Privacy policy
1. Introduction
IMPERARI operates this online shop and website, including all related information, content, features, tools, products, and services, to provide you, the customer, with a curated shopping experience (“Services”). This Privacy Policy describes how we collect, use, and disclose your personal data when you visit or use the Services, make a purchase or other transaction, or otherwise communicate with us.
If there is any conflict between our Terms and Conditions (T&C) and this Privacy Policy, this Privacy Policy prevails with respect to the collection, processing, and disclosure of your personal data.
By accessing and using the Services, you confirm that you have read this Privacy Policy and understand how your personal data is collected, used, and disclosed as described herein.
2. Controller (Art. 13(1)(a) GDPR)
Controller within the meaning of the EU General Data Protection Regulation (GDPR):
IMPERARI, represented by:
Michael Zaglas
Stiglmayrstraße 6b
82256 Fürstenfeldbruck
Germany
Email: Info[at]imperari.com
3. Personal Data We Collect or Process
“Personal data” means information that identifies you or can reasonably be linked to you. Data that is collected anonymously or has been anonymized so that it can no longer identify you is not considered personal data.
Depending on your use of the Services, your residence, and applicable law, we may collect or process the following categories of personal data (including derived information):
Contact data: name, address, billing address, shipping address, phone number, email address
Financial data: credit/debit card or account numbers, payment information, transaction details, payment confirmations
Account data: username, password, security questions, preferences and settings
Transaction data: items you view, add to cart, wishlist, purchase, return, or exchange
Communications with us: contents of your inquiries (e.g., customer support)
Device data: device, browser, network, IP address, unique identifiers
Usage data: information about your interactions with the Services (e.g., clickstream and navigation)
4. Sources of Personal Data
We collect personal data from the following sources:
Directly from you: e.g., when you create an account, use the Services, or contact us
Automatically via the Services: e.g., cookies and similar technologies, device information
From service providers: e.g., payment processing, cloud hosting, support
From partners or third parties: where permitted by law
5. Legal Bases for Processing (Art. 6 GDPR)
We process your personal data on the following legal bases:
Consent (Art. 6(1)(a) GDPR), e.g., for newsletters or marketing cookies
Contract performance (Art. 6(1)(b) GDPR), e.g., to fulfill orders
Legal obligation (Art. 6(1)(c) GDPR), e.g., tax and commercial law requirements
Legitimate interests (Art. 6(1)(f) GDPR), e.g., fraud prevention, service optimization, direct marketing
6. How We Use Personal Data
We use your personal data in particular for:
fulfilling contracts and processing your orders
communicating with you about orders, products, or inquiries
optimizing and further developing our Services
complying with legal obligations (e.g., under tax or commercial law)
fraud prevention and security
marketing purposes where legally permitted or based on your consent
7. Disclosure of Personal Data
We disclose personal data to third parties where necessary and lawful:
Service providers: e.g., IT, payment processing, shipping, customer service
Business partners: e.g., for personalized advertising or marketing
At your direction or with your consent: e.g., social media integrations
Corporate group: within our affiliated companies (if any)
Legal obligations: to comply with laws or to defend our rights
Corporate transactions: e.g., in connection with mergers or acquisitions
8. Cookies and Similar Technologies
We use cookies and similar technologies to provide and improve the Services, store preferences, perform analytics, and deliver personalized content and advertising.
Where legally required, we obtain your prior consent (Art. 6(1)(a) GDPR in conjunction with Art. 5(3) ePrivacy Directive).
For details, see our Cookie Policy.
9. Third-Party Websites and Links
The Services may contain links to third-party websites. We are not responsible for their privacy or security practices. Please review their privacy policies.
10. Children’s Data
The Services are not directed to children. We do not knowingly collect data from individuals below the age of majority in their country of residence.
11. Data Retention (Art. 13(2)(a) GDPR)
We retain personal data only as long as necessary for the purposes described or as required by law. Examples:
Order and invoicing data: 10 years (statutory retention under German law)
Customer account data: duration of the business relationship + 24 months of inactivity
Marketing data: until you withdraw your consent
12. Your Rights (Art. 15–22 GDPR; Art. 7(3) GDPR)
Subject to the GDPR, you have the following rights in particular:
Right of access (Art. 15)
Right to rectification (Art. 16)
Right to erasure (Art. 17)
Right to restriction of processing (Art. 18)
Right to data portability (Art. 20)
Right to object (Art. 21)
Right to withdraw consent (Art. 7(3))
To exercise your rights, please contact: info@imperari.com
13. Right to Lodge a Complaint (Art. 77 GDPR)
You have the right to lodge a complaint with a supervisory authority, in particular in the EU/EEA member state of your residence, workplace, or the place of the alleged infringement.
A list of supervisory authorities in the European Economic Area is available at: https://edpb.europa.eu/about-edpb/board/members_en
14. International Data Transfers (Art. 44–49 GDPR)
We transfer personal data to third countries only where appropriate safeguards are in place, such as the European Commission’s Standard Contractual Clauses or an adequacy decision.
15. Changes to This Privacy Policy
We may amend this Privacy Policy as needed. The current version will be published on this page.
16. Global Application and Region-Specific Notices
This Privacy Policy applies worldwide. Specific rights may vary depending on your country of residence. For EU/EEA and UK users, this Policy is based on the GDPR and (in the UK) the UK GDPR/PECR. For users outside these regions, we apply equivalent standards of transparency, purpose limitation, data minimization, and security, while your local data protection rights remain unaffected.
United Kingdom: Processing is carried out in accordance with the UK GDPR and PECR. You have substantially the same rights as under the EU GDPR.
Switzerland: We comply with the Swiss Federal Act on Data Protection (nFADP).
California (USA): If you are a California resident, you may have additional rights under the CCPA/CPRA, including the right to know, delete, correct, and to opt out of the “sale” or “sharing” of personal information and to limit the use of sensitive personal information. We do not sell personal information for monetary consideration, but we may “share” personal information for cross-context behavioral advertising as defined by CPRA. You can exercise your rights (including “Do Not Sell or Share My Personal Information” and “Limit the Use of My Sensitive Personal Information”) via the “Cookie Settings” link in the footer or by contacting us at info@imperari.com
Brazil: For Brazilian residents, processing is carried out in accordance with the LGPD. You have rights to confirm processing, access, correct, anonymize, block, delete, and portability, as well as to revoke consent.
Other jurisdictions: Where local laws provide additional rights or obligations, we will honor those in accordance with applicable law.
17. Contact
If you have questions about data protection or wish to exercise your rights, please contact:
Email: Info[at]imperari.com