Privacy Policy

INFORMATION ON THE PROCESSING OF PERSONAL DATA pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR)


The following information is prepared pursuant to art. 13 of EU Regulation 2016/679 by eCommerce Outsourcing s.r.l., a company subject to management and coordination by Giglio Group s.p.a. (VAT number 07396371002), with registered office in Piazza Generale Armando Diaz 6, 20123 Milan.

  1. Identity and contact details of the data controller

eCommerce Outsourcing s.r.l with registered office in via Sesia 5, 20017 Rho (MI), registered in the Milan Company Register under no. 2034727, tax code and VAT. 08576060969 (hereinafter, also “eCommerce Outsourcing” or the “Owner”), is the data controller of the users’ personal data provided when accessing the website (“Site”)

eCommerce Outsourcing can be contacted at the following addresses:

– Address: via Sesia 5, 20017 Rho (MI)

– Telephone number: 800002548

– e-mail address:

eCommerce Outsourcing will process the personal data provided by users through the Site under the following conditions.

In this information, the definitions in the singular also include those in the plural, and vice versa.

  1. Contact details of the Data Protection Officer

Users can contact the data protection officer (“Data Protection Officer” or “DPO”) for all matters relating to the processing of their personal data and the exercise of their rights deriving from the GDPR at the address: dpo @ terashop .it

  1. Purpose and legal basis of the processing. Mandatory or optional conferment. Consequences of refusal to process.

eCommerce Outsourcing will process the user’s personal data:

To respond by e-mail to user requests sent via the contact form on the Site (“write to us”). The provision of data for this purpose is optional: that is, there is no legal and / or contractual obligation to communicate data, but the user’s refusal to provide the data in question will make it impossible for eCommerce Outsourcing to respond to the requests of the user. The legal basis of the processing is the legitimate interest of eCommerce Outsourcing to respond to user requests.


eCommerce Outsourcing will keep the personal data provided by users on the Site to give correct execution to user requests no longer than the time necessary to satisfy such requests.

  1. Categories of subjects to whom the Data Controller communicates the user’s personal data (recipients)

The subjects to whom eCommerce Outsourcing communicates the data, act as data processors designated by eCommerce Outsourcing (“Data Processors”) or persons authorized to process personal data under the direct authority of eCommerce Outsourcing (“Officers”) , or in the case of third parties that the Data Processor uses, as “Sub-Managers”, pursuant to art. 28.4 of the GDPR, except in cases where the recipients act as independent data controllers.

Further information

The personal data provided by the user can be communicated by eCommerce Outsourcing to the categories of recipients indicated below.

– companies of the group to which eCommerce Outsourcing belongs and / or to employees and / or collaborators of eCommerce Outsourcing for the performance of administration, accounting and IT and logistical support activities;

– to all those subjects (including Public Authorities) who have access to personal data by virtue of regulatory or administrative provisions;

– to companies, consultants or professionals who may be in charge of installation, maintenance, updating and, in general, the management of eCommerce Outsourcing hardware and software, including cloud computing service providers;

– to all those public and / or private subjects, natural and / or legal persons (legal, administrative and tax consultancy firms, Judicial Offices, Chambers of Commerce, Chambers and Labor Offices, etc.), if the communication is necessary or functional to the correct fulfillment of the contractual obligations assumed in relation to the services on the Site, as well as the obligations deriving from the law or in the case of ascertaining, exercising or defending a right.

The list of recipients is available at the eCommerce Outsourcing headquarters.

Data concerning users will not be disclosed.

  1. Transfer to third countries

The entire processing of personal data takes place in countries within the borders of the European Union.

  1. Rights of the interested party

The interested party has the right to:

– ask the Data Controller to confirm whether or not personal data concerning him is being processed and, in this case, to obtain access to personal data (right of access);

– obtain from the Owner

and of data processing, the correction of personal data concerning him without undue delay. Taking into account the purpose of the processing, the interested party has the right to obtain the integration of incomplete personal data, also by providing an additional declaration (right of rectification);

– obtain from the Data Controller the cancellation of personal data concerning him without undue delay, except in legitimate cases of exemption (right of cancellation);

– obtain from the Data Controller the limitation of the treatment when one of the following hypotheses occurs (right of limitation):

The data subject disputes the accuracy of personal data for the period of time necessary for the data controller to verify the accuracy of such personal data;

The processing is unlawful and the interested party opposes the deletion of personal data and instead requests that its use be limited;

Although the Data Controller no longer needs it for processing purposes, the personal data are necessary for the data subject to ascertain, exercise or defend a right in court;

The interested party opposed the treatment in the hypothesis of treatment based on the legitimate interest of the Data Controller, for reasons connected to his particular situation, pending verification of the possible prevalence of the legitimate reasons of the Data Controller to those of the interested;

– receive from the Data Controller in a structured format, commonly used and readable by an automatic device, the personal data concerning him and has the right to transmit such data to another data controller without impediments (right to data portability );

– propose a complaint to a supervisory authority (eg: the Guarantor for the protection of personal data) if it believes that the processing that concerns it violates the GDPR.

– to oppose for reasons connected to his particular situation, to the processing of personal data concerning him, having as its legal basis the legitimate interest of the Data Controller (right of opposition). In the case of exercising the right of opposition, the Data Controller refrains from further processing the personal data, unless he demonstrates the existence of compelling legitimate reasons to proceed with the processing that prevail over the interests, rights and freedoms of the ‘interested party or for the assessment or defense of a right in court.

The above rights may be exercised with a request addressed without formalities to the Data Controller at the following address:

  1. Changes

The Data Controller reserves the right to make changes to this information at any time, giving appropriate publicity to the users of the Site and ensuring in any case an adequate and similar protection of personal data. In order to view any changes, users are invited to regularly consult this information.