Privacy policy

Privacy Policy pursuant to Regulation (EU) 2016/679 (GDPR)

Date of last revision: July 30, 2025

Dear User,

Welcome to our Privacy Policy. We at FCMA di Fabio Casetta, the owner and operator of the e-commerce website https://abcuddle.com/ (hereinafter referred to as the "Site"), are deeply committed to protecting your personal data and undertake to process it with the utmost transparency, security, and respect for current regulations. This Policy is drafted in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter "GDPR"), and with Legislative Decree No. 196 of 30 June 2003, as amended by Legislative Decree No. 101 of 10 August 2018 (Code regarding the protection of personal data, hereinafter "Italian Privacy Code").

As we operate primarily in Italy and within the European Union, we scrupulously apply the principles of the GDPR, which represent the highest standard of data protection globally. This Policy describes in detail what data we collect, how we process it, for what purposes, on what legal bases, with whom we share it, and what your rights are as a data subject. We invite you to read it carefully before providing any personal data through the Site. If you have any questions or require clarification, please do not hesitate to contact us at the details provided at the end of this document.

The Site is an e-commerce platform based on Shopify, dedicated to the sale of specific products for the ABDL (Adult Baby Diaper Lover) community, including adult diapers, pacifiers, baby bottles, changing pads, infant-style clothing, personal care cosmetic products, and children's toys. These products are intended for a mature and aware adult audience, and our approach to privacy reflects the sensitivity of this sector, ensuring discretion and confidentiality at every stage of the interaction with our users.

Please remember that by accessing the Site or providing your data, you declare that you have read and understood this Policy. If you do not agree with our practices, please do not use the Site. This Policy supplements our General Terms and Conditions of Sale and our Cookie Policy, which we invite you to consult separately.

  1. Data Controller

The Data Controller of personal data (hereinafter the "Controller") is FCMA di Fabio Casetta, a sole proprietorship with its registered office at Via Arno 6, Seveso (MB), 20822, Italy. The Controller is responsible for defining the purposes and means of the processing of your personal data, in accordance with Article 4(7) of the GDPR.

Fabio Casetta, as the owner of the business, acts as the data controller and can be contacted for any privacy-related matter at the email address: fabio@abcuddle.com, or by mail at the address indicated above. We have not appointed a Data Protection Officer (DPO) pursuant to Article 37 of the GDPR, as our activity does not fall into the categories that require such a mandatory figure (e.g., we do not process data on a large scale or sensitive data systematically). However, we constantly monitor our compliance and are prepared to appoint a DPO if circumstances require it in the future.

As the Controller, we are committed to ensuring that all processing is carried out in compliance with the principles of lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity, and confidentiality, as set out in Article 5 of the GDPR. We adopt appropriate technical and organisational measures to protect your data from risks such as loss, unauthorized access, disclosure, or alteration.

  1. Types of Personal Data Collected

We collect different types of personal data to provide our services and improve the user experience on the Site. Data is collected only when necessary and in compliance with the principle of data minimisation (Article 5(1)(c) of the GDPR). Below, we list the main categories:

a. Identification and Contact Data: This includes first name, last name, email address, phone number, and postal address. For example, when you create an account on the Site, we ask for your first name, last name, email, and password. On the Contact page (https://abcuddle.com/pages/contact), we request your name, email address (mandatory), phone number (optional), and a comment or message. This data is essential for managing your requests, sending order confirmations, or answering queries.

b. Payment and Billing Data: When you make a purchase, we collect information related to the accepted payment methods, such as Apple Pay, Google Pay, Mastercard, Maestro, PayPal, Shop Pay (Shopify), and Visa. We do not directly store sensitive data like credit card numbers; these are handled by secure third-party payment gateways (such as Shopify Payments or PayPal), which act as independent data controllers or processors. We may collect billing information, such as a tax code or VAT number, if required for tax purposes under D.P.R. No. 633 of October 26, 1972 (Italian VAT law).

c. Browsing and Usage Data: Through tools like Google Analytics, we collect anonymous or pseudonymized data about the use of the Site, including IP address, browser type, operating system, pages visited, time spent, and referrers. This data helps us analyse traffic and improve the Site. Note that Google Analytics may use cookies to track interactions, as described in our Cookie Policy.

d. Order and Preference Data: When you purchase products (e.g., adult diapers, pacifiers, or children's toys), we record order details, such as selected products, quantities, prices, and shipping preferences. This also includes data on returns or refunds, limited as per Article 59 of the Consumer Code for hygienic products.

e. Sensitive or Special Category Data: We do not intentionally collect sensitive data (Article 9 of the GDPR), such as data concerning health, sexual orientation, or personal beliefs. However, given the nature of our ABDL products, some purchases might implicitly reveal personal preferences. We treat this information with the utmost discretion but do not classify it as special category data unless you explicitly provide it (e.g., in a comment). If you voluntarily provide such data, we will only process it with your explicit consent.

f. Data from Third Parties: We may receive data from integrated platforms, such as Shopify for login via Shop, or from couriers for delivery confirmations.

g. Cookies and Similar Technologies: We use strictly necessary, targeting, functionality, and unclassified cookies, as listed below (based on the information provided):

  • Strictly Necessary Cookies: _shopify_essential (1 year, for secure checkout); shopify_pay_redirect (approx. 1 hour, for payments); cookieconsent_preferences_disabled (1 year, for cookie preferences); keep_alive (session, to maintain an active session); cart_currency (2 weeks, for currency).
  • Targeting Cookies: _tracking_consent (1 year, for tracking preferences).
  • Functionality Cookies: localization (1 year, for localization, including Flickr widgets).
  • Unclassified Cookies: _shop_app_essential (1 year, third-party from shop.app).
    These cookies collect data such as preferences and browsing behaviour. For details, please consult the Cookie Policy.

We do not collect data from minors under 18, and the Site is not intended for them. If we discover that a minor has provided data, we will delete it immediately, in line with Article 8 of the GDPR.

  1. Methods of Data Collection

Data is collected automatically or manually:

  • Automatically: Through cookies, server logs, and analytics tools during browsing.
  • Manually: When you fill out forms (account, contact, checkout), place orders, or interact via email.

The Site is available in Italian and English, and data collection occurs regardless of the chosen language. We use secure protocols (HTTPS) to transmit data, reducing the risk of interception.

  1. Purposes of Data Processing

We process your data for specific and legitimate purposes, in accordance with Article 5(1)(b) of the GDPR:
a. Order and Contract Management: To process purchases, shipments, and returns. For example, we use your contact details to send confirmations and tracking information.
b. Customer Support: To respond to requests via the Contact page or email, including queries about products like infant-style clothing or cosmetics.
c. Site Improvement and Analytics: With Google Analytics, we analyse traffic to optimise the user experience, without identifying specific individuals.
d. Marketing and Promotions: Only with your consent, we send newsletters about offers on ABDL products or updates. You can withdraw your consent at any time.
e. Legal and Tax Compliance: To comply with regulatory obligations, such as retaining invoices under the Italian Civil Code (Article 2220) or reporting to authorities.
f. Fraud Prevention and Security: We monitor transactions to detect abuse, using pseudonymized payment data.
g. Account Management: To maintain your profile, including login via Shop (Shopify).

We do not use your data for automated decision-making that produces significant legal effects (Article 22 of the GDPR), except with your consent.

  1. Legal Basis for Processing

All processing is based on a specific legal basis (Article 6 of the GDPR):

  • Performance of a Contract: To manage orders and accounts (letter b).
  • Consent: For marketing, non-essential cookies, and special category data (letter a). Consent is freely given, informed, and revocable.
  • Legitimate Interest: For analytics, security, and Site improvement (letter f), balanced against your rights through impact assessments.
  • Legal Obligation: For tax or judicial compliance (letter c).

For special categories of data, we request explicit consent (Article 9(2)(a)).

 

 

  1. Data Sharing and Communication

We do not sell your data to third parties. We only share it when necessary:
a. Data Processors: Appointed pursuant to Article 28 of the GDPR, such as:

  • Shopify Inc.(Canada/USA): For hosting, payments, and e-commerce management. Shopify is GDPR compliant through standard contractual clauses.
  • Google LLC(USA): For Analytics. We use anonymous settings and data processing agreements.
  • Couriers(e.g., Poste Italiane or DHL): For shipments, sharing only essential data.
  • Payment providers: PayPal, Apple, etc., as independent controllers.

  1. Public Authorities: In case of legal obligations, such as judicial requests.
    c. Others: In the event of a merger or acquisition, with prior notification.

All processors are bound by contracts that ensure adequate protection.

  1. International Data Transfers

Some providers (e.g., Shopify, Google) are based outside the EU. We ensure secure transfers through:

  • Adequacy Decisions (Article 45 GDPR), where applicable.
  • Standard Contractual Clauses (SCCs) (Article 46).
  • Explicit consent, if necessary.

For example, for the USA, we rely on the EU-US Data Privacy Framework, if in force, or equivalent alternatives.

  1. Rights of the Data Subject

Pursuant to Articles 15-22 of the GDPR, you have the following rights:
a. Right of Access: To request confirmation and details about the processing.
b. Right to Rectification: To correct inaccurate data.
c. Right to Erasure ("Right to be Forgotten"): To delete data no longer necessary.
d. Right to Restriction of Processing: To block processing in specific cases.
e. Right to Data Portability: To receive data in a structured format.
f. Right to Object: To object to processing based on legitimate interest or for marketing purposes.
g. Right to Withdraw Consent: Without affecting prior processing.
h. Right to Lodge a Complaint: With the Italian Data Protection Authority (http://www.garanteprivacy.it/) or another EU authority.

To exercise your rights, contact us via email. We will respond within 1 month (extendable to 3 for complex requests), free of charge unless requests are manifestly unfounded.

  1. Security Measures

We adopt appropriate technical and organisational measures (Article 32 GDPR), such as encryption, firewalls, controlled access, and regular backups. In case of a data breach, we will notify the authority within 72 hours and, if there is a high risk to you, we will notify you (Articles 33-34).

  1. Data Retention Periods

We retain data only for the time necessary:

  • Account data: Until deletion, then for 10 years for tax obligations.
  • Order data: 10 years (Article 2220 of the Italian Civil Code).
  • Analytics data: 26 months (Google Analytics setting).
  • Cookies: As per the specified durations.

At the end of the period, we delete or anonymize the data.

  1. Protection of Minors

The Site is for adults. We do not process data of minors without parental consent (Article 8 GDPR). If detected, we will delete it immediately.

  1. Changes to the Policy

We may update this Policy due to regulatory or operational changes. We will publish the revised version on the Site, with the date. For substantial changes, we will inform you via email.

  1. Contacts

For questions, please contact:

Thank you for your trust. We are committed to protecting your privacy with diligence.