Privacy Policy

This privacy policy describes in detail how personal data is collected and processed when using this website/application.

Data Controller

HawkService – Via Duca Degli Abruzzi, 1 Ispica (RG) Italy – office@astralunara.com – IT01734340886

Types of Data Collected

Among the Personal Data collected by this Application, independently or through third parties, are:

• Cookies and usage data
• First and last name
• Email address
• Phone number
• Billing address
• Payment data
• Navigation data
• IP address
• Geographic location
• Device information
• Access and identification data
• Application interaction events (clicks, scrolling, etc.)
• Other data voluntarily provided by the user

Details on Personal Data Processing

Web Analytics and Statistics Services

Meta Pixel (Facebook Pixel)

• Purpose: Conversion tracking and advertising targeting
• Data collected: Cookies, usage data, behavioral information
• Processing location: USA
• Legal basis: User consent
• Retention period: 180 days

Google Ads

• Purpose: Online advertising and remarketing
• Data collected: Cookies, usage data, conversion information
• Processing location: USA
• Legal basis: User consent
• Retention period: 540 days

YouTube Video

• Purpose: Display of video content
• Data collected: Cookies, usage data, playback preferences
• Processing location: USA
• Legal basis: User consent
• Retention period: Variable based on Google settings

Hosting and Backend Infrastructure Services

DigitalOcean

• Purpose: Website hosting and data storage
• Data collected: Usage data, system logs, technical information
• Processing location: EU
• Legal basis: Contract execution
• Retention period: Duration of service

BunnyCDN

• Purpose: Content Delivery Network for resource optimization
• Data collected: IP address, usage data, system logs
• Processing location: EU
• Legal basis: Legitimate interest
• Retention period: 30 days for system logs

Payment Services

Stripe

• Purpose: Payment processing
• Data collected: Payment data, email, billing information
• Processing location: EU/USA
• Legal basis: Contract execution
• Retention period: According to current tax regulations

PayPal

• Purpose: Payment processing
• Data collected: Payment data, email, billing information, transaction details
• Processing location: EU/USA
• Legal basis: Contract execution
• Retention period: According to current tax regulations

Contact Form

• Purpose: Managing user requests
• Data collected: First name, last name, email address, message content
• Processing location: EU
• Legal basis: User consent
• Retention period: 3 years from last interaction

Marketing Services

Mailchimp

• Purpose: Newsletter management and marketing communications
• Data collected: Email, name, communication preferences
• Processing location: USA
• Legal basis: User consent
• Retention period: Until unsubscription

Processing Methods

The Data Controller processes Users’ Personal Data by adopting appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of Personal Data. Processing is carried out using computer and/or telematic tools, with organizational methods and logic strictly related to the indicated purposes.

Security Measures Adopted:

• SSL/TLS protocol for data transmission
• Firewall and intrusion protection systems
• Periodic data backups
• Limited data access by authorized personnel
• Disaster recovery procedures
• Encryption of sensitive data
• Two-factor authentication for administrative access

Data Transfer

Personal data is processed at the Data Controller’s operating offices and in any other place where the parties involved in the processing are located. In particular, some data may be transferred to countries outside the European Union. In these cases, the Data Controller ensures that data transfer takes place based on:

• European Commission adequacy decisions
• Standard contractual clauses
• Privacy Shield (where applicable)
• Other appropriate safeguards

Processing Purposes

User Data is collected to allow the Data Controller to:

• Provide requested services
• Fulfill legal obligations
• Respond to user requests
• Improve browsing experience
• Prevent fraudulent activities
• Process payments
• Send service communications
• Provide technical assistance
• Conduct statistical analysis
• Personalize user experience
• Send newsletters and marketing communications (with consent)
• Manage registration and authentication process
• Monitor infrastructure to ensure security

Legal Basis for Processing

The Data Controller processes Personal Data relating to the User if one of the following conditions exists:

• The User has given consent for one or more specific purposes
• Processing is necessary for the execution of a contract with the User
• Processing is necessary to comply with a legal obligation
• Processing is necessary for the pursuit of the legitimate interest of the Data Controller
• Processing is necessary for the performance of a task carried out in the public interest

Retention Period

Personal Data will be processed and stored for:

• Navigation data: 14 months
• Marketing data: until consent withdrawal
• Contractual data: 10 years from contract conclusion
• Billing data: according to current tax regulations
• Security logs: 12 months
• Customer support data: 3 years from last interaction

User Rights

Users can exercise certain rights regarding the Data processed by the Data Controller:

Right of Access (Art. 15 GDPR)

• Obtain confirmation of processing
• Access their personal data
• Obtain information on processing purposes and methods

Right to Rectification (Art. 16 GDPR)

• Correct inaccurate data
• Complete incomplete data

Right to Erasure (Art. 17 GDPR)

• Request data deletion
• Obtain removal from the Data Controller’s systems

Right to Restriction (Art. 18 GDPR)

• Restrict data processing
• Temporarily block usage

Right to Portability (Art. 20 GDPR)

• Receive data in structured format
• Transfer data to another controller

Right to Object (Art. 21 GDPR)

• Object to data processing
• Object to direct marketing

Right to Withdraw Consent

• Withdraw previously given consent
• Stop consent-based processing

How to Exercise Rights

Users can exercise their rights by:

• Sending an email to: office@astralunara.com
• Writing to the Data Controller at their registered address
• Using the online form provided

The Data Controller will respond to requests within 30 days, unless a justified extension is required.

Cookies and Tracking Tools

This site uses:

Technical Cookies

• Necessary for site operation
• Do not require user consent
• Duration: session/persistent

Analytical Cookies

• Used for statistical analysis
• Require user consent
• Duration: 14 months

Profiling Cookies

• Used for personalized marketing
• Require user consent
• Duration: 12 months

For detailed cookie management, consult the Cookie Policy [link].

Data Processors

The Data Controller uses third parties for specific processing activities. The updated list of Data Processors can be requested from the Data Controller.

DPO – Data Protection Officer

Name: Felice Alfano Email: office@astralunara.com

Changes to this Privacy Policy

The Data Controller reserves the right to make changes to this privacy policy at any time:

• Notifying Users on this page
• Sending a notification if technically possible
• Requesting new consent if necessary

Definitions and Legal References

• Personal Data: any information relating to an identified or identifiable natural person
• User: the natural person using this Application
• Data Controller: the natural or legal person who determines the purposes and means of processing
• GDPR: Regulation EU 2016/679
• Cookie: small text file that sites save on the user’s device

Contact Information

For any information regarding this Privacy Policy or to exercise their rights, Users can contact the Data Controller at:

• Email: office@astralunara.com
• Phone: +393515891196
• Postal address: Via Duca Degli Abruzzi, 1 Ispica(RG) 97014 Italy

Last modified: 01/01/2025