Privacy Policy

1. Introduction and Scope

This Privacy Policy describes in detail how this site collects, processes, stores, protects, and shares personal data belonging to visitors, registered users, and customers. This document has been drafted in strict compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the ePrivacy Directive 2002/58/EC as amended by Directive 2009/136/EC, and all applicable national data protection legislation across the European Economic Area (EEA).

By accessing, browsing, or placing an order through this site, you acknowledge that you have read this Privacy Policy in its entirety and that you understand how your personal data will be handled. If you do not agree with any provision described herein, we respectfully ask that you discontinue use of this site immediately.

This policy applies to all personal data processed in connection with our operations, including data collected through our website, mobile applications if applicable, email communications, telephone interactions with our customer service team, social media channels, and any offline interactions related to orders, returns, or customer support inquiries.

2. Data Controller Information

For the purposes of applicable data protection legislation, the data controller responsible for your personal data is the entity operating this site. We have designated a dedicated data protection point of contact to oversee compliance with this Privacy Policy and applicable data protection regulations.

Should you have any questions, concerns, or requests regarding the processing of your personal data, or if you wish to exercise any of the rights described in this document, you may reach us through the following channels:

• Email: privacy@bricomagazin24.com
• Contact Page: /contact
• Response Time: All data protection inquiries will be acknowledged within 24 to 48 hours of receipt and resolved as expeditiously as possible.

3. Categories of Personal Data We Collect

In the course of providing our services, we collect and process various categories of personal data. The specific data we gather depends on how you interact with this site and the services you use. Below is a comprehensive overview of the categories of personal data we may collect:

3.1 Identity and Contact Data

This includes your first name, last name, delivery address, billing address (if different), email address, telephone number, and any other identification data you voluntarily provide when placing an order or creating an account. When you choose cash on delivery as your payment method, we may collect additional verification information to confirm your identity and delivery address.

3.2 Transactional and Order Data

We retain detailed records of every purchase you make through this site. This encompasses the items ordered, quantities, prices paid, discounts applied, order confirmation numbers, unique 16-digit tracking codes assigned to each shipment, delivery status updates, and any correspondence or notes associated with your orders. For cash on delivery orders, we record the payment confirmation once the courier has collected payment upon delivery.

3.3 Technical and Device Data

When you visit this site, we automatically collect certain technical information about your device and connection. This includes your Internet Protocol (IP) address, browser type and version, operating system, screen resolution, device type (desktop, tablet, or mobile), unique device identifiers, referring website URL, pages visited on this site, time spent on each page, click patterns, scroll depth, and the date and time of each visit.

3.4 Communication Data

Any information contained within messages you send to us through our contact forms, email correspondence, live chat interactions, telephone calls, or social media channels. This includes the content of your messages, attachments if any, and metadata associated with the communication such as timestamps and channel used.

3.5 Marketing and Preference Data

If you subscribe to our newsletter or opt in to receive promotional communications, we record your email address, subscription date, communication preferences, and your history of interactions with our marketing materials (such as email opens and link clicks). We also record any preferences you express regarding product categories, notification frequency, or communication channels.

3.6 Return and Refund Data

When you initiate a return or request a refund, we collect information related to that process. This includes the reason for the return, photographs of the product if applicable, your preferred refund method, and all correspondence associated with the return or refund process. Please note that returns must be initiated within 14 days from the date of delivery. You may start a return by contacting us via email or through our contact page, and we commit to processing all return requests within 24 to 48 hours of receipt.

4. How We Collect Your Information

We gather personal data through several distinct methods and touchpoints:

• Direct Interactions: When you place an order, create an account, subscribe to our newsletter, enter a promotion or competition, submit a product review, or contact our customer service team.
• Automated Technologies: As you navigate through this site, we automatically collect technical data about your equipment, browsing actions, and usage patterns. We collect this data using cookies, server logs, and other similar technologies. Please refer to our Cookie Policy for further details.
• Third-Party Sources: We may receive personal data about you from various third parties, including analytics providers, advertising networks, search information providers, payment service providers, delivery and logistics partners, and identity verification services.
• Publicly Available Sources: We may collect personal data from publicly available sources, such as business registries and social media profiles, to the extent permitted by applicable law.

5. Legal Bases for Processing

Under the GDPR, we must have a valid legal basis for processing your personal data. We rely on the following legal bases depending on the specific processing activity:

• Performance of a Contract (Article 6(1)(b) GDPR): Processing that is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract. This covers all processing related to fulfilling your orders, managing deliveries across Europe, processing cash on delivery payments, handling returns within the 14-day return window, and providing customer support.
• Legitimate Interests (Article 6(1)(f) GDPR): Processing that is necessary for the purposes of legitimate interests pursued by us or by a third party, except where such interests are overridden by your fundamental rights and freedoms. This includes fraud prevention, network and information security, internal administration, improving our products and services, and certain direct marketing activities.
• Consent (Article 6(1)(a) GDPR): Where you have given clear and unambiguous consent for us to process your personal data for a specific purpose. This applies primarily to newsletter subscriptions, non-essential cookies, and certain marketing activities. You have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
• Legal Obligation (Article 6(1)(c) GDPR): Processing that is necessary for compliance with a legal obligation to which we are subject. This includes tax reporting, accounting obligations, fraud detection requirements, and responses to lawful requests from law enforcement or regulatory authorities.

6. Purposes of Data Processing

We use the personal data we collect for the following purposes:

• To process, fulfil, and dispatch your orders to any delivery address within Europe, including managing cash on delivery payment collection
• To assign and manage unique 16-digit tracking codes that enable you to monitor the status of your shipment in real time through our Order Tracking page
• To communicate with you regarding your orders, including order confirmations, shipping notifications, delivery updates, and post-delivery follow-ups
• To process returns and refunds in accordance with our Return Policy, ensuring all requests submitted within 14 days of delivery are handled within 24 to 48 hours
• To provide customer support and respond to your inquiries, complaints, or feedback in a timely and effective manner
• To improve and optimise the performance, functionality, and user experience of this site
• To personalise your browsing experience and present products, offers, and content that are most relevant to your interests
• To send you marketing communications, provided you have given your explicit consent or where we are otherwise permitted to do so under applicable law
• To detect, prevent, and investigate fraud, unauthorised access, and other potentially illegal activities
• To comply with applicable legal and regulatory obligations
• To enforce our Terms and Conditions and protect our legal rights

7. Cash on Delivery and Payment Processing

This site offers cash on delivery as a primary payment method across all European delivery destinations. When you select this option, no financial card data is collected or stored by us at the point of order placement. Payment is collected directly by our delivery partner at the time of delivery. We record only the confirmation that payment has been successfully received.

For customers who choose to pay via alternative methods such as credit or debit card, all payment card processing is handled by PCI DSS-compliant third-party payment processors. We do not have access to, nor do we store, your full payment card numbers. We may retain a truncated version of your card number (the last four digits) and the card type for identification and fraud prevention purposes only.

8. Data Sharing and Third-Party Recipients

We may share your personal data with the following categories of third-party recipients, but only to the extent necessary for the purposes described in this Privacy Policy:

• Logistics and Delivery Partners: Courier companies and postal services that deliver your orders across Europe. They receive your name, delivery address, telephone number, and order details necessary to complete the delivery and, where applicable, collect cash on delivery payments.
• Payment Processors: Third-party payment service providers who process card payments securely. They are bound by PCI DSS compliance standards and their own privacy policies.
• Technology and Infrastructure Providers: Hosting providers, content delivery networks, email service providers, and other technology partners who support the operation of this site.
• Analytics Providers: Services that help us understand how visitors use this site, enabling us to improve the user experience. Data shared with analytics providers is typically aggregated or pseudonymised.
• Marketing and Advertising Partners: Where you have consented to receive marketing communications, we may share limited data with advertising platforms to deliver relevant advertisements. This may involve the use of cookies and tracking pixels as described in our Cookie Policy.
• Legal and Regulatory Authorities: Where we are required to disclose your information by law, court order, or regulatory obligation, or where disclosure is necessary to protect our rights, property, or safety.
• Professional Advisors: Including lawyers, auditors, accountants, and insurers who provide consulting, legal, accounting, and insurance services.

We do not sell, rent, or trade your personal data to any third party for their own marketing purposes. All third-party recipients are bound by contractual obligations to process your data only in accordance with our instructions and applicable data protection law.

9. International Data Transfers

As we deliver products across the entirety of Europe, your personal data may be transferred to and processed in countries within the European Economic Area (EEA). Where we engage service providers or partners located outside the EEA, we ensure that adequate safeguards are in place to protect your personal data in compliance with Chapter V of the GDPR. These safeguards may include:

• Transfers to countries that the European Commission has determined provide an adequate level of data protection (adequacy decisions)
• Standard Contractual Clauses (SCCs) approved by the European Commission
• Binding Corporate Rules where applicable
• Other derogations permitted under Article 49 of the GDPR in specific circumstances

You may request a copy of the specific safeguards applied to any particular transfer by contacting us at the details provided above.

10. Data Retention Periods

We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. The specific retention periods we apply are as follows:

• Order and Transaction Data: Retained for a period of 7 years from the date of the transaction to comply with tax and accounting legislation.
• Customer Account Data: Retained for the duration of your account's active status plus 3 years following account closure or last activity.
• Marketing and Newsletter Data: Retained until you withdraw your consent or unsubscribe, after which your email address is suppressed (not deleted) to ensure we respect your unsubscribe request.
• Cookie and Technical Data: Retention periods vary by cookie type and are detailed in our Cookie Policy. Session cookies expire when you close your browser; persistent cookies may last up to 24 months.
• Return and Refund Records: Retained for 5 years from the date of the return to address potential disputes or legal claims.
• Communication Records: Customer service interactions are retained for 3 years to ensure continuity of support and quality assurance.

When personal data is no longer required, we securely delete or anonymise it. Anonymised data, which can no longer be associated with you, may be retained indefinitely for statistical and analytical purposes.

11. Your Rights Under GDPR

The GDPR grants you a comprehensive set of rights regarding your personal data. We are committed to facilitating the exercise of these rights in a transparent and timely manner. You may exercise any of the following rights by contacting us via email or through our contact page. All requests will be acknowledged within 24 to 48 hours and fulfilled within one month of receipt, unless the complexity or volume of requests necessitates an extension of up to two additional months, in which case we will inform you accordingly.

11.1 Right of Access (Article 15 GDPR)

You have the right to obtain confirmation as to whether or not your personal data is being processed by us, and where that is the case, to request access to the personal data along with supplementary information about the processing. We will provide you with a copy of your personal data free of charge. For any further copies, we may charge a reasonable fee based on administrative costs.

11.2 Right to Rectification (Article 16 GDPR)

You have the right to obtain the rectification of inaccurate personal data concerning you without undue delay. Taking into account the purposes of the processing, you also have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

11.3 Right to Erasure — "Right to be Forgotten" (Article 17 GDPR)

You have the right to obtain the erasure of your personal data without undue delay where one of the following grounds applies: the data is no longer necessary in relation to the purposes for which it was collected; you withdraw consent and there is no other legal ground for processing; you object to the processing and there are no overriding legitimate grounds; the data has been unlawfully processed; or the data must be erased for compliance with a legal obligation. Please note that this right is not absolute and may be limited where processing is necessary for compliance with legal obligations, the establishment, exercise, or defence of legal claims, or for archiving purposes in the public interest.

11.4 Right to Restriction of Processing (Article 18 GDPR)

You have the right to obtain the restriction of processing of your personal data where: you contest the accuracy of the data (restriction applies for a period enabling us to verify accuracy); the processing is unlawful and you oppose erasure, requesting restriction instead; we no longer need the data but you require it for the establishment, exercise, or defence of legal claims; or you have objected to processing pending verification of whether our legitimate grounds override yours.

11.5 Right to Data Portability (Article 20 GDPR)

Where the processing is based on consent or the performance of a contract and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format. You also have the right to transmit that data to another controller without hindrance from us.

11.6 Right to Object (Article 21 GDPR)

You have the right to object, on grounds relating to your particular situation, to the processing of your personal data based on our legitimate interests. Upon receiving your objection, we will cease processing unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or for the establishment, exercise, or defence of legal claims. Where personal data is processed for direct marketing purposes, you have the right to object at any time, and we will cease processing for such purposes without exception.

11.7 Right Not to Be Subject to Automated Decision-Making (Article 22 GDPR)

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless the decision is necessary for entering into or the performance of a contract, is authorised by applicable law, or is based on your explicit consent.

11.8 Right to Lodge a Complaint

If you believe that our processing of your personal data infringes the GDPR or other applicable data protection laws, you have the right to lodge a complaint with a supervisory authority. You may do so in the EU Member State of your habitual residence, your place of work, or the place of the alleged infringement. We encourage you to contact us first so that we may address your concerns directly.

12. Cookie Usage and Tracking Technologies

This site uses cookies and similar tracking technologies to enhance your browsing experience, analyse site traffic, and deliver personalised content and advertisements. For a comprehensive description of the cookies we use, their purposes, and how you can manage your preferences, please refer to our dedicated Cookie Policy.

13. Automated Decision-Making and Profiling

We may use automated processing, including profiling, to personalise the products and offers displayed to you on this site. This processing does not produce legal effects concerning you and does not significantly affect you in a similar manner. You are not subject to decisions based solely on automated processing that have a legal or similarly significant effect. If our practices change in this regard, we will update this policy and provide you with meaningful information about the logic involved, the significance, and the envisaged consequences of such processing.

14. Children's Privacy

This site is not directed at individuals under the age of 16 (or the applicable minimum age in your jurisdiction for providing consent to data processing). We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a child without appropriate parental or guardian consent, we will take immediate steps to delete that information from our records. If you believe that a child has provided us with personal data, please contact us immediately.

15. Security Measures

We have implemented appropriate technical and organisational security measures designed to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include, but are not limited to:

• Encryption of data in transit using TLS/SSL protocols
• Encryption of sensitive data at rest
• Regular security assessments and vulnerability scanning
• Access controls and authentication mechanisms that limit access to personal data to authorised personnel on a need-to-know basis
• Employee training on data protection and security best practices
• Incident response procedures to detect, investigate, and respond to personal data breaches promptly
• Regular backups and disaster recovery planning

While we strive to protect your personal data, no method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee the absolute security of your information, but we are committed to maintaining the highest practicable level of protection.

16. Changes to This Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our data processing practices, legal requirements, or operational needs. When we make material changes to this policy, we will notify you by posting the updated version on this page with a revised "Last Updated" date. For significant changes that materially affect how we process your personal data, we will provide prominent notice through this site or by sending you a direct notification via email where appropriate. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data.

17. Contact and Complaints

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please do not hesitate to contact us. We are committed to resolving any issues promptly and transparently.

• Email: privacy@bricomagazin24.com
• Contact Form: /contact
• Response Time: We aim to acknowledge all inquiries within 24 to 48 hours and provide a substantive response as quickly as possible.

If you are not satisfied with our response to your concern, you have the right to escalate your complaint to the relevant data protection supervisory authority in your country of residence.