Privacy Policy

Last Updated: May 07, 2026

Welcome to the brosworld.it website (hereinafter the "Website"). This Privacy Policy aims to describe how the Website is managed regarding the processing of personal data of users who browse and make purchases on it.

The processing of personal data is carried out in full compliance with Regulation (EU) 2016/679 (GDPR) and the current national legislation on personal data protection.

1. Data Controller

The Data Controller is:

Pellegrino Brothers Srl
Registered office: SS172, 59, Martina Franca, (TA)
VAT / Tax Code: 04993990755
Email: info@pellegrinobrothers.it

2. Types of Data Collected

While browsing and using the Website, the Data Controller collects the following categories of data:

  • Navigation Data: The computer systems and software procedures used to operate this Website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols (e.g., IP addresses, computer domain names, time of the request, parameters relating to the user's operating system). This data is used solely to obtain anonymous statistical information on the use of the Website and to check its correct functioning.
  • Data provided voluntarily by the user: When purchasing official merchandise, registering an account, or filling out the contact form, we collect the data necessary to provide the service: first name, last name, billing and shipping address, email address, and phone number.
  • Payment Data: To process transactions, we collect payment data. This data is managed securely directly by the payment gateways (e.g., PayPal, Stripe, or banking networks) and does not pass through nor is it saved on the servers of Pellegrino Brothers Srl.

3. Purposes and Legal Basis for Processing

The personal data collected is processed for the following purposes:

  1. Contract Execution: To manage and process merchandise orders, arrange shipments, handle any returns or refunds, and provide customer support.
    • Legal basis: Execution of a contract to which the data subject is a party or execution of pre-contractual measures (Art. 6, par. 1, let. b, GDPR).
  2. Compliance with Legal Obligations: To comply with accounting, tax, or legal obligations required by current legislation.
    • Legal basis: Legal obligation to which the Data Controller is subject (Art. 6, par. 1, let. c, GDPR).
  3. Statistical Analysis and Service Improvement: To analyze Website traffic and user behavior through tools like Google Analytics 4, in order to optimize the browsing experience.
    • Legal basis: Consent of the data subject, provided by accepting analytical cookies in the banner (Art. 6, par. 1, let. a, GDPR).
  4. Marketing and Newsletter: To send promotional communications, discounts, and product updates from the Pellegrino Brothers brand.
    • Legal basis: Optional and explicit consent of the data subject (Art. 6, par. 1, let. a, GDPR), which can be revoked at any time.

4. Processing Methods and Data Retention Periods

Data processing is carried out using IT and telematics tools, with logic strictly related to the stated purposes and in compliance with adequate technical and organizational security measures (e.g., SSL/HTTPS certificates, WordPress platform updates) to prevent data loss, illicit use, unauthorized access, or alterations.

The data will be retained for the time strictly necessary to achieve the purposes for which it was collected:

  • Data relating to purchases and billing will be kept for 10 years, as required by Italian tax and civil law.
  • Data collected for marketing purposes will be retained until the user revokes their consent.
  • Navigation and statistical data are retained for limited periods based on the settings of the analytics service (typically 2 to 14 months).

5. Data Recipients and Extra-EU Transfers

Personal data will not be disseminated in any way but may be communicated to third parties strictly necessary for the execution of the services offered by the Website, including:

  • Couriers and forwarding agents for product delivery.
  • Payment service providers (gateways).
  • Web hosting and maintenance service providers.
  • Accounting and tax consultants of the Data Controller.

Some providers (for example, Google LLC for the use of Google Analytics 4) reside or process data outside the European Economic Area (EEA). In these cases, the Data Controller ensures that the transfer takes place in compliance with applicable legal provisions, based on adequacy decisions (e.g., the EU-US Data Privacy Framework) or on Standard Contractual Clauses (SCCs) approved by the European Commission.

6. Data Subject's Rights

Pursuant to Articles 15-22 of the GDPR, the user has the right to ask the Data Controller at any time for:

  • Access: to obtain confirmation as to whether or not personal data concerning them is being processed, and, where that is the case, access to the personal data.
  • Rectification: to request the updating or correction of inaccurate data.
  • Erasure (Right to be forgotten): to request the deletion of data if no longer necessary or in the event of withdrawal of consent.
  • Restriction: to request the temporary blocking of processing under specific conditions.
  • Portability: to receive their data in a structured, commonly used, and machine-readable format, to transmit it to another Data Controller.
  • Objection: to object to processing for reasons related to their particular situation or object to processing for direct marketing purposes.

The user always has the right to revoke previously given consent (e.g., for sending newsletters or for analytical cookies) without affecting the lawfulness of processing based on consent before its withdrawal.

To exercise their rights, the user can send a written request to Pellegrino Brothers Srl at the email address: info@pellegrinobrothers.it.

The user also has the right to lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it) if they believe that the processing of their data is contrary to current legislation.