Privacy policy pursuant to art. 13 of the EU Regulation n. 679/2016

Dear user,

We wish to inform you that the EU regulation (GDPR) n. 679/2016 regarding the protection of personal data provides for the protection of persons and other subjects regarding the processing of personal data. According to the indicated legislation, this treatment will be based on principles of correctness, lawfulness and transparency, and the protection of your privacy and your rights. Pursuant to current legislation, therefore, we provide you with the following information:

The information is provided for the site and not for other websites that may be consulted by the user via links.

Purpose of the processing

The collection and processing of data can be carried out for:

Purpose of service:

– fulfillment of pre-contractual, contractual, and tax obligations deriving from existing relationships;

– pre and post-sales guarantee and technical assistance;

Marketing purposes (newsletter):

– invitations to information or promotional events;

– sending information and promotional material;

Different purposes:

– evaluation of job or collaboration requests (recruiting – personnel selection and recruitment);

– fulfillment of specific requests and requests;

– subjects that provide services for the management of the company information system and telecommunications networks (including e-mail);

– service companies for the acquisition, registration, and processing of data from documents, or supports provided and originated by the customers themselves and relating to massive operations relating to payments, bills, checks, and other securities;

– subjects who carry out transmission, enveloping, transport, and sorting of communications with customers;

– subjects who carry out customer assistance activities (eg call centers, help desks, etc.);

– firms or companies in the context of assistance and consultancy relationships;

– subjects who carry out operations of control, revision, and certification of the activities carried out by the company also in the interest of the customers;

Lawfulness of processing

Contractual relationships – service purposes

The personal data provided by users who make purchases on the site indicated are used, on the basis of the contractual obligations assumed, for the sole purpose of executing the order placed and are communicated for the exclusive purposes of order fulfillment, to third parties in charge of delivery. or similar ancillary services.

Data provided voluntarily by the user – marketing and other purposes

The optional, explicit, and voluntary sending of e-mails to the addresses indicated on this site entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the message.

Specific summary information is reported or displayed on the pages of the site prepared for particular services on request, for which therefore the legal basis of the processing lies in the consent of the interested party.

Optional supply of data

Apart from that specified for navigation data, the user is free to provide personal data contained in the registration forms, in those confirming the purchase procedure, or in any case required to request the sending of informative material or other communications.

Failure to provide them, however, could make it impossible to obtain what was requested where the processing of the personal data requested was essential for the conclusion and execution of the contract, and in their absence, the orders placed could not be executed.

Methods and duration of the processing

Personal data are subjected to both paper and electronic and/or automated processing for the time strictly necessary to achieve the purposes for which they were collected.

Specific security measures are observed to prevent data loss, illicit or incorrect use, and unauthorized access.

Without prejudice to the requirements referred to in art. 17 c. 3 and the needs of the Data Controller to dispose of them for evidential purposes to be used in the event of inspections by the supervisory bodies and/or in the context of litigation, the data will be deleted (as well as upon any request of the interested party) at the end of the treatment, or when the purpose for which they were collected has ceased.

Access, communication, dissemination, and transfer of data

The data can be accessed by employees and collaborators of the Data Controller, in their capacity as persons in charge and/or internal managers of the processing and/or system administrators.

The data are not subject to disclosure.

In consideration of the existence of telematic, computer, or correspondence links, the data can also be transferred abroad, within the European Union. In case of transfer to non-EU countries, the Data Controller ensures from now on that the transfer of non-EU data will take place in compliance with the applicable legal provisions by stipulating, if necessary, agreements that guarantee an adequate level of protection and/or adopting the standard contractual clauses provided by the European Commission.


No personal user data is acquired by the site in this regard. Cookies are not used to transmit information of a personal nature, nor are so-called persistent cookies of any kind used, or systems for tracing users. The use of so-called session cookies (which are not stored permanently on the user’s computer and disappear when the browser is closed) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow the safe and efficient exploration of the site. The cd

Rights of interested parties (Articles 15-21 GDPR)

The subjects to whom the personal data refer have the right at any time to:

1. obtain confirmation of the existence or not of personal data concerning them, even if not yet registered, and their communication in an intelligible form;

2. obtain the indication: a) of the origin of the personal data; b) the purposes and methods of the processing; c) of the logic applied in case of treatment carried out with the aid of electronic instruments; d) the identity of the owner, manager and the representative appointed pursuant to art. 3, paragraph 1, GDPR; e) the subjects or categories of subjects to whom the personal data may be communicated or who can learn about them as appointed representatives in the State, managers or agents;

3. obtain: a) updating, rectification or, when interested, integration of data; b) the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including those that do not need to be kept for the purposes for which the data were collected or subsequently processed; c) the attestation that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except in the case in which this fulfillment proves impossible or involves the use of means that are manifestly disproportionate to the protected right;

4. object, in whole or in part: a) for legitimate reasons to the processing of personal data concerning them, even if pertinent to the purpose of the collection; b) to the processing of personal data concerning them for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication, through the use of automated call systems without the intervention of an operator by email and/or through traditional marketing methods by telephone and/or paper mail. It should be noted that the right of opposition of the interested party, set out in point b) above, for direct marketing purposes through automated methods extends to traditional ones and that in any case, the possibility remains for the interested party to exercise the right of opposition also only partially.

Where applicable, they also have the rights referred to in the Articles. 16-21 GDPR (Right of rectification, right to be forgotten, right to limitation of treatment, right to data portability, right to object, right to withdraw consent), as well as the right to complain to the Guarantor Authority.

The Data Controller is

The Gun Store EU with registered office in Via Barberini, 31 – 00187 Rome (RM)

The Data Processor, who can be contacted to exercise the rights referred to in Art. 12 and/or for any clarifications regarding the protection of personal data, can be reached at the address:


This Site and the Controller’s Services are not intended for minors under the age of 18 and the Controller does not intentionally collect personal information relating to minors. In the event that information on minors was unintentionally registered, the Data Controller will delete them in a timely manner, at the request of the users.

Changes to this Notice

This information may be subject to changes. It is therefore advisable to check this information regularly and refer to the most updated version.