Privacy Policy

Last updated: 6 April 2026

1. Who we are

Sfarzo ("we", "us", "our") operates this website. We are the data controller for the personal data we collect through the site. For contact details, see the Contact section below.

2. What data we collect and why

We collect and process personal data only where we have a lawful basis (consent, contract, or legitimate interest). The data we collect includes:

• Account data: If you register, we store your email, username, and password (hashed). We use this to provide your account, manage orders, and communicate with you about your account (e.g. verification, password reset).
• Order data: When you place an order, we collect name, email, address, phone, and payment-related identifiers. We use this to fulfil the order, process payments, and comply with legal obligations.
• Contact form and newsletter: If you submit the contact form or join the mailing list, we store your email (and name/message for the form). We use this to respond to you or send newsletters only where you have consented.
• Cookies and similar tech: We use cookies for essential functions (e.g. keeping you logged in) and, with your consent, to remember preferences. See our Cookie notice and the section below.

3. Retention

We keep your data only as long as necessary for the purposes above or as required by law. Account data is retained until you close your account or request deletion. Order data may be retained for legal and accounting purposes (e.g. tax) in anonymised or pseudonymised form after account deletion. Contact and newsletter data is retained until you unsubscribe or ask us to delete it.

4. Your rights (GDPR)

If you are in the European Economic Area (or similar regime), you have the right to:

• Access — Request a copy of the personal data we hold about you.
• Rectification — Ask us to correct inaccurate data.
• Erasure — Request deletion of your data ("right to be forgotten"), subject to legal exceptions (e.g. we may retain order data in anonymised form where required).
• Portability — Receive your data in a structured, machine-readable format.
• Object — Object to processing based on legitimate interests or for marketing.
• Withdraw consent — Where we rely on consent (e.g. marketing), you may withdraw it at any time.

To exercise these rights, contact us via the Contact page. You also have the right to lodge a complaint with a supervisory authority in your country.

5. Cookies

We use cookies for: (1) essential operation of the site (e.g. authentication); (2) storing your cookie consent preference. We may use additional cookies (e.g. analytics) only with your consent. You can change your preferences via our cookie notice or your browser settings. For more detail on the cookies we use, see the notice shown when you first visit the site.

6. Security and sharing

We implement appropriate technical and organisational measures to protect your data. We do not sell your personal data. We may share data with service providers (e.g. hosting, payment processing, email delivery) who act on our instructions and are bound by confidentiality. We may disclose data where required by law or to protect our rights.

7. Contact

For privacy enquiries, to exercise your rights, or to contact a data protection contact, please use our Contact page.