Skip to content
BrutusBrutus

PRIVACY POLICY

PRIVACY POLICY
Information on the processing of personal data pursuant to art. 13 of European regulation 679/2016

1. General Principles

1.1 This privacy policy outlines how Brutus S.r.l., in its capacity as Data Controller pursuant to EU Regulation 679/2016 (hereinafter "GDPR") and current legislation on personal data protection, manages the data and information of users interacting with the services offered by the Controller through the website www.brutusfactory.com (hereinafter also referred to as the “Site”).

1.2 If the data subject is under 16 years of age, pursuant to Article 8(1) of the GDPR and Article 2-quinquies of Legislative Decree 196/2003 (as amended by Legislative Decree 181/2018), consent must be authorized by a parent or legal guardian.

1.3 Data will be processed lawfully, fairly, and transparently, in accordance with confidentiality requirements and by implementing the most suitable security measures, in compliance with applicable regulations.

1.4 The Controller reserves the right to update or modify this privacy policy at any time. Users are encouraged to review it periodically, referring to the most recent version published on the Site.

2. Data Controller

2.1 Regarding the website www.brutusfactory.com, the Data Controller is Brutus S.r.l., with registered office at Via Carlo Alberto no. 53, 10123 – Turin (TO), VAT no. IT12311660018. You may contact the Controller at the following addresses:

Address: Via Carlo Alberto no. 53, Turin (TO)
Email: privacy@brutusfactory.com
Certified Email (PEC): brutus@pec.brutusfactory.com
Phone: +39 331 1365856

2.2 Data processing operations may be carried out by employees and collaborators of the Controller, duly authorized in compliance with applicable law, or by third parties as specified in Article 7.

3. Data Subject

The Data Subject is any individual who uses the services provided through the website www.brutusfactory.com, including those who:

- browse the site, even for consultation only,

- register by creating an account,

- make a purchase after registration,

- contact the Controller for information or to file a complaint.

    4. Data Processed

    4.1 The Controller processes personal data provided directly by the Data Subject, including: name, surname, tax code, VAT number, email address, and phone number, collected during registration, communications, or purchases on the Site.

    4.2 Some data are collected automatically by system technologies, including IP address, browser type, and date/time of access, for monitoring and security purposes.

    4.3 All requested data are necessary to fulfill the user’s requests unless expressly stated as optional.

    5. Purpose of Data Processing

    5.1 Data are processed by the Controller in order to:

    - register the user on the Site

    - respond to information requests

    - fulfill obligations arising from a purchase contract

    - comply with legal obligations

    - assert the Controller’s rights (e.g., legal defense)

    - produce statistical analyses regarding Site usage.

    5.2 With explicit consent, data may also be processed to:

    - send newsletters and updates

    - send promotional and marketing communications

      6. Nature of the Data Provision

      6.1 Providing data for the purposes listed in point 5.1 is essential to access the requested services.

      6.2 Providing data for the purposes in point 5.2 is optional and may be revoked at any time without affecting access to the services.

      7. Data Processing Methods

      7.1 Data will be processed in compliance with principles of fairness, lawfulness, and transparency, using appropriate security measures.

      7.2 Processing may be carried out by electronic means, with logic strictly related to the stated purposes.

      7.3 Data may be shared with third parties (employees, consultants, technical service providers, hosting providers, etc.), who may be appointed, where necessary, as Data Processors.

      7.4 The Controller may disclose data to competent authorities where required by law.

      8. Data Processing Location

      8.1 Data are processed at the operational offices of the Controller and on servers located within the European Union.

      8.2 If it becomes necessary to transfer data outside the EU, such transfers will comply with Articles 45 and following of the GDPR.

      9. Data Retention Period

      9.1 Data will be retained for the time necessary to fulfill the purposes for which they were collected or to comply with legal obligations.

      9.2 Upon expiration of the retention period, data will be deleted or anonymized.

      10. Rights of the Data Subject

      The Data Subject may exercise the following rights:

      - Right of access: to know which personal data are processed, how, and for what purpose.

      - Right to rectification: to request correction of inaccurate data.

      - Right to erasure: to request deletion of personal data under the conditions provided by law.

      - Right to data portability: to receive personal data in a structured format and transmit them to another controller.

      - Right to restriction of processing: to request limitation of data use.

      - Right to object: to object to processing for specific purposes.

      - Right to lodge a complaint: to file a complaint with the Data Protection Authority.

      The Data Subject may withdraw consent at any time, interrupting ongoing processing and requesting deletion of their personal data.

      .

      JOIN THE CRUE

      SIGN UP AND GET 10% OFF YOUR FIRST ORDER!

      Our site uses cookies. Learn more about our use of cookies: cookie policy