Privacy policy

Last updated: November 18th, 2025

Privacy & Cookie Policy

Hello there!
We at Babbaluci S.r.l. care deeply about your privacy and want to be clear about how we handle your information when you visit our website (www.babba-luci.com) .

1. Who We Are

Babbaluci S.r.l. is a private company registered at Viale Tunisia 22, Milano (MI) – CAP 20124, Italy. We operate a website to showcase our services and to enable visitors to contact us.

If you have questions about how we handle your data, please contact us:

  • Email: welcome@babba‑luci.com

  • Address: Viale Tunisia 22, Milano (MI) – CAP 20124, Italy

2. Information We Collect

We collect only the data necessary to operate our site and to respond to enquiries. This includes:

Contact information

  • Name and email address. Provided when you fill out a contact form or subscribe to our updates.

  • Message contents. Any details you share with us in the text box of the contact form (e.g. questions or comments).

  • Marketing preferences. Whether you have chosen to receive newsletters or updates.

Technical data

  • IP address and browser information. We collect your IP address, browser type and version, device type and operating system automatically to ensure the website functions properly.

  • Usage data. We collect anonymised data about how visitors use our website, such as pages viewed, time spent and navigation patterns. These statistics help us improve our site and are not used to identify you individually.

We do not intentionally collect sensitive personal data (e.g. health information, religious or philosophical beliefs, biometric or genetic data).

3. Cookies and Tracking Technologies

Cookies are small text files stored on your device. We use them to enhance your browsing experience and to understand how visitors interact with our website.

  • Essential cookies: Required for core website functionality. These cookies are set automatically and expire at the end of your session.

  • Analytics cookies: Help us analyse website traffic and user behaviour. We limit the lifespan of these cookies to a maximum of 13 months, as recommended by the CNIL . Our analytics providers may retain aggregated data for up to 26 months before anonymisation or deletion.

  • Marketing cookies: If we use cookies for personalised advertising (e.g. Meta Pixel), we request your consent before setting them. Marketing cookies are stored for no longer than 13 months, and consent must be renewed at least every 13 months .

You can adjust cookie settings at any time through your browser or our cookie banner. Disabling non‑essential cookies may affect some site features but will not prevent core functionality.

4. How We Use Your Information

We process personal data only when we have a lawful basis to do so. We use your information to:

  • Respond to your enquiries. When you contact us via the website, we use your name and email address to reply and provide the information you requested.

  • Send newsletters and updates. If you consent to receive marketing emails, we will use your email address to send newsletters, special offers and company news. You can unsubscribe at any time via the link in every email.

  • Improve our website and services. We use aggregated analytics data to monitor website performance and understand visitor behaviour so we can improve our content.

  • Ensure security and prevent misuse. We may process IP addresses and technical logs to protect against hacking, fraud or other misuse of our site.

We rely on the following legal bases for processing your data:

  • Consent: When you subscribe to newsletters or agree to non‑essential cookies, you provide consent, which you can withdraw at any time.

  • Legitimate interests: We process contact data to communicate with you, operate our website and pursue our business interests. We consider your interests and rights and ensure they do not override ours.

  • Legal obligations: In some cases, we may process data to comply with legal requirements (e.g. tax or accounting regulations).

5. Who We Share Your Information With

We share personal data only when necessary to deliver our services or comply with the law. We do not sell your personal information. We may share information with:

  • Service providers: Companies that help us host our website, send emails, provide analytics or maintain our systems. These providers access your data only to perform services on our behalf and must protect it appropriately.

  • Marketing and analytics partners: If you consent to marketing cookies or email updates, we may share data with marketing platforms (e.g. Meta Pixel or email service providers) to deliver personalised content.

  • Legal authorities: In rare cases, we may share data with regulators or law‑enforcement agencies when required by law.

International transfers

Some of our service providers or partners may be located outside the European Economic Area (EEA). When your data is transferred outside the EEA, we ensure it remains protected by relying on one of the following mechanisms:

  • Adequacy decisions: The European Commission has recognised certain countries as providing an adequate level of data protection. Transfers to countries such as Switzerland, the United Kingdom, Canada (commercial organisations), Japan and others listed by the Commission do not require additional safeguards .

  • Standard Contractual Clauses (SCCs): For transfers to countries without an adequacy decision, we include the European Commission’s Standard Contractual Clauses in our contracts with service providers. These clauses ensure transferred data receives a level of protection equivalent to that within the EU .

  • Other safeguards: Where appropriate, we may rely on Binding Corporate Rules or obtain your explicit consent for specific transfers.

We disclose in this policy whenever data leaves the EEA and describe the safeguards applied .

6. How Long We Keep Your Data

We retain personal data only as long as necessary for the purposes described above, in line with the principles of data minimisation and storage limitation:

  • Contact enquiries: We keep contact form submissions for up to 12 months after we resolve your enquiry, unless you continue to engage with us. This period allows us to manage follow‑up queries. After 12 months, we delete or anonymise the information.

  • Marketing data: If you consent to receive newsletters or marketing communications, we retain your email address and marketing preferences for up to 24 months after your last interaction, following guidance from the Italian data‑protection authority (Garante) . You can unsubscribe at any time, after which we remove your data from our mailing list.

  • Cookie and analytics data: Essential cookies expire at the end of your session. Marketing and analytics cookies have a maximum lifespan of 13 months . Aggregated analytics data is retained for up to 26 months before being anonymised or deleted.

  • Technical logs: We keep server logs and security data for up to 6 months to detect and prevent abuse.

  • Legal obligations: We may keep certain data longer if required by law or to defend legal claims.

7. Your Privacy Rights

Under the General Data Protection Regulation (GDPR), you have the following rights:

  1. Right to access – obtain a copy of your personal data we hold.

  2. Right to rectification – correct inaccurate or incomplete data.

  3. Right to erasure – ask us to delete your personal data in certain circumstances.

  4. Right to restrict processing – request that we limit how we use your data.

  5. Right to object – object to processing based on our legitimate interests or to direct marketing.

  6. Right to data portability – request a copy of your data in a structured, commonly used format.

  7. Right to withdraw consent – withdraw your consent at any time, without affecting the lawfulness of processing before withdrawal.

To exercise your rights, contact us at welcome@babba‑luci.com. We aim to respond within one month. You also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) or another supervisory authority in the EU.

8. Data Transfers and Safeguards

When personal data is transferred outside the EEA, we rely on adequacy decisions or Standard Contractual Clauses to ensure an equivalent level of protection . We regularly review our contracts and service providers to ensure ongoing compliance.

9. Security Measures

We implement appropriate technical and organisational measures to protect your data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. Measures include:

  • Encryption of data in transit and at rest.

  • Firewalls and intrusion‑detection systems.

  • Role‑based access controls.

  • Regular security assessments and staff training.

10. Children’s Privacy

Our website is not intended for children under 16. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a child under 16, we will delete it promptly.

11. Changes to This Policy

We may update this policy from time to time to reflect changes in law or our practices. When we do, we will post the updated version on this page and revise the “Last updated” date. We encourage you to review this policy periodically to stay informed about how we protect your information.

12. Contact Us

If you have any questions or concerns about this Privacy & Cookie Policy or our data‑processing practices, please contact us at welcome@babba‑luci.com.

We take privacy seriously and will respond promptly.