Privacy Policy
DATA and COOKIES
# Privacy PolicyLast updated: November 10, 2025Autentibox ("we," "us," or "our"), operated by DEOR SRLS, is committed to protecting your privacy in accordance with the General Data Protection Regulation (GDPR), Danish law, and other applicable privacy regulations.## Who We Are- Business Name: DEOR SRLS
- Business Address: Via Lungomare SNC, Minturno, Italy
- Website: www.autentibox.com
- Data Controller: DEOR SRLS (responsible for processing your personal data)
- Data Protection Officer: Not applicable. As a small business not processing special category data on a large scale, we are not required to appoint a Data Protection Officer under GDPR Article 37.## Information We CollectWe collect personal information directly from you through our website forms and services:- Email address (mandatory for marketing communication and account creation)
- Phone number (optional, for order fulfillment and customer service)
- First name and last name (optional, for personalization and orders)
- Address, city, postal code, and country (required for order shipping and fulfillment)
- Analytics and usage data: Google Analytics collects information about your visits, pages viewed, time spent, and interactions with our website
- Payment information: Stripe securely processes payment data; we do not store credit card or payment card details
- Cookies: Technical and marketing cookies for site functionality, analytics, and personalization
- Social media data: If you follow or interact with our Facebook Page (https://www.facebook.com/autentibox), Facebook collects information about those interactions
- Data sources: Currently collected directly from you via our website forms. In the future, we may collect data from Facebook Lead Ads or other social media sources; we will update this policy accordingly## How We Use Your Information- To process payments: Stripe handles all payment transactions securely
- To fulfill orders: Shipping information is used by BRT Bartolini for delivery; they do not store or use your data beyond fulfillment
- Email marketing: We send marketing emails, updates, and offers via Brevo (Brevo's Privacy Policy)
- Remarketing and advertising: We use Facebook's remarketing services to display relevant offers to you across platforms (Facebook's Data Policy)
- Website analytics: Google Analytics helps us understand how you use our site to improve our services (Google Analytics Privacy)
- Customer support: To respond to inquiries and provide customer service
- Legal compliance: To meet accounting, tax, and regulatory obligations under Italian and EU law
- Fraud prevention: To detect and prevent unauthorized access or misuse## Legal Basis for ProcessingWe process your personal data under the following legal bases:- Consent: For marketing emails (newsletter, offers, updates) – you must explicitly opt in via our double opt-in process
- Contract: For order processing, payment, and fulfillment
- Legal obligation: For accounting records, tax compliance (7-year retention), and fraud prevention
- Legitimate interest: To improve our website, prevent misuse, and understand customer preferences## Data RetentionWe retain your personal information only for as long as necessary:- Marketing emails (waitlist subscribers): 5 years from the date you join, or until you unsubscribe. If you do not engage with emails for 2 years, we may delete your email address
- Order and transaction data: 7 years (required for Italian and EU tax and accounting compliance)
- Consent records: 5 years minimum (required for GDPR audit purposes)
- Google Analytics data: 26 months (Google's default retention period)
- Payment information stored by Stripe: According to Stripe's data retention policies
- Cookies: Session cookies expire when you close your browser; persistent cookies last up to 12 months unless deletedWhen data retention periods expire, we securely delete your information or anonymize it.## Sharing Your DataWe do not sell or rent your personal data to third parties. However, we share data with trusted service providers who assist us in operating our website and delivering services:- Stripe – Payment processor (USA, protected by Standard Contractual Clauses)
- Brevo – Email marketing platform (France, GDPR-compliant)
- Google Analytics – Website analytics (USA, protected by Standard Contractual Clauses and Google's Data Processing Amendment)
- Facebook – Remarketing and advertising platform (USA, protected by Standard Contractual Clauses)
- BRT Bartolini – Shipping and logistics partner (Italy, for order fulfillment only; does not store customer data)All third parties are contractually obligated to process data only for specified purposes and to maintain GDPR compliance.## International Data TransfersSome of our service providers are based outside the EU/EEA (specifically in the USA). To ensure your data is protected, we have implemented Standard Contractual Clauses (SCCs) with these providers to guarantee adequate levels of data protection equivalent to GDPR standards.## Your Rights Under GDPRAs a data subject, you have the following rights:- Right to access: You can request a copy of all personal data we hold about you
- Right to rectification: You can request correction of inaccurate or incomplete data
- Right to erasure ("right to be forgotten"): You can request deletion of your data, subject to legal retention obligations
- Right to restrict processing: You can limit how we use your data
- Right to data portability: You can request your data in a structured, portable format
- Right to object: You can object to marketing, profiling, or certain processing activities
- Right to withdraw consent: You can unsubscribe from marketing emails at any time by clicking the "unsubscribe" link in any email
- Right to lodge a complaint: You can file a complaint with your local Data Protection Authority## How to Exercise Your RightsTo exercise any of the above rights, please contact us at:Email: [email protected]We will respond to your request within 30 days (as required by GDPR). If we require additional information to verify your identity, we may extend this timeline by up to 2 months.## Cookies and Tracking Technologies### What Are Cookies?
Cookies are small files placed on your device by our website to store information about your preferences and activities.### Types of Cookies We Use- Necessary Cookies: Required for basic site functionality (security, shopping cart, login). These are always enabled and do not require consent.
- Performance/Analytics Cookies: Collect anonymized data about how you use our site to help us improve. Provided by Google Analytics.
- Marketing/Remarketing Cookies: Allow us to show you relevant ads on other platforms. Provided by Facebook Pixel.### Your Cookie ChoicesYou can control cookies through:
- Our website's cookie consent banner (managed by Silktide)
- Your browser's cookie settings
- Opting out of Google Analytics via Google's opt-out extension
- Facebook's Ad Preferences: https://www.facebook.com/ads/preferencesRefusing non-necessary cookies may affect your experience, but the website will remain functional.## Automated Decision-MakingWe do not use automated decision-making or profiling that produces legal or similarly significant effects on you. All decisions regarding your account, orders, or eligibility are made by our team, not by automated systems.## Data SecurityYour data is protected by:- Secure, encrypted storage on GDPR-compliant platforms
- Payment data encrypted and processed by Stripe (PCI-DSS compliant)
- Email data stored securely by Brevo
- Limited access to data (only authorized staff)
- Regular security reviews and updatesWhile we implement strong security measures, no system is 100% secure. Please protect your account credentials and contact us immediately if you suspect unauthorized access.## Mandatory vs. Optional Data| Data Field | Mandatory/Optional | Purpose |
| --- | --- | --- |
| Email address | Mandatory | Account creation, marketing communication, order confirmation |
| Phone number | Optional | Order fulfillment and customer service |
| First name | Optional | Personalization and shipping |
| Last name | Optional | Personalization and shipping |
| Address, city, postal code, country | Mandatory for orders | Order shipping and fulfillment |Without mandatory fields, we cannot complete your purchase or send marketing communications. Optional fields help us personalize your experience but are not required.## Children's PrivacyAutentibox does not knowingly collect or process personal data from children under 16 years of age. If we become aware that we have collected data from a child without parental consent, we will delete it immediately. Parents or guardians concerned about data collection can contact us at [email protected].## Third-Party LinksOur website may contain links to external websites (social media, payment processors, etc.). We are not responsible for their privacy practices. Please review their privacy policies before providing any information.## Changes to This Privacy PolicyWe may update this Privacy Policy to reflect changes in our business, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on our website with a revised "Last Updated" date. Continued use of our website after changes constitutes your acceptance of the updated policy.## Complaints and Contact Information### Questions About Privacy?
Email: [email protected]
Postal Address: Via Lungomare SNC, Minturno, Italy### Right to Lodge a Complaint
If you believe your data rights have been violated or have concerns about our privacy practices, you have the right to lodge a complaint with your local Data Protection Authority:- Denmark: Datatilsynet (www.datatilsynet.dk)
- Italy: Garante per la protezione dei dati personali (www.garanteprivacy.it)
- Other EU countries: Visit www.edpb.eu to find your country's authorityYou can file a complaint with any Data Protection Authority in the EU, regardless of where you live or where the violation occurred.## Data Processing Agreement (DPA)For business partners or entities requesting a formal Data Processing Agreement, please contact us at [email protected]. We will provide a standard DPA template upon request.---Effective Date: November 10, 2025This Privacy Policy is compliant with the General Data Protection Regulation (GDPR EU 2016/679), Danish Data Protection Act, and applicable Italian data protection laws.------# Cookie PolicyLast updated: November 10, 2025This Cookie Policy explains what cookies are, how Autentibox uses them, and your choices regarding their use. This policy applies to our website www.autentibox.com and is an extension of our main Privacy Policy.## What Are Cookies?Cookies are small text files that are stored on your device (computer, tablet, or mobile phone) when you visit our website. They allow websites to recognize your device and remember information about your visits, preferences, and activities.Types of Cookies:
- Session cookies: Expire when you close your browser and are used for temporary functionality
- Persistent cookies: Remain on your device for a specified period (usually up to 12 months) and allow us to recognize you on future visits
- First-party cookies: Set by Autentibox directly
- Third-party cookies: Set by external providers (Google, Facebook, etc.)## Why We Use CookiesWe use cookies for the following purposes:### 1. Necessary/Technical Cookies
These cookies are essential for the website to function properly:
- Site navigation and shopping cart functionality
- User authentication and session management
- Security and fraud prevention
- Payment processingStatus: Always enabled (no consent required)### 2. Performance/Analytics Cookies
These cookies help us understand how visitors use our website:
- Provider: Google Analytics
- Purpose: Track page views, user behavior, click patterns, and traffic sources
- Retention: 26 months
- Impact: Allows us to optimize website performance and contentStatus: Requires your consent### 3. Marketing/Remarketing Cookies
These cookies enable personalized advertising:
- Provider: Facebook Pixel
- Purpose: Track your interactions with our website and show you relevant ads on Facebook and Instagram
- Retention: Up to 12 months
- Impact: Helps us reach interested customers with relevant promotionsStatus: Requires your consent### 4. Social Media Cookies
If you interact with our Facebook Page or share content:
- Provider: Facebook
- Purpose: Enable social media features, measure engagement, and deliver personalized contentStatus: Governed by Facebook's cookie policy; requires your consent## Your Cookie Choices### Managing Cookies Through Our WebsiteWhen you first visit our website, you will see a cookie consent banner (powered by Silktide). You can:
- Accept all cookies: Enable all tracking and analytics
- Reject non-essential cookies: Allow only necessary cookies for site functionality
- Manage preferences: Customize which types of cookies you acceptYou can change your cookie preferences at any time by clicking the cookie banner again on our website.### Managing Cookies Through Your BrowserYou can also control cookies directly through your browser settings:
- Chrome: Settings > Privacy and security > Cookies and other site data
- Firefox: Preferences > Privacy & Security > Cookies and Site Data
- Safari: Preferences > Privacy > Manage Website Data
- Edge: Settings > Privacy, search, and services > Clear browsing dataYou can:
- View all cookies stored on your device
- Delete cookies from specific websites
- Block all cookies or only third-party cookies
- Enable "Do Not Track" (if your browser supports it)Note: Disabling cookies may affect website functionality, such as shopping cart persistence or login features.### Opting Out of Third-Party TrackingGoogle Analytics:
- Download and install Google Analytics Opt-out Browser Extension: https://tools.google.com/dlpage/gaoptout
- Or adjust your Google Ad Settings: https://myaccount.google.com/ads-and-dataFacebook:
- Visit Facebook's Ad Preferences: https://www.facebook.com/ads/preferences
- Adjust your ad targeting settings and opt out of off-Facebook activity tracking### Do Not Track (DNT)
If your browser supports Do Not Track signals, we will honor your DNT preference. However, many websites and third-party services do not currently recognize DNT signals.## Third-Party CookiesWe use cookies from the following third parties:| Provider | Purpose | Cookie Type | Policy |
| --- | --- | --- | --- |
| Google Analytics | Website analytics and performance | Analytics | Google Privacy Policy |
| Facebook Pixel | Remarketing and ad targeting | Marketing | Facebook Data Policy |
| Stripe | Payment processing | Technical | Stripe Privacy |
| Brevo | Email marketing analytics | Analytics | Brevo Privacy |Each third party has its own cookie policy and privacy practices. We recommend reviewing their policies for more information about how they use cookies.## Cookie Retention- **Session cookie
