Privacy Policy

This Privacy Policy is defined on the basis of Art. 13 of EU Regulation no. 679/2016 (GDPR) and applies to all data collected through the www.flyper.it website. This Privacy Policy is subject to updates that will be posted on the website. The present Privacy Policy, as well as any other documents referred to therein and the Cookie Policy, establishes the basis on which the user’s personal data will be processed.

Data Controller

The Data Controller of this website is:

FLYPER S.r.l.
Via Umberto I, 25
86100 Campobasso (CB) – Italy
VAT ID / Tax Code: 01775190703
Email: info@flyper.it

Personal Data

Personal Data means any information relating to an identified or identifiable natural person (Data Subject, User). An identifiable natural person is one who may be identified, directly or indirectly, with particular reference to an identifier such as name, identification number, location data, an online identifier, or one or more characteristic elements of their physical identity.

Category of Personal Data Processed

Among the personal data processed by this website, autonomously or by third parties, there are common data such as: Cookies, usage data, name, surname, address, city, gender, email, phone number, tax data useful for purchasing, and personal data useful for the delivery of the purchased product.

Methods of Personal Data Processing

The personal data provided or acquired are subject to processing based on principles of correctness, lawfulness, transparency, and protection of privacy pursuant to current legislation. The Data Controller processes the user’s personal data adopting appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of personal data. Data are processed by means of IT and/or telematic tools, implementing organizational methods and strategies strictly related to the purposes of the activity.

Purposes for Processing the Collected Data and Legal Basis

Personal data can be collected autonomously by the Data Controller or by third parties. In this case, the computer systems and software used by the website acquire certain user’s personal data (e.g., IP address, browser used, operating system, etc.), whose transmission is inherent to the correct functioning of the Internet. Such data can be processed for the sole purpose of obtaining anonymous statistical information on the use of the website and/or controlling its correct functioning; after their processing, they are immediately erased. The Data that the user chooses to provide spontaneously will be processed in compliance with the conditions of lawfulness pursuant to Art. 6 GDPR.

The purposes of the processing are:

a) Pre-contractual information and compliance
The Data will be processed to contact or respond to specific requests addressed to the Data Controller by the Data Subject regarding products, via email, contact forms, or other tools (phone, WhatsApp, chat).

• Legal basis: Consent of the Data Subject and/or execution of pre-contractual measures.

• Data retention period: Until the request is fulfilled or consent is withdrawn.

b) Processing required under a contract
The Data will be processed to fulfill obligations required by the contract for the sale of Products/Services, to manage statutory warranty claims, assistance, requests for withdrawal, and termination of the contract.

• Legal basis: Execution of a contract to which the Data Subject is party.

• Data retention period: 10 (ten) years or as required by legal obligations.

c) Fulfillment of obligations provided by current laws
The Data will be processed to fulfill obligations provided by laws, regulations, and tax matters (including anti-money laundering legislation).

• Legal basis: Legal obligation to which the Controller is subject.

• Data retention period: 10 (ten) years or different legal obligation.

d) Softspam
The Data will be processed to send the user via email promotional communications concerning Products/Services similar to those already purchased, without the need for express prior consent (Art. 130, paragraph 4, Privacy Code), provided the user does not exercise the right of opposition.

• Legal basis: Legitimate interest of the Data Controller.

• Data retention period: Until the Data Subject objects.

e) Marketing
The Data will be processed for direct sales, market research, and sending promotional communications via newsletter, email, SMS, WhatsApp, or social media.

• Legal basis: Consent freely expressed by the interested party.

• Data retention period: Until the Data Subject’s consent is withdrawn.

f) Statistical analysis
The Data will be processed to perform statistical analysis on aggregated and anonymous data to analyze behavior and improve services.

• Legal basis: Legitimate interest or consent (depending on the tracking technology).

• Data retention period: Until withdrawal of consent (for cookies).

g) Profiling activities
The Data will be processed to analyze interests and consumer habits to send personalized information.

• Legal basis: Consent freely expressed by the interested party.

• Data retention period: Until the Data Subject’s consent is withdrawn.

Data Communication

In some cases, in addition to the Data Controller, the following may have access to data:

• a) Internal staff involved in the organization of the website (administrative, commercial, marketing, system administrators).

• b) External parties (third-party technical service providers, hosting providers, IT companies, communication agencies) appointed as Data Processors by the Data Controller ex Art. 28 GDPR. The updated list of Data Processors can be requested from the Data Controller.

• c) Public entities in compliance with legal obligations.

Processing Time

Data are stored for the time necessary to provide the service requested by the user or required for the purposes described in this document. At the end of the retention period, personal data will be deleted.

Place of Processing and Transfer of Data Abroad

The data are processed at the Data Controller’s operating offices. Data may be processed by entities acting on behalf of the Data Controller located in EU or non-EU countries. If data are transferred outside the EEA, the Data Controller will adopt contractual measures suitable to ensure adequate data protection (e.g., Standard Contractual Clauses).

Exercise of Rights of the Data Subject

The Data Subject may exercise rights under Artt. 15-22 of EU Regulation 679/2016. In particular, the right to withdraw consent at any time, access personal data, request rectification or deletion, limit processing, and receive data in a structured format (portability). The Data Subject has the right to object to processing for legitimate reasons. The Data Subject also has the right to lodge a complaint with the Supervisory Authority.
To exercise these rights, email the owner at: info@flyper.it

---

Tools Used for Personal Data Processing

CONTACT FORM
By filling in the contact form with their data, the User agrees to their use to respond to requests for information.

• Personal data collected: email, name, surname, telephone number, address, city.

OTHER CONTACT TOOLS

• WhatsApp Business: Service provided by WhatsApp Ireland Limited.

  • Privacy Policy: https://www.whatsapp.com/legal/privacy-policy-eea

NEWSLETTER & EMAIL MANAGEMENT

• ActiveCampaign (ActiveCampaign, LLC): Email marketing service.

  • Place of processing: USA – Privacy Policy: https://www.activecampaign.com/legal/privacy-policy

STATISTICS

• Google Analytics 4 (Google Ireland Limited): Analysis service with anonymized IP.

  • Place of processing: Ireland – Privacy Policy: https://policies.google.com/privacy

  • Opt Out: https://tools.google.com/dlpage/gaoptout

• Meta Pixel (Meta Platforms, Inc.): Conversion tracking service.

  • Place of processing: Ireland – Privacy Policy: https://www.facebook.com/about/privacy/

INTERACTION WITH SOCIAL NETWORKS
Services allowing interaction with social networks (Facebook, Instagram, Pinterest, TikTok, YouTube) directly from the website.

• Subject to the User’s privacy settings on each social network.

REMARKETING AND RETARGETING

• Google Ads (Google Ireland Limited): Remarketing service.

  • Privacy Policy: https://policies.google.com/privacy

  • Settings: https://adssettings.google.com/authenticated

• Meta Audience Network (Meta Platforms, Inc.): Remarketing service.

  • Privacy Policy: https://www.facebook.com/about/privacy/

PAYMENT MANAGEMENT
Payment services process payments by credit card, bank transfer, or other means. The data used for payment is acquired directly by the payment service provider.

• PayPal: Privacy Policy https://www.paypal.com/webapps/mpp/ua/privacy-full

• Stripe: Privacy Policy https://stripe.com/privacy

• Klarna: Privacy Policy https://www.klarna.com/international/privacy-policy/

• Amazon Pay: Privacy Policy https://pay.amazon.com/help/201751600

• Satispay: Privacy Policy https://www.satispay.com/en-it/privacy/privacy-policy/

• Apple Pay: Privacy Policy https://www.apple.com/legal/privacy/

• Google Pay: Privacy Policy https://policies.google.com/privacy

Changes to This Privacy Policy

The Data Controller reserves the right to make changes to this Privacy Policy at any time by giving notice to users on this page. Therefore, it is recommended to consult this page often, referring to the date of the last modification indicated at the bottom.

Privacy Policy updated: December 2025