Legal

Privacy Policy

Last updated: 1 January 2025

This Privacy Policy describes how The Design Dexter (“we”, “our”, “us”, or “the Studio”), operating under the business name The Design Dexter and registered VAT number IT07234810713, with registered address at Via Achille Grandi, 8, 71122 Foggia (FG), Italy, collects, uses, and protects the personal information you provide when using our website thedesigndexter.com or enquiring about our design services.

We comply with the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the Italian Personal Data Protection Code (Legislative Decree 196/2003 as amended by Legislative Decree 101/2018), and any applicable supervisory guidance issued by the Garante per la protezione dei dati personali.

1. Data Controller

The data controller responsible for your personal information is:

  • Business name: The Design Dexter
  • Address: Via Achille Grandi, 8, 71122 Foggia (FG), Italy
  • Email: studio@thedesigndexter.com
  • Phone: +39 0881 742 315
  • VAT: IT07234810713

2. What Personal Data We Collect

Depending on how you interact with our website, we may collect the following categories of personal data:

2.1 Information You Provide Directly

  • Contact enquiries: First name, last name, email address, phone number, and the content of your message when you submit our contact form or live chat widget.
  • Purchase and checkout data: First name, last name, email address, phone number, country of residence, and selected service configuration when you proceed to checkout. Payment card data is collected directly by Stripe and is never stored on our servers.
  • Project communications: Information you share with us during the course of a design project, including briefs, feedback, reference files, and correspondence.
  • Newsletter and marketing: Email address if you subscribe to any updates (opt-in only; unsubscribe link included in every communication).

2.2 Information Collected Automatically

  • Server logs: IP address, browser type and version, operating system, referring URL, pages visited, and timestamp of visits. Logs are retained for a maximum of 30 days.
  • Cookies and local storage: We use a small number of functional cookies to manage language preferences and session state. We also use localStorage to store your cookie consent decision. Please see our Cookie Policy for full details.
  • Analytics: If you accept analytics cookies, aggregated, anonymised traffic data is collected to help us understand how visitors use the site. We do not use any third-party advertising or retargeting pixels.

2.3 Information from Third Parties

We receive limited data from Stripe, Inc. upon successful payment, including payment status, transaction reference, and billing country. We do not receive full card numbers, CVC codes, or other sensitive payment credentials.

3. Legal Basis for Processing

We process your personal data on the following legal bases under Article 6 of the GDPR:

  • Contract performance (Art. 6(1)(b)): Processing your name, email, phone number, and country is necessary to fulfil a contract or take steps prior to entering a contract when you purchase a service.
  • Legitimate interests (Art. 6(1)(f)): Maintaining server logs for security and fraud prevention, and responding to enquiries submitted through our contact form.
  • Consent (Art. 6(1)(a)): Sending you marketing communications, or placing non-essential cookies, if you have opted in. You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
  • Legal obligation (Art. 6(1)(c)): Retaining invoicing and transaction records to meet Italian tax and accounting obligations (typically 10 years).

4. How We Use Your Data

We use the personal data we collect for the following specific purposes:

  • Responding to service enquiries and providing project quotes
  • Processing payments through Stripe Checkout and issuing invoices or receipts
  • Delivering ordered design services (visual identity packages, website designs, interface designs, illustration work, and related deliverables)
  • Communicating project progress, requesting feedback, and delivering final assets
  • Handling refund, cancellation, or support requests in accordance with our Refund Policy
  • Detecting and preventing fraud, abuse, or security incidents
  • Complying with applicable tax, accounting, and regulatory obligations
  • Improving the website and its content based on aggregated, anonymised analytics

5. Data Sharing and Transfers

We do not sell, rent, or trade your personal data. We share it only in the following limited circumstances:

  • Stripe, Inc. (United States): Stripe processes card payments on our behalf. Stripe is certified to PCI-DSS Level 1 and participates in the EU-US Data Privacy Framework. Stripe’s privacy policy is available at stripe.com/privacy.
  • Email and hosting providers: We use SMTP relay services to deliver transactional emails. Our web hosting server is located within the European Union/EEA.
  • Professional advisors: Accountants, lawyers, or auditors, where disclosure is strictly necessary and subject to confidentiality obligations.
  • Regulatory authorities: Italian tax authority (Agenzia delle Entrate), law enforcement, or the Garante per la protezione dei dati personali if required by law or court order.

Where data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

6. Data Retention

We retain your personal data only for as long as necessary for the purposes set out in this policy:

  • Contact enquiries: 24 months from the date of the last communication, or earlier if you request deletion.
  • Customer and transaction records: 10 years from the date of the relevant transaction, to comply with Italian tax law (Article 22, DPR 633/1972 and Article 2220, Civil Code).
  • Project files and deliverables: 12 months after project completion, after which files are permanently deleted from our working systems unless you request earlier deletion or extended storage.
  • Server logs: Maximum 30 days.
  • Marketing data: Until you unsubscribe or request deletion.

7. Your Rights Under GDPR

You have the following rights regarding your personal data. To exercise any of these rights, please email us at studio@thedesigndexter.com with the subject line “Data Subject Request”. We will respond within 30 days.

  • Right of access (Art. 15): Request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16): Ask us to correct inaccurate or incomplete data.
  • Right to erasure (Art. 17): Request deletion of your data where it is no longer necessary, or where you withdraw consent, subject to our legal retention obligations.
  • Right to restriction of processing (Art. 18): Ask us to restrict processing in certain circumstances, for example while you contest the accuracy of data we hold.
  • Right to data portability (Art. 20): Request a machine-readable copy of data you have provided to us, where processing is based on contract or consent and carried out by automated means.
  • Right to object (Art. 21): Object to processing based on legitimate interests, including profiling. We will stop processing unless we can demonstrate compelling legitimate grounds.
  • Rights related to automated decision-making: We do not use automated decision-making or profiling that produces legal or similarly significant effects.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw at any time without affecting the lawfulness of prior processing.
  • Right to lodge a complaint: You have the right to lodge a complaint with the Italian data protection authority: Garante per la protezione dei dati personali, Piazza Venezia 11, 00187 Rome, Italy – garanteprivacy.it.

8. Cookies

We use a minimal set of cookies strictly necessary for the website to function correctly (language preferences, session management) and, with your consent, optional analytics cookies. You may manage your preferences at any time via the cookie banner shown on your first visit. For detailed information, see our Cookie Policy.

9. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, alteration, or disclosure. These include encrypted HTTPS transmission, restricted access to personal data on a need-to-know basis, regular security reviews, and use of PCI-DSS-compliant payment processors.

However, no method of electronic transmission or storage is completely secure. While we take every reasonable precaution, we cannot guarantee absolute security.

10. Children’s Privacy

Our website and services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us immediately and we will take steps to delete it.

11. Third-Party Links

Our website may contain links to third-party websites (for example, social media platforms, portfolio hosting services, or software tools). We are not responsible for the privacy practices or content of those third parties. We recommend reviewing their privacy policies independently.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the services we offer. The date at the top of this page indicates when the policy was last revised. Significant changes will be communicated via a notice on the website homepage. Your continued use of our website following any update constitutes acceptance of the revised policy.

13. Contact Us

For any questions, concerns, or requests relating to this Privacy Policy or our data processing practices, please contact us at:

The Design Dexter
Via Achille Grandi, 8, 71122 Foggia (FG), Italy
Email: studio@thedesigndexter.com
Phone: +39 0881 742 315