Privacy Policy
Last updated: May 2026 — GDPR Compliant (EU 2016/679)
1. Data Controller
Casa di Masha
Email: contact@casadimasha.shop
Phone: +39 351 253 6059
2. Data Collected
- Account Data: first name, last name, email, encrypted password
- Order Data: address, purchase history
- Payment Data: processed by Shopify Payments (no bank data stored)
- Browsing Data: IP, pages visited, duration (analytical cookies)
- Communications: emails sent to customer service
3. Purposes of Processing
- Process and deliver your orders
- Manage your customer account
- Send confirmations and notifications
- Send our newsletter (if consent given)
- Improve the website and services
- Comply with legal and accounting obligations
4. Data Sharing
- Shopify — hosting and platform
- Carriers — order delivery
- Shopify Payments / PayPal — payment processing
We never sell your data to third parties.
5. Retention
- Account data: duration of relationship + 3 years
- Order data: 10 years (legal obligation)
- Newsletter: until unsubscription
- Browsing data: 13 months max
6. Your GDPR Rights
AccessObtain a copy of your data
RectificationCorrect inaccurate data
ErasureDelete your data
PortabilityReceive your data
ObjectionRefuse marketing
RestrictionLimit processing
To exercise these rights: contact@casadimasha.shop
7. Cookies
- Essential: cart, session, security (mandatory)
- Analytical: visit statistics (with consent)
- Marketing: personalized advertising (with consent)
8. Security
SSL/TLS encryption, restricted access, encrypted passwords, secure Shopify hosting.
9. Contact and Complaints
Email: contact@casadimasha.shop
Italian supervisory authority: Garante Privacy