Privacy Policy

How we collect, use, and protect your personal information in compliance with GDPR

GDPR COMPLIANT: Your privacy rights are fully protected

DATA CONTROLLER INFORMATION

Before You Buy Italy is the data controller responsible for your personal information. We are committed to protecting your privacy and handling your data in accordance with the General Data Protection Regulation (GDPR) and applicable privacy laws.

Contact Information:

Service: Before You Buy Italy
Type: Informational Property Document Service
Contact: WhatsApp +39 393 8283560

What Personal Information We Collect

We collect only the personal information necessary to provide our informational property document service. Here's what we collect and why:

Contact Information

  • Full name
  • Email address
  • WhatsApp number (optional)
  • Country of residence

Purpose: Communication about your request and service delivery

Property Information

  • Property address
  • Region in Italy
  • Property type
  • Purchase stage

Purpose: Understanding your informational needs and context

Service Information

  • Package selection
  • Main concerns/questions
  • Available documents list
  • Lead source information

Purpose: Tailoring our informational service to your needs

Technical Information

  • IP address
  • Browser information
  • UTM parameters
  • Website usage data

Purpose: Website functionality and basic analytics

Legal Basis for Data Processing

Under GDPR, we must have a legal basis for processing your personal data. Here are the legal bases we rely on:

Contract Performance (Article 6(1)(b))

Processing necessary to provide our informational service that you've requested and paid for, including communication about your request and delivery of educational materials.

Legitimate Interests (Article 6(1)(f))

Website functionality, basic analytics to improve our service, fraud prevention, and understanding how users find our service (lead source tracking).

Consent (Article 6(1)(a))

For optional communications like WhatsApp contact and marketing communications (where you've explicitly opted in).

Legal Obligation (Article 6(1)(c))

Compliance with tax, accounting, and other legal requirements that may apply to our business operations.

How We Use Your Personal Information

We use your personal information only for the purposes described below. We do not sell, rent, or share your personal information with third parties for their marketing purposes.

Service Delivery

Providing our informational property document service, including document review and educational overview creation

Communication

Sending updates about your request status, payment confirmations, and delivery notifications

Customer Support

Responding to your questions and providing assistance with our service

Payment Processing

Processing payments and maintaining payment records for accounting purposes

Service Improvement

Understanding how our service is used to make improvements and better serve future clients

Marketing Analysis

Understanding how people find our service (lead sources) to focus our educational outreach efforts

Legal Compliance

Meeting our legal obligations including tax reporting, record keeping, and regulatory compliance

Security & Fraud Prevention

Protecting our service and users from fraudulent or inappropriate use

Data Sharing and Third-Party Services

We do NOT sell or rent your personal information.We only share data with trusted service providers who help us deliver our service.

Service Providers We Work With

Payment Processing

PayPal: Secure payment processing for our services. PayPal processes payment information according to their privacy policy and PCI DSS compliance standards.

Email Communications

Email Service Provider: For sending service-related emails including confirmations, status updates, and delivery notifications. We use reputable email services with strong privacy protections.

Website Hosting

Hosting Provider: Our website and database are hosted on secure, GDPR-compliant infrastructure with appropriate technical and organizational security measures.

Database Storage

MongoDB Atlas: Secure, encrypted database storage for your information with enterprise-grade security and compliance certifications.

Data Protection Agreements

All service providers we work with are required to maintain appropriate data protection standards and are bound by data processing agreements that ensure your information is handled securely and in compliance with GDPR requirements.

How We Protect Your Data

We implement comprehensive security measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction.

Encryption

All data transmission uses HTTPS encryption. Sensitive data is encrypted at rest using industry-standard encryption methods.

Access Controls

Strict access controls ensure only authorized personnel can access your information, and only for legitimate business purposes.

Secure Infrastructure

Our systems are hosted on secure, monitored infrastructure with regular security updates and vulnerability assessments.

Data Minimization

We collect only the minimum data necessary for our service and delete information when it's no longer needed.

Regular Backups

Secure, encrypted backups ensure data availability while maintaining the same security standards as live data.

Incident Response

We have procedures in place to detect, respond to, and notify about any potential data security incidents.

Data Retention Policies

We retain your personal information only as long as necessary for the purposes described in this policy or as required by law. Here are our specific retention periods:

Service-Related Data

Retention Period: 2 years after service completion

Includes: Request details, communications, delivered materials, payment records

Retained for customer support, warranty purposes, and legal compliance

Financial Records

Retention Period: 7 years after transaction

Includes: Payment information, invoices, tax-related records

Retained for tax compliance and accounting requirements

Marketing Data

Retention Period: 3 years or until consent withdrawn

Includes: Lead source information, UTM parameters, website analytics

Used for understanding service effectiveness and improving outreach

Technical Logs

Retention Period: 90 days

Includes: Server logs, IP addresses, browser information

Retained for security monitoring and technical troubleshooting

Automatic Deletion: We have automated processes to delete data when retention periods expire. You can also request earlier deletion of your data (subject to legal requirements) by contacting us.

YOUR GDPR RIGHTS

Under GDPR, you have important rights regarding your personal data. You can exercise these rights at any time by contacting us. We will respond to your requests within 30 days.

Right of Access

Request a copy of all personal data we hold about you, including how we use it and who we share it with.

Right of Rectification

Request correction of any inaccurate or incomplete personal data we hold about you.

Right of Erasure

Request deletion of your personal data when it's no longer necessary or you withdraw consent.

Right to Restrict Processing

Request that we limit how we use your data while we address concerns about accuracy or lawfulness.

Right to Data Portability

Receive your personal data in a structured, machine-readable format to transfer to another service.

Right to Object

Object to processing based on legitimate interests, including direct marketing and profiling.

Right to Withdraw Consent

Withdraw consent for processing at any time (where consent is the legal basis).

Right to Lodge a Complaint

File a complaint with your local data protection authority if you're not satisfied with our response.

How to Exercise Your Rights: Contact us via WhatsApp (+39 393 8283560) with your request. We may need to verify your identity before processing certain requests. Most requests are free, though we may charge a reasonable fee for excessive or repetitive requests.

Cookies and Website Tracking

We use minimal tracking technologies to provide our service and understand how our website is used. Here's what we use and why:

Essential Cookies

Purpose: Website functionality, form submissions, session management

Legal Basis: Necessary for service provision (no consent required)

These cookies are essential for our website to function properly and cannot be disabled.

Analytics Cookies

Purpose: Understanding website usage, page views, user journeys

Legal Basis: Legitimate interest in improving our service

We use privacy-focused analytics that don't track individual users across websites.

UTM Parameters

Purpose: Understanding how users find our service (marketing attribution)

Legal Basis: Legitimate interest in understanding service effectiveness

URL parameters that help us understand which marketing efforts are most effective.

Your Cookie Choices

You can control cookies through your browser settings. Disabling essential cookies may affect website functionality. We don't use third-party advertising cookies or cross-site tracking.

International Data Transfers

Some of our service providers may be located outside the European Economic Area (EEA). When we transfer your data internationally, we ensure appropriate safeguards are in place:

Adequacy Decisions

We prefer service providers in countries with EU adequacy decisions, meaning the EU has determined they provide adequate data protection.

Standard Contractual Clauses

For transfers to countries without adequacy decisions, we use EU Standard Contractual Clauses to ensure your data receives equivalent protection.

Certification Programs

We work with service providers that participate in recognized certification programs like Privacy Shield successors or similar frameworks.

Your Rights: You have the right to obtain information about international transfers and request copies of the safeguards we have in place. Contact us for more details about specific transfers.

Privacy Questions and Complaints

Contact Us About Privacy

If you have questions about this privacy policy, want to exercise your GDPR rights, or have concerns about how we handle your data, please contact us:

WhatsApp: +39 393 8283560

Response Time: We will respond to privacy requests within 30 days as required by GDPR.

Data Protection Authority

If you're not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with your local data protection authority. In Italy, this is:

Garante per la protezione dei dati personali

Website: www.gpdp.it
Email: garante@gpdp.it
Phone: +39 06 69677 1

If you're located in another EU country, you can contact your local data protection authority. A list of EU data protection authorities is available at: edpb.europa.eu

Privacy Policy Updates

How We Handle Changes

We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Here's how we handle updates:

Minor Changes

For minor clarifications or administrative changes that don't affect your rights, we'll update the policy and note the revision date.

Material Changes

For significant changes that affect how we collect, use, or protect your data, we'll notify you via email or prominent website notice before the changes take effect.

Your Options

If you disagree with material changes, you can exercise your right to data deletion or object to processing before the changes take effect.

Stay Informed: We recommend reviewing this privacy policy periodically. The "Last Updated" date at the bottom shows when the policy was last revised.

Our Privacy Commitment

We are committed to protecting your privacy and handling your personal information responsibly. This privacy policy explains our practices in clear, understandable language.

We collect only the data necessary for our informational service

We protect your data with strong security measures

We respect your GDPR rights and respond promptly to requests

We never sell or misuse your personal information

We're transparent about our data practices and policies

Questions? Contact us anytime via WhatsApp at +39 393 8283560. We're here to help and ensure your privacy is protected.

Last updated: February 11, 2026

This privacy policy is GDPR compliant and covers all aspects of our data handling practices.

Your privacy is protected with us

Now that you understand how we protect your data and respect your privacy rights, you can use our informational service with confidence.

Read Terms of ServiceGet Started Securely
GDPR Protected: Your data is secure and your rights are respected