PRIVACY POLICY

Last Updated: 08/07/2025

BARÇOBATTO GbR (“we”, “us”, or “our”) is committed to protecting your privacy. This Privacy Policy specifies how we collect, use, and safeguard your personal data when you visit or make a purchase from www.barcobatto.com (our "Website").

We process your personal data in compliance with the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679), the German Federal Data Protection Act (BDSG), and other applicable data protection laws.

1. Data Controller

The data controller responsible for the processing of your personal data on this Website is:

BARÇOBATTO GbR
Ohlauer Strasse 18, 10999 Berlin, Germany
Email: info@barcobatto.com 

This website is hosted on Squarespace.

If you have any questions about this Privacy Policy or our data protection practices, please contact us using the details above.

2. Types of Data Collected

When interacting with or making a purchase through our Website, we may collect and process various types of personal data from you directly through our purchasing process or via our host, Squarespace, and other integrated service providers, including:

  • Identity Data: Name, surname.

  • Contact Data: Billing address, shipping address, email address, telephone number.

  • Financial Data: Payment card details (processed by our payment service providers, not directly stored by us), bank account details for refunds.

  • Transaction Data: Details about products and services you have purchased from us.

  • Technical Data: Internet Protocol (IP) address, browser type and version, time zone setting, location, operating system and platform, and other technology on the devices you use to access this Website.

  • Usage Data: Information about how you use our Website, products, and services (e.g., pages visited, time spent on pages, clickstream data).

  • Marketing and Communications Data: Your preferences in receiving marketing from us and our third parties and your communication preferences.

  • Voluntarily Provided Data: Any other information you choose to provide to us, for example, when contacting customer service.

3. Data Collection Methods

We use different methods to collect data from and about you, including:

  • Direct Interactions: You may give us your Identity, Contact, and Financial Data by filling in forms or by corresponding with us by post, phone, email, or otherwise. This includes personal data you provide when you:

    • Place an order for our products.

    • Create an account on our Website.

    • Subscribe to our newsletter.

    • Request marketing materials.

    • Contact customer service.

  • Automated Technologies or Interactions: As you interact with our Website, we may automatically collect Technical Data and Usage Data about your equipment, Browse actions, and patterns through our host Squarespace. We collect this personal data by using cookies, server logs, and other similar technologies. Please see our "Cookies" section below for more details.

  • Third Parties or Publicly Available Sources: We may receive personal data about you from various third parties and public sources, such as analytics providers (e.g., Google Analytics), advertising networks, and payment service providers.

4. Legal Basis for Data Processing

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Performance of a Contract: Where we need to perform the contract we are about to enter into or have entered into with you (e.g., to process your order and deliver your products).

  • Legitimate Interests: Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests (e.g., for direct marketing, website improvement, fraud prevention).

  • Legal Obligation: Where we need to comply with a legal or regulatory obligation (e.g., tax laws, accounting requirements, consumer protection laws).

  • Consent: Where you have given explicit consent to the processing of your personal data for a specific purpose (e.g., for sending you a newsletter or for certain non-essential cookies). You have the right to withdraw consent at any time where we are relying on consent to process your personal data.

5. Data Sharing

We may share your personal data with the following categories of third parties for the purposes set out in this Privacy Policy:

  • Service Providers: Third parties who provide services on our behalf, such as website hosting, payment processing, order fulfillment, delivery services, IT and system administration services, hosting services, and marketing support.

  • Professional Advisors: Lawyers, bankers, auditors, and insurers who provide consultancy, banking, legal, insurance, and accounting services.

  • Governmental and Regulatory Authorities: Where required by law or necessary to protect our rights or the safety of others.

  • Analytics and Advertising Partners: As detailed in our "Cookies" section.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions and applicable data protection agreements.

6. International Data Transfers (Suggested New Category)

We may transfer your personal data to countries outside the European Economic Area (EEA) if our service providers are located in or process data in such countries. 

Our Website hosting and related services are provided by Squarespace Ireland Limited, whose main place of business is in Ireland, within the EEA. Therefore, for the primary hosting of your website and data via Squarespace Ireland Limited, data processing occurs within the EEA. 

However, Squarespace Ireland Limited, in turn, uses sub-processors, including Squarespace, Inc. in the United States, to provide its services. When your personal data is transferred to sub-processors outside the EEA (such as to the United States), we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented by Squarespace:

  • Squarespace, Inc. is certified under the EU-US Data Privacy Framework (DPF). This provides a legal mechanism for the transfer of personal data from the EEA to the US while ensuring adequate data protection standards.

  • Where other service providers outside the EEA are used, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission, which ensure personal data receives the same protection as in Europe, or other equivalent mechanisms that ensure adequate protection.

7. Cookies

Our Website uses cookies and similar tracking technologies to enhance your Browse experience, analyze Website traffic, and for marketing purposes. Cookies are small text files stored on your device.

  • Necessary Cookies: These are essential for the operation of our Website (e.g., to enable you to log into secure areas of our Website or use a shopping cart).

  • Analytical/Performance Cookies: These allow us to recognize and count the number of visitors and to see how visitors move around our Website when they are using it. This helps us to improve the way our Website works.

  • Functionality Cookies: These are used to recognize you when you return to our Website. This enables us to personalize our content for you.

  • Targeting/Advertising Cookies: These cookies record your visit to our Website, the pages you have visited, and the links you have followed. We will use this information to make our Website and the advertising displayed on it more relevant to your interests.

You have the right to accept or decline cookies. Please note that disabling cookies may prevent you from taking full advantage of the Website.

8. Your Data Rights

Under GDPR, you have the following rights regarding your personal data:

  • Right to Access (Art. 15 GDPR): You have the right to request a copy of the personal data we hold about you.

  • Right to Rectification (Art. 16 GDPR): You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.

  • Right to Erasure ("Right to be Forgotten") (Art. 17 GDPR): You have the right to request that we delete your personal data under certain conditions.

  • Right to Restriction of Processing (Art. 18 GDPR): You have the right to request that we restrict the processing of your personal data under certain conditions.

  • Right to Data Portability (Art. 20 GDPR): You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format and have the right to transmit that data to another controller.

  • Right to Object (Art. 21 GDPR): You have the right to object to our processing of your personal data, particularly where we are relying on legitimate interests.

  • Right to Withdraw Consent (Art. 7(3) GDPR): Where we are relying on consent to process your personal data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of any processing carried out before you withdraw your consent.

To exercise any of these rights, please contact us at info@barcobatto.com. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

9. External Website Hosting

Our Website is hosted by Squarespace Ireland Limited, located at Squarespace House, Ship Street Great, Dublin 8, D08N12C, Ireland. As an entity within the European Economic Area (EEA), the primary processing of your website and data by Squarespace occurs within the EEA.

However, Squarespace Ireland Limited may, in turn, use sub-processors, including its parent company, Squarespace, Inc., located in the United States, for certain services. In such cases, Squarespace, Inc. is certified under the EU-US Data Privacy Framework (DPF), which provides a legal basis for the transfer of personal data from the EEA to the US while ensuring adequate data protection standards. 

10. Other External Service Providers

We use various external service providers to operate our Website and provide our services. These providers may process your personal data on our behalf:

  • Payment Service Providers: When you make a purchase, your payment data is processed by secure third-party payment gateways such as Apple Pay, Link by Stripe, Google Pay, Klarna and Afterpay, as well as payment options like Visa, Mastercard, American Express, Discover, Diners Club International, JCB, Union Pay and Cartes Bancaires. We do not store your full payment card details on our servers. The processing by these providers is governed by their own privacy policies.

  • Shipping and Delivery Services: We use DHL as our shipping provider. We share your Contact and Identity Data with these providers to fulfill your orders.

  • Analytics Services: We use Squarespace Analytics to collect and analyze information about how users interact with our Website. This helps us understand website usage patterns and improve our services. Information collected is typically anonymized or pseudonymized.

  • Marketing & Email Service Providers: For sending newsletters and marketing communications  we use Mailchimp. Your Contact and Marketing and Communications Data may be shared with these providers.

  • Social Media Features: We use Pinterest link integrations in our website contents. Such social media integrations may collect data about your interactions with the integrated contents.

All relevant service providers comply with GDPR requirements and process your data securely and lawfully.

11. Newsletter

If you subscribe to our newsletter, we will use the data required or separately provided by you to regularly send you our email newsletter based on your consent (Art. 6 (1) lit. a GDPR). You can unsubscribe from the newsletter at any time by contacting us or by using the unsubscribe link provided in each newsletter email.

12. Retention of Data

We will only retain your personal data for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Our records of commercial transactions are retained at the longest for 10 years.

13. Security of Data (Suggested New Category)

We limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We take any suspected personal data breach seriously and will notify you and any applicable regulator of a breach where we are legally required to do so.

14. Complaints

If you have concerns about our data processing practices, you have the right to make a complaint at any time to the competent supervisory authority for data protection. 

We would, however, appreciate the chance to deal with your concerns before you approach the supervisory authority, so please contact us in the first instance.

15. Changes to our Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Effective Date" at the top. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.