Data Privacy Framework (where applicable)
9. Data Subject Rights
Under Articles 15–22 GDPR, data subjects have the right to:
-
Access their personal data
-
Request rectification
-
Request erasure (“right to be forgotten”)
-
Request restriction of processing
-
Object to processing
-
Receive their data in portable format
-
Withdraw consent at any time
Requests may be sent to: info@pasdemer.com
10. Right to Lodge a Complaint
Data subjects have the right to lodge a complaint with the competent supervisory authority.
In Italy, the competent authority is:
Italian Data Protection Authority (Garante per la Protezione dei Dati Personali)
www.garanteprivacy.it
11. Cookies and Tracking Technologies
The Website uses:
-
Strictly necessary (technical) cookies
-
Analytical cookies
-
Marketing and profiling cookies (subject to prior consent)
Users may manage their preferences through the cookie banner and the dedicated Cookie Policy available on the Website.
12. Updates to This Privacy Policy
The Controller reserves the right to modify this Privacy Policy at any time.
Any changes will be published on this page with an updated revision date.