Back to home

Last update: 18 March 2026 · Version 1.0

Privacy Policy

This Privacy Policy explains how ItalParcel di Samuel Borghesi (“ItalParcel”, “we”) collects and processes personal data when you request, use or enquire about our parcel-forwarding service. It is written in line with Regulation (EU) 2016/679 (“GDPR”) and the Italian Data Protection Code (Legislative Decree 196/2003, as amended).

1. Data controller

ItalParcel di Samuel Borghesi
VAT (P.IVA): IT 02818050227
Email: contact@italparcel.com
WhatsApp: +39 329 313 0206 (no calls)
Country of establishment: Italy

No Data Protection Officer (DPO) is appointed: the controller is available at the address above for any privacy-related request.

2. Personal data we collect

2.1 Data you provide

When you fill the contact/inquiry form, write to us by email or WhatsApp, or activate the Service, we collect:

  • Identity: full name.
  • Contact: email address, phone/WhatsApp number, destination country.
  • Operational data: estimated number of parcels, origin (EU / non-EU), free-text notes you choose to share, pickup-point credentials when applicable (QR, PIN, OTP).
  • Parcel data: tracking numbers, sender information, contents, declared value, customs information.
  • Payment data (processed by our payment provider): a payment reference; we do not store full card details.
  • Acceptance record: timestamp, IP address and user-agent string captured at the moment you tick the T&C / Privacy acceptance boxes.

2.2 Data collected automatically

Basic technical data when you visit the site (IP, browser type, pages viewed, referrer) — used for hosting security and aggregate analytics. We do not run third-party advertising trackers.

3. Purposes and legal bases

  • Performance of the Service / pre-contract: receiving, processing and forwarding your parcels, replying to your inquiries, issuing quotes — Art. 6(1)(b) GDPR.
  • Legal and tax obligations: invoicing, accounting, customs declarations, anti-money-laundering and anti-counterfeiting checks — Art. 6(1)(c) GDPR.
  • Legitimate interest: defending our rights in chargeback disputes, fraud prevention, security and IT integrity, cooperation with carriers/brokers and authorities where required — Art. 6(1)(f) GDPR.
  • Consent: only where strictly required (e.g. non-essential cookies or marketing, if introduced) — Art. 6(1)(a) GDPR. Currently we do not use such cookies.

Providing personal data is voluntary, but refusal to provide the data marked as required prevents us from delivering the Service you requested.

4. Recipients of personal data

We share personal data only with parties that need it to provide the Service or that are imposed by law:

  • Carriers and shipping brokers (e.g. Envia Seguro and others used for the specific shipment).
  • Pickup-point and locker operators (e.g. InPost, Amazon Hub, Poste Locker).
  • Customs and other public authorities, where legally required.
  • Payment providers and banks (for SEPA, card payments, Apple Pay, Google Pay, Revolut Pay).
  • Technology providers acting as processors: hosting (Vercel), transactional email (Resend), and analytics where applicable.
  • Professional advisors (accountants, lawyers) bound by confidentiality.

Recipients acting as processors on our behalf are bound by a data-processing agreement under Art. 28 GDPR.

5. International transfers

Most processing takes place in the European Economic Area. Transfers outside the EEA may occur when shipping to destinations outside the EU (necessary for performance of the contract — Art. 49(1)(b) GDPR) or when our processors use sub-processors located outside the EEA. In such cases we rely on adequacy decisions or Standard Contractual Clauses adopted by the European Commission.

6. Retention

  • Inquiry-only data (form submissions that do not lead to a Service activation): up to 12 months from the last contact, then deleted.
  • Operational/service data: for the duration of the contractual relationship.
  • Accounting / invoicing data: 10 years as required by Italian tax law (Art. 2220 Italian Civil Code).
  • Acceptance records(timestamp, IP, user-agent) for T&C acceptance: for the limitation period applicable to contract claims (up to 10 years), to support our defence against chargebacks and disputes.
  • Security logs: typically 12 months unless longer retention is justified by an incident investigation.

7. Your rights

Subject to the conditions set out in the GDPR, you have the right to:

  • Access the personal data we hold about you (Art. 15).
  • Request rectification of inaccurate data (Art. 16).
  • Request erasure where the legal conditions are met (Art. 17).
  • Request restriction of processing (Art. 18).
  • Receive your data in a portable format (Art. 20).
  • Object to processing based on our legitimate interest (Art. 21).
  • Withdraw any consent at any time, without affecting the lawfulness of prior processing.

To exercise these rights, email contact@italparcel.com. You also have the right to lodge a complaint with the Italian data-protection authority (Garante per la protezione dei dati personali, garanteprivacy.it) or with the supervisory authority of your habitual residence.

8. Cookies

The site uses only technical cookies strictly necessary for its functioning. No profiling or third-party advertising cookies are used. If we add analytics or marketing cookies in the future, we will display a cookie banner asking for your consent before any non-essential cookie is set.

9. Updates

We may update this Privacy Policy from time to time. The latest version is always available on this page, with the “Last update” date at the top. Material changes will be communicated by email or via the website with reasonable advance notice.

Questions? Email contact@italparcel.com or message us on WhatsApp.

ItalParcel di Samuel Borghesi · contact@italparcel.com · VAT IT 02818050227