pursuant to and by effect of Art. 13 of the New European Regulation 2016/679 concerning the protection of individuals with regard to the processing of personal data (GENERAL DATA PROTECTION REGULATION - GDPR)

In compliance with the provisions of the General Regulation on the Protection of Personal Data of the European Union 2016/679 (hereinafter GDPR) and the provisions of Legislative Decree number 196/2003 (as amended/integrated by Legislative Decree 10 August 2018 , n.101), before proceeding with the processing, the Company wishes to inform the interested party (user of the website that the personal data collected through this site are processed by the Company itself using computerized and/or telematics, for the purposes indicated in this information.

To this end, the Privacy Policy prepared by CASTOR Srl (hereinafter also "CASTOR" or "the Company" or "the Data Controller"), creator and promoter of the activities available on the site, is submitted to the interested party .

The Company also sends the interested party the following information:

Data controller

The Data Controller of personal data is CASTOR Srl, with registered office in Via 8 Marzo n.11, Castellucchio (MN), VAT number: 02002070205.

Protection Officer

The Data Protection Officer, pursuant to articles 37 and following of the European Regulation 2016/679, is identified in the person of Avv. Elena Picozzi, who can be contacted for clarifications and questions concerning the processing of personal data at the address:
For further information relating to the rights of the interested party, please consider the paragraph entitled "Rights of the interested parties" of this information.


Treatment information

The personal data being processed is collected directly by CASTOR Srl or by third parties expressly authorized by it, or communicated by the Company to such third parties for the pursuit of the purposes described below.


Data processed, purpose and legal basis of the processing

The personal data provided by the user/interested party while browsing the website are processed by the Data Controller in accordance with current regulations on personal data protection.
The legal basis of the processing is identified in the provision of its services by the Company, in the management and facilitation of the website, as well as in the establishment, execution and possible termination of the online sales contract concluded between the parties and in the obligations to the same contract connected and/or directly and/or indirectly deriving from it.
The processing of personal data by CASTOR is aimed at pursuing the following purposes:

1) REGISTRATION ON SHOP.CASTORFASHION.IT: in the event that the user/interested party decides to register on the site, issuing any specific consent, personal data will be processed by the Data Controller for the purposes of registration on In particular, upon providing your name, surname, e-mail address and setting an access password, these will be processed for the creation of a personal account, in order to speed up the purchase procedure, to allow the user/interested party to view the status of orders and receive updates on purchases made, change personal settings and update the account, view the history of returns and requests for exchange of goods.

2) ONLINE SHOPPING ACTIVITIES: the personal data provided voluntarily by the user/interested party will be used for the purpose of establishing, managing, executing and/or concluding the online sales contract. The data provided will be processed by the Data Controller for the purpose of managing the purchase order with reference, by way of example, to payment, shipping, taking charge of any returns, for customer assistance, for the execution of the purposes administrative, fiscal or accounting related to the customer/supplier relationship, to order management, for the fulfillment of obligations established by current legislation, to fulfill the obligations generally envisaged for the Data Controller by laws or regulations, by community legislation, by demands of the Judicial authority or to exercise the rights of the owner. In case of payment by credit card, the essential information for the execution of the transaction (credit/debit card number, expiry date, security code) will be processed by PayPal or, possibly, by companies in charge of anti-fraud control through encrypted protocol and without third parties having access to it in any way. However, this information will never be viewed or stored by the seller (CASTOR Srl). by companies in charge of anti-fraud control using an encrypted protocol and without third parties having access to it in any way. However, this information will never be viewed or stored by the seller (CASTOR Srl). by companies in charge of anti-fraud control using an encrypted protocol and without third parties having access to it in any way. However, this information will never be viewed or stored by the seller (CASTOR Srl).

3) CREATION OF PERSONALIZED CONTENT: only following a possible and explicit consent, the personal data provided by the user/interested party could possibly be processed by the Data Controller to create personalized offers in favor of the user/interested party.


Nature of treatment


The provision of personal data relating to the processing is optional. However, partial and/or total failure to provide data may make it impossible to partially or totally establish and/or continue the relationship with the customer/user, to the extent that such data is necessary for the execution of the same.

Personal data processed

The personal data processed by the Data Controller are those provided by the user when browsing the website, when registering / subscribing to the services / programs made available to CASTOR and/or the any purchase of products made available to CASTOR, such as, by way of example: name, surname and e-mail address, in addition to the data necessary for the provision of the online sales service such as, for example, those functional to the execution of the payment and shipment/exchange of purchased products.

Data Processing and Storage Methods

The processing of personal data of the user/interested party is carried out by the Data Controller in compliance with the provisions of current legislation on privacy. The Data Controller processes personal data by means of the operations of: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and distribution of data. The personal data of the user/interested party are collected following direct transmission to the Data Controller, by filling in forms or modules in general prepared for this purpose. The data is processed both using IT and/or telematic tools and with organizational and logical methods strictly related to the pursuit of the purposes indicated in this information, as well as adopting the appropriate security measures in order to prevent unauthorized access, disclosure, modification or destruction of personal data, their loss and their illicit and incorrect use. However, the Company cannot guarantee its users/Interested parties that the measures adopted for the security of the site and the transmission of data and information on the site are capable of limiting or excluding any risk of unauthorized access or dispersion of data by of devices pertaining to the user. For this reason, site users are advised to make sure that their computer is equipped with software suitable for the protection of data transmission over the network and that their Internet Provider has adopted measures for the security of data transmission over the network. The Company also undertakes to process the data according to the principles of correctness, lawfulness and transparency, to collect them to the extent necessary and exact for the processing and to allow their use only by personnel for the authorized purpose. The management and storage of the personal data acquired will take place in archives or on servers located within the European Union owned by the Data Controller and/or by third-party companies appointed as External Data Processors and, in any case, currently located in Italy.
In relation to the different purposes for which they are collected, personal data will be kept for the time strictly necessary to achieve them and, in any case, in compliance with the current regulatory provisions on the subject.
In any case, the Company will take care to avoid using the data for an indefinite period by proceeding, on a periodic basis, to appropriately verify the actual persistence of the interest of the subject to which they refer.

Recipients or any categories of recipients of personal data

The processing of user/customer data is carried out by internal staff of the Data Controller (for example employees, collaborators, system administrators), identified and authorized for processing according to instructions that are given in compliance with current legislation on privacy and security data. If this is necessary for the purposes listed in the paragraph entitled  Data processed, purpose and legal basis of the processing "  , the user/customer's data may be processed by third parties appointed as Data Processors pursuant to article 28 of the GDPR . The updated list of managers and appointees is kept at the registered office of the owner. In any case, the customer's personal data are not subject to disclosure.

Rights of the interested parties

In his capacity as interested party and in relation to the treatments described in this information, the user / customer has the rights referred to in articles 7, 15, 16, 17, 18, 20, 21 and 77 of the GDPR and, in particular the:

a) Right of withdrawal - Article 7 GDPR: The user/customer has the right to withdraw his consent at any time. The withdrawal of consent does not affect the lawfulness of the processing based on the consent before the withdrawal;

b) Right of access - Article 15 GDPR: Right to obtain confirmation as to whether or not personal data concerning the user/provider has been processed and, if so, obtain access to such personal data, including a copy of the themselves;

c) Right of rectification - Article 16 GDPR: Right to obtain, without unjustified delay, the rectification of inaccurate personal data and/or the integration of incomplete personal data;

d) Right to cancellation (right to be forgotten) – Article 17 GDPR: Right to obtain from the Data Controller the cancellation of personal data concerning him without unjustified delay.

e) Right to limitation of treatment - Article 18 GDPR: Right to obtain from the Data Controller the limitation of treatment when one of the hypotheses governed by paragraph 1 of Article 18 occurs;

f) Right to data portability - Article 20 GDPR: Right to obtain data portability from the Data Controller, i.e. to receive, in a structured format, commonly used and readable by an automatic device, the personal data concerning him provided to a Data Controller of the treatment. The interested party also has the right to transmit such data to another Data Controller without impediments by the first Data Controller to whom he supplied them, if the conditions indicated in Article 20 paragraph 1 occur;

g) Right of opposition - Article 21 GDPR: Right of the interested party to object, at any time, in whole or in part to the processing of personal data concerning him;

h) Right to complain - Article 77 GDPR: The customer/user has the right to lodge a complaint with the Galante Authority for the protection of personal data, piazza di Montecitorio n.121, 00186, Rome (RM.)


Methods of exercising rights

The user/customer may at any time exercise their rights by sending their requests to 
CASTOR Srl undertakes to respond to requests from the interested party within the term of one month, except in cases of particular complexity for which it could take a maximum of three months. In any case, the Data Controller will provide evidence to the interested party of the reason for the wait within one month of the request. The outcome of the request will be provided in writing or in electronic format. In the event of a request for rectification, cancellation or limitation of processing, the Data Controller undertakes to communicate the results of the requests received from the interested party to each of the recipients of his data, unless this proves impossible or involves a disproportionate effort.
The exercise of rights by customers is free of charge according to Article 12 GDPR. However, in the case of manifestly unfounded, excessive or repetitive requests, the Company specifies that a possible reasonable contribution may be requested from the interested party in the light of the administrative costs incurred to manage the request or deny the satisfaction of the request.

Changes to this information

The data controller reserves the right to make changes to this Privacy Policy at any time by giving notice to users on the website. Therefore, please consult this page often, referring to the date of the last modification indicated at the end of the document. In the event of non-acceptance of the changes made to this Privacy Policy, the interested party may request the Data Controller to cancel their personal data. Unless otherwise specified, the previous Privacy Policy will continue to apply to the personal data collected up to that moment.

Privacy policy updated on 06/02/2019.

  • Register

New Account Register

Already have an account?
Log in instead Or Reset password