Privacy Policy
INFORMATION ON THE PROCESSING OF PERSONAL DATA
pursuant to Art. 13 of Regulation (EU) 2016/679 (“GDPR”)
Last update: 1 July 2025 – version 2.1
1. Who we are (Data Controller)
Dronebase S.r.l.
Via S. Giovenale 86, 47922 Rimini (RN) – Italy
VAT / Tax code 04456990409
E-mail: info@dronebase.it
2. Data Protection Officer (DPO)
Dronebase has appointed a Data Protection Officer (DPO) as required by Arts. 37-39 GDPR.
Contact: info@dronebase.it
3. Purposes, legal bases, data categories, retention periods and recipients
| # | Purpose of the processing | Categories of personal data | Legal basis (Art. 6 GDPR) | Retention period * | Main recipients / categories ** |
|---|---|---|---|---|---|
| 1 | Browsing, security and site operation | Browsing data (logs, IP address) | Controller’s legitimate interest (Art. 6 1 f) | 12 months | Hosting provider, IT-security suppliers |
| 2 | Account creation and order management | Identity data, contact details, address, order details, payments | Performance of a contract (Art. 6 1 b) | 10 years (civil-tax duty) | E-commerce platform, couriers, payment institutions, tax consultants |
| 3 | Customer support (tickets, returns, warranty) | Identity data, communications | Contract / legitimate interest (Art. 6 1 b + f) | 24 months after ticket closure | Help-desk platform |
| 4 | Direct marketing (newsletter, offers) | E-mail, name | Consent (Art. 6 1 a) | Until withdrawal or max 24 months | E-mail-marketing provider (e.g. Mailchimp) |
| 5 | Commercial profiling for personalised offers | Purchase history, browsing behaviour *** | Consent (Art. 6 1 a) – Art. 22 GDPR | 12 months | Analytics & advertising platforms (Google, Meta) |
| 6 | Legal obligations (accounting, tax) | Billing data | Legal obligation (Art. 6 1 c) | 10 years | Tax advisors, competent authorities |
| 7 | Disputes / ODR handling | Contract data, identity, contacts | Legitimate interest (Art. 6 1 f) | Length of dispute + 5 years | Law firms, ADR bodies |
* Data may be kept longer if required by law or to defend Dronebase’s rights.
** All recipients act as Processors under Art. 28 GDPR or as independent Controllers where applicable.
*** Profiling is always optional; without consent you will still receive non-personalised communications.
4. Data transfers to third countries
Some providers (e.g. Mailchimp, Google LLC, Meta Platforms Inc.) are located in the United States. Transfers rely on Standard Contractual Clauses (EU Decision 2021/914) and transfer impact assessments (TIA) in line with the Schrems II ruling. A copy of the SCCs is available on request.
5. Processing methods and security measures
Data are processed by electronic and paper means in accordance with principles of lawfulness, fairness and transparency. Dronebase implements encryption in transit and at rest, redundant backups, firewalls, role-based access control (RBAC) and an incident-response protocol.
6. Minors
The services are not intended for persons under 16 years. Age-verification mechanisms (self-declaration flag and random checks) are in place; any data inadvertently collected from minors will be erased without delay.
7. Data subject rights
You can exercise at any time the rights set out in Arts. 15-22 GDPR (access, rectification, erasure, restriction, portability, objection, withdrawal of consent, right not to be subject to automated decision-making) by writing to [email protected] or to the DPO.
8. Right to lodge a complaint
You may lodge a complaint with the Italian Data Protection Authority (Piazza Venezia 11, 00187 Rome, www.garanteprivacy.it) or with the supervisory authority of your habitual residence.
9. Automated decision-making and profiling
Dronebase does not apply decision-making processes producing legal effects based solely on automated processing. Any marketing profiling is carried out only with your consent and without significant impact on your rights.
10. Cookies and similar technologies
For full details on cookie types, retention periods and preference management, please see our Cookie Policy, accessible via the banner and the site footer.
11. Notice updates
Dronebase may amend this notice to reflect legal or organisational changes. Updated versions will be published with the revision date. Where changes affect processing that requires consent, you will be asked to give consent again.
