Privacy policy

(Pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 – GDPR)

At historic-brand.com, we believe that the privacy and protection of our visitors’ and customers’ personal data are fundamental. With this Privacy Policy, we aim to clearly explain:

  • which personal data we collect;

  • the purposes for which we use them;

  • the legal bases for processing;

  • how long we retain the data;

  • the rights granted to users;

  • how cookies and other tracking tools are managed.

This Privacy Policy applies to anyone who interacts with the web services offered by Historic-brand.com, accessible from the website historic-brand.com, regardless of the location from which the user connects.

Please note that this Privacy Policy does not apply to other websites that may be accessed via links on this site, as such websites have their own privacy policies.

Users are encouraged to review this page periodically, as this Privacy Policy may be subject to updates, including changes due to new regulations or developments in our services.

1. Data Controller

The Data Controller of personal data is:

LBW SRL, with registered office at Via Brescia 60/A – 25020 Bassano Bresciano (BS) – Italy.

For any request or to exercise your rights, you may contact us at the following email address: info@lbw-srl.it.

If a Data Protection Officer (DPO) has been appointed, their contact details are as follows:
[insert DPO details if applicable].

2. Scope and Purposes of Processing

2.1 Purposes

Personal data collected through the website may be processed for the following purposes:

a) Provision of requested services, such as order management, shipping, invoicing, and customer support.

b) User account registration, login, access to the customer area, and management of the contractual relationship.

c) Sending newsletters or promotional communications, only if the user has given consent (see Articles 6 and 7 GDPR).

d) Anonymous statistical analysis of visitors (e.g., traffic logs) and improvement of the website.

e) Compliance with legal or regulatory obligations (e.g., tax and accounting requirements).

f) Management of cookies and tracking tools, as described in the dedicated section.

g) Direct marketing and profiling activities, only with explicit consent where required.

2.2 Legal Bases

  • Processing necessary for the performance of a contract or pre-contractual measures: Article 6(1)(b) GDPR.

  • Processing necessary for compliance with a legal obligation: Article 6(1)(c) GDPR.

  • Processing based on consent: Article 6(1)(a) GDPR and Article 7 GDPR.

  • Processing based on the legitimate interest of the Data Controller (e.g., system logs, security): Article 6(1)(f) GDPR, provided that such interest does not override the fundamental rights and freedoms of the data subject.

3. Categories of Data Processed

3.1 Automatically Collected Data

When users visit the website, certain technical data may be automatically collected, including IP address, browser type and version, operating system, date and time of access, page requests, referring URL, and number of clicks. These data are processed in aggregated form (not directly identifiable) for statistical analysis, website management, and security purposes.

3.2 Data Provided by the User

If users choose to register, make a purchase, subscribe to the newsletter, submit a contact request, or apply for a position, they may provide personal data such as name, surname, email address, shipping address, phone number, and billing details.

3.3 Special Categories of Data

We do not collect data revealing racial or ethnic origin, political opinions, religious beliefs, biometric or health data, etc., unless required by law or for specific authorized activities.

4. Cookies and Tracking Tools

The website uses cookies and similar technologies to ensure proper functioning and improve the user experience. In accordance with the guidelines of the Italian Data Protection Authority (effective from 9 January 2022) regarding cookies, users must provide informed and active consent for profiling or non-essential cookies.

4.1 Types of Cookies

  • Technical cookies: necessary for website functionality (login, session management, security). Consent is not required.

  • Analytics cookies: collect anonymous data for statistical analysis. They may be treated as technical cookies if managed directly by the Data Controller without profiling.

  • Profiling / remarketing cookies: track user navigation and create profiles for commercial purposes. Prior consent is required.

  • Third-party cookies: installed by external domains for analytics, advertising, or social media integration. These also require specific consent.

4.2 Consent Management and Withdrawal

Users may modify or withdraw their consent at any time via the cookie banner or browser settings. Disabling cookies may limit access to certain sections of the website.

4.3 Third-Party Privacy Policies

Users are encouraged to review the cookie and privacy policies of any third-party services used (e.g., social plugins, analytics tools, advertising services).

5. Data Retention Periods

Personal data will be retained only for the time strictly necessary to achieve the purposes for which they were collected and in compliance with applicable legal requirements.

  • Data related to purchases, invoicing, and accounting obligations: retained for the period required by tax and accounting regulations.

  • Data collected for marketing/promotional purposes: retained until consent is withdrawn or the data subject objects.

  • Data processed for security purposes (logs, access records, firewalls): retained for the time strictly necessary to achieve the purpose.

In any case, unless otherwise required by law, data will not be retained for more than 5 years, in line with standard practice (e.g., contracts, invoicing).

(Note: verify whether this retention period is appropriate based on the specific nature of the data/service and the recommendations of the Data Protection Authority.)

6. Data Disclosure and Transfer

Personal data may be disclosed to external parties (technical service providers, hosting providers, shipping companies, payment providers, marketing agencies) acting as Data Processors pursuant to Article 28 GDPR. Such parties are selected through contractual arrangements that ensure confidentiality and adequate security measures.

If personal data are transferred to countries outside the EU, the provisions of Chapter V of the GDPR (Articles 44 et seq.) will be complied with, and appropriate safeguards will be adopted (standard contractual clauses, adequacy decisions, etc.).

7. Rights of the Data Subject

Pursuant to Articles 15–22 GDPR, users have the right to:

  • obtain confirmation as to whether personal data concerning them are being processed and access such data (Art. 15);

  • request rectification of inaccurate data and completion of incomplete data (Art. 16);

  • request erasure of personal data (“right to be forgotten”), where applicable (Art. 17);

  • request restriction of processing (Art. 18);

  • object to processing based on legitimate interest, for legitimate reasons (Art. 21);

  • request data portability where processing is based on consent or contract and carried out by automated means (Art. 20);

  • withdraw consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal;

  • lodge a complaint with the Supervisory Authority (in Italy, the Garante per la Protezione dei Dati Personali) (Art. 77).

Requests should be addressed to the Data Controller as indicated in Section 1. We will respond within the statutory time limits (generally within one month, subject to justified extensions).

8. Data Security

The Data Controller implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, in accordance with Article 32 GDPR and the guidelines of the Italian Data Protection Authority (e.g., pseudonymization, encryption, resilience measures).

Access to personal data is limited to authorized personnel and qualified external parties acting as Data Processors under the instructions of the Data Controller.

In the event of a personal data breach that is likely to result in a high risk to the rights and freedoms of individuals, the Data Controller will notify the Supervisory Authority within 72 hours, unless the breach is unlikely to result in such a risk.

9. Minors

The website is not intended for users under the age of 14, pursuant to Article 2-quinquies of the Italian Privacy Code (Legislative Decree 196/2003, as amended) and Article 8 GDPR.

If a user believes that personal data of a minor have been collected without parental consent, they may contact us using the details provided in Section 1 to request deletion.

10. Profiling and Marketing

Where explicit consent has been provided, personal data may be used for profiling activities and the sending of personalized marketing communications. Users may withdraw consent at any time and object to the processing of their data for direct marketing purposes.

Promotional communications via email, SMS, or phone are carried out only with prior consent and in accordance with Article 130 of the Italian Privacy Code and the guidelines of the Data Protection Authority.

11. Links to Other Websites / Social Plugins

Our website may contain links to other websites (e.g., social networks) that operate independently from Historic-brand.com. We are not responsible for the personal data processing practices of such websites. Users are encouraged to review their respective privacy policies.

Where social plugins or buttons are present, consent is required before such tools install profiling cookies or initiate automated processing.

12. Updates to This Privacy Policy

This Privacy Policy may be subject to changes, including those resulting from new regulations or guidance from the Data Protection Authority. The updated version will be published on this page with an indication of the revision date.

Last updated: 18/10/2025