B2B Privacy Policy
Last updated: October 6, 2025
This Privacy Policy describes how DBR factory (the “Site,” “we,” “us,” “our”) collects, uses, and discloses personal data when you visit our site, use our services, make purchases, or communicate with us regarding the Site (collectively, the “Services”). This policy is oriented towards B2B relationships and concerns data of natural persons (e.g., company contacts) of our customers and suppliers.
Changes to this Privacy Policy
We may periodically update this privacy policy to reflect operational, legal, or regulatory changes. We will post the updated version on the Site and change the "Last updated" date.
How we collect and use personal data
We collect personal data from you, automatically through the Site, and from third parties (e.g., technical, payment, and logistics service providers). Besides the specific uses described below, we may use the data to communicate with you, provide and improve the Services, comply with legal obligations, enforce our terms, and protect our rights, our users, and third parties.
What personal data we collect
Data provided directly
- Contacts: first name, last name, role/title, company, address, phone, email.
- Order/contract data: billing and shipping addresses, payment details (e.g., payment confirmation or outcome), order notes and references.
- Account data: username, password, security settings, and preferences.
- Support: contents of communications sent (emails, forms, tickets).
Data collected automatically ("Usage Data")
When you browse the Site, we may collect IP address, device identifiers, browser/network information, pages visited, response times, interactions, and technical metrics through cookies, pixels, and similar technologies.
Data obtained from third parties
We may receive data from providers operating on our behalf (e.g., hosting/e-commerce, payment, analytics, support, logistics) and from commercial or advertising partners. Such data is processed in accordance with this policy.
Purpose of processing and legal bases (GDPR)
Provision of products and services
Order management, payments, shipping, returns, transactional communications, account creation and administration. Legal basis: performance of a contract or pre-contractual measures (art. 6(1)(b) GDPR).
Marketing and advertising
Sending commercial communications and personalizing offers (including advertising on our or third-party channels). Legal basis: legitimate interest (art. 6(1)(f) GDPR) and, where required, consent (art. 6(1)(a) GDPR). You can object at any time.
Security and fraud prevention
Detect, investigate, and prevent fraudulent or harmful activities; account protection. Legal basis: legitimate interest (art. 6(1)(f) GDPR).
Support and improvement
Customer support, Site/Service optimization, and analysis. Legal basis: legitimate interest (art. 6(1)(f) GDPR).
Cookies and similar technologies
We use cookies for functionality, analytics, and personalization/advertising. You can manage them from your browser; blocking them may limit Site functions. For more details, see our Cookie Policy (if available) or the preference management banner.
How we disclose your data
In certain circumstances, we may share data with:
- Service providers: IT/hosting/e-commerce, payment, analytics, support, cloud storage, order fulfillment and shipping.
- Commercial and advertising partners: for marketing services and initiatives (according to their respective privacy policies).
- Group companies: for organizational needs.
- Authorities and corporate transactions: for legal obligations or in case of merger, acquisition, transfer, insolvency.
- With your consent: when requested or indicated by you.
Summary of categories and recipients
| Data category | Categories of recipients |
|---|---|
| Identifiers (contacts, account data) and contractual/commercial data | Service providers; business partners; affiliates |
| Usage data (logs, interactions, IP) and approximate geolocation | Technical/analytics providers; advertising partners |
We may “share” personal data with advertising partners for behavioral marketing purposes, according to applicable law. We do not use or disclose special categories of data without an adequate legal basis and, if required, without your consent.
Data of minors
The Services are not intended for minors; we do not knowingly collect personal data of individuals under 18 years of age.
Security and retention
We adopt appropriate technical and organizational measures; however, no measure is perfect. Avoid insecure channels to send us confidential information. We retain data for the time necessary to provide the Services, fulfill legal obligations, manage disputes, and execute our contracts and policies.
Your Rights
Depending on your jurisdiction, you may have the following rights: access, rectification, deletion, restriction, portability, objection, withdrawal of consent (where applicable), and management of communication preferences. To exercise them, contact us at the details below. We may request information to verify your identity or the authorization of the delegated agent. We do not discriminate against those exercising their rights.
International transfers
Data may be processed outside the country of residence. For transfers from the EEA/United Kingdom to third countries, we use appropriate mechanisms (e.g., Standard Contractual Clauses or equivalent tools), unless adequacy decisions apply.
Complaints
For complaints, contact us. If you are not satisfied with our response, you can contact the competent Supervisory Authority (for Italy: www.garanteprivacy.it).
Contacts and data controller
DBR factoryVia del Pozzo, 7, 22060 Cucciago (CO), Italy
Email: info@dbrfactory.com
Unless otherwise indicated, DBR factory is the data controller pursuant to applicable data protection laws.