Privacy Policy

HossiShop is operated by Hossain Mosharef, a sole trader (Ditta Individuale) registered in Italy.

• Business name: HossiShop
• Owner: Hossain Mosharef
• Address: Via Milano 25f, 30172 Venice (VE), Italy
• Email: privacy@hossishop.online
• Website: https://hossishop.com

As the data controller, we are committed to protecting your personal data in accordance with Regulation (EU) 2016/679 (GDPR) and Italian Legislative Decree 196/2003 as amended.

We collect the following categories of personal data:

• Identity data: first name, last name
• Contact data: email address, phone number (optional)
• Address data: billing and shipping address
• Transaction data: order details, payment confirmation (we do not store card data — payments are processed by Stripe)
• Technical data: IP address, browser type, device information, cookies
• Usage data: pages visited, products viewed, cart activity
• Marketing data: email preferences, if you have opted in

We use your data for the following purposes and legal bases:

• To process your order — contractual necessity (Art. 6(1)(b) GDPR)
• To send order and shipping confirmations — contractual necessity
• To process payments via Stripe — contractual necessity
• To handle returns and refunds — contractual necessity
• To send marketing emails — consent (Art. 6(1)(a) GDPR) — only if you have opted in
• To analyse website traffic and improve our services — legitimate interest (Art. 6(1)(f) GDPR)
• To comply with legal obligations — legal obligation (Art. 6(1)(c) GDPR)

We use cookies and similar tracking technologies. Please refer to our Cookie Policy for full details.

Essential cookies are placed without consent as they are strictly necessary for the website to function. Non-essential cookies (analytics, marketing) are placed only with your explicit consent.

We share data with trusted third parties only where necessary:

• Stripe Inc. — payment processing (USA; covered by Standard Contractual Clauses)
• WooCommerce / Automattic — order management
• Cloudflare Inc. — CDN and security (USA; covered by SCC)
• Shipping carriers (e.g. DHL, GLS, Poste Italiane) — order fulfilment
• Suppliers (CJ Dropshipping, Eprolo) — order fulfilment — only name and shipping address

We do not sell your personal data to third parties.

• Order data: retained for 10 years to comply with Italian tax law (D.P.R. 600/1973)
• Marketing data: retained until you unsubscribe or withdraw consent
• Technical/cookie data: retained for up to 13 months

Under the GDPR you have the following rights:

• Right of access — request a copy of your personal data
• Right to rectification — correct inaccurate data
• Right to erasure — request deletion ("right to be forgotten")
• Right to restrict processing — pause how we use your data
• Right to data portability — receive your data in a machine-readable format
• Right to object — object to processing based on legitimate interests
• Right to withdraw consent — at any time where processing is based on consent

To exercise any of these rights, contact us at privacy@hossishop.online. We will respond within 30 days.

You also have the right to lodge a complaint with the Italian data protection authority: Garante per la protezione dei dati personali — www.garanteprivacy.it

We use industry-standard security measures including SSL/TLS encryption, Cloudflare WAF protection, and access controls. Payment data is handled exclusively by Stripe and never stored on our servers.

We may update this policy from time to time. We will notify you of significant changes by email or by posting a notice on our website. The date at the top of this page indicates the most recent revision.

For any privacy-related enquiries: privacy@hossishop.online