Privacy policy

Last updated: 23 November 2025

The BigCig Store operates this shop and website, including the information, content, features, tools, products and services, in order to provide you, as our customer, with an adequate shopping experience (the “Services”). The BigCig Store is supported by the Shopify platform, which enables us to provide you with the Services.

This Privacy Notice describes how we collect, use and disclose your personal data when you visit, use, make a purchase or carry out any other transaction through the Services, or when you communicate with us. In case of conflict between our Terms of Service and this Privacy Notice, this Privacy Notice will prevail with regard to the collection, processing and disclosure of your personal data.

Please read this Privacy Notice carefully. By using and accessing the Services, you confirm that you have read this Privacy Notice and that you understand what is described herein regarding the collection, use and disclosure of your information.

1. Data Controller and Contact Details

For the purposes of applicable data protection laws (in particular Regulation (EU) 2016/679 – “GDPR”), the controller of your personal data is:

  • Company name: The BigCig di Baesso Diego
  • Registered office: Via Caluso 9, 10017 Montanaro (TO), Italy
  • VAT No.: IT13319930015
  • Email: info@thebigcig.com

At the moment we have not appointed a Data Protection Officer (DPO), because the conditions laid down by law for such appointment do not apply to us.

2. Personal Data We Collect or Process

When we use the term “personal data”, we refer to information that identifies you or is reasonably related to you or another person. Personal data does not include information collected in an anonymized or anonymous form, such that it can no longer identify you or be linked to you.

Depending on your interaction with the Services, where you live, and to the extent permitted or required by applicable laws, we may collect or process the following categories of personal data, including inferences drawn from such data:

  • Contact details including name, address, billing address, shipping address, telephone number and email address.
  • Financial and payment data including data relating to the payment method (e.g. credit card, debit card or financial account), card payment details, financial account data, transaction details, payment method, payment confirmation and other payment-related details. Full card information is handled by payment providers (e.g. Shopify Payments, PayPal) and is not stored by us in plain text.
  • Account data including username, password, security questions, preferences and settings.
  • Transaction data including items you view, add to your cart, add to your wishlist, purchase, return, exchange or remove, and past transactions.
  • Communications with us including information you provide in your communications with us, for example when you contact customer support or submit a complaint.
  • Device information including information about the device, browser or network connection, IP address and other unique identifiers.
  • Information on the use of the Services including information about your interaction with the Services, and how and when you interact with or browse the Services (pages visited, time spent, actions taken on the site).
  • Cookies and similar technologies through which we collect technical and browsing information; further details are provided in our Cookie Policy.

3. Sources of Personal Data

We may collect personal data from the following sources:

  • Directly from you including when you create an account, visit or use the Services, place an order, communicate with us or otherwise provide us with your personal data.
  • Automatically through the Services including through your device when you use our products or services or visit our websites, and through the use of cookies and similar technologies.
  • From our service providers including when we engage them to implement specific technologies or services (such as payment, shipping, analytics) and when they collect or process your personal data on our behalf.
  • From our partners or third parties such as marketing partners, advertising platforms, social integrations or marketplaces.

4. How We Use Your Personal Data (Purposes and Legal Bases)

Depending on how you interact with us or which Services you use, we may collect and use your personal data for the purposes set out below. For each purpose, we indicate the legal basis under the GDPR.

4.1 Providing, Personalizing and Improving the Services

We use your personal data to:

  • provide you with the Services;
  • perform our contract with you;
  • process your payments;
  • fulfil your orders;
  • remember your preferences and the items you are interested in;
  • send you account and order status notifications;
  • process purchases, returns, exchanges or other transactions;
  • create, maintain and manage your account;
  • arrange shipping;
  • facilitate returns and exchanges;
  • enable you to post reviews;
  • create a personalized shopping experience, for example by providing product recommendations related to your purchases.

Legal basis:

  • performance of a contract (Art. 6(1)(b) GDPR);
  • compliance with legal obligations (Art. 6(1)(c) GDPR, e.g. tax and accounting obligations);
  • legitimate interest (Art. 6(1)(f) GDPR) for service improvement, while respecting your fundamental rights and freedoms.

4.2 Marketing and Advertising

We use your personal data for marketing and advertising purposes, for example to:

  • send you marketing, advertising and promotional communications by email, text message or post;
  • show you online ads for products and services within our Services or on other websites;
  • provide you with content and offers that may be of interest to you, including based on items you have previously purchased or added to your cart and other activities within the Services.

Legal basis:

  • your consent (Art. 6(1)(a) GDPR), where required, in particular for newsletters and profiling cookies;
  • legitimate interest (Art. 6(1)(f) GDPR) to send you communications regarding products similar to those you have already purchased (so-called “soft spam”), in compliance with applicable regulations and your right to object at any time.

You may withdraw your consent or object to direct marketing at any time, for example by using the unsubscribe link in our emails or by contacting us.

4.3 Security and Fraud Prevention

We use your personal data to:

  • authenticate your account;
  • provide a secure payment and shopping experience;
  • detect, investigate or take action against fraudulent, illegal, unsafe or harmful activities;
  • protect public safety and our services.

By choosing to use the Services and register an account, you are responsible for protecting your credentials. We recommend that you do not share your username, password or other access data with anyone.

Legal basis:

  • our legitimate interest in ensuring the security of the website and transactions (Art. 6(1)(f) GDPR);
  • any legal obligations (Art. 6(1)(c) GDPR) in case of requests from authorities.

4.4 Communications with You

We use your personal data to:

  • provide you with customer support;
  • respond to your enquiries;
  • offer you effective services;
  • maintain our business relationship with you.

Legal basis:

  • performance of a contract or pre-contractual measures (Art. 6(1)(b) GDPR);
  • legitimate interest in managing enquiries and customer relationships (Art. 6(1)(f) GDPR).

4.5 Legal Reasons

We use your personal data in accordance with applicable laws or in response to valid legal processes, including:

  • requests from authorities or government agencies;
  • investigations or participation in testimonies, potential or ongoing lawsuits, or other legal proceedings;
  • enforcement or investigation of potential violations of our terms or notices.

Legal basis:

  • compliance with legal obligations (Art. 6(1)(c) GDPR);
  • legitimate interest in protecting our rights (Art. 6(1)(f) GDPR).

5. How We Disclose Personal Data

In certain circumstances, we may disclose your personal data to third parties for legitimate purposes, subject to this Privacy Notice. Such circumstances may include:

  • With Shopify, vendors and other third parties who perform services on our behalf (for example, IT management, payment processing, data analytics, customer support, data storage, order fulfilment and shipping). In these cases, such entities act as data processors under Art. 28 GDPR, on the basis of specific contractual agreements.
  • With business and marketing partners to provide you with services and marketing communications. For example, we use Shopify and other providers to offer personalized ads through third-party services based on your online activity across multiple sites. Our business and marketing partners will use your data in accordance with their own privacy notices. Depending on where you reside, you may have the right to ask us not to share your data for the purpose of showing you personalized ads.
  • When you explicitly ask or authorize us to disclose certain information to third parties, for example to ship your products, or when you use social media widgets or login integrations.
  • With our affiliates or within our corporate group where necessary to operate the Services and for internal administrative purposes.
  • In connection with a business transaction such as a merger, acquisition, restructuring or bankruptcy.
  • To comply with legal obligations (including responding to subpoenas, search warrants and similar requests), to enforce our terms of service or notices, and to protect or defend the Services, our rights and those of our users or other persons.

6. Relationship with Shopify

The Services are supported by Shopify, which collects and processes personal data relating to your access to and use of the Services in order to provide and improve the Services for us and for you.

To provide and improve the Services for you, the data you submit through the Services will be transmitted to and shared with Shopify and third parties that may be located in countries other than your own.

In addition, to help protect, grow and improve our store’s business, we use certain advanced Shopify features that incorporate data and information received from you through your interactions with our store, as well as with other merchants and with Shopify. To provide these advanced features, Shopify may use personal data collected from your interactions with our store, with other merchants and with Shopify itself.

In such circumstances:

  • for some activities Shopify acts as a data processor on our behalf;
  • for other activities (e.g. platform security, global analytics, its own services) Shopify acts as an independent data controller and is responsible for processing your personal data, including responding to your requests to exercise your rights in relation to those activities.

For more information on how Shopify uses your personal data and on the rights you may have, you can consult Shopify’s Consumer Privacy Notice and their Privacy Portal, available on their official website.

7. Third-Party Websites and Links

The Services may contain links to websites or other online platforms operated by third parties. If you open links to sites not affiliated with or controlled by us, you may be required to accept their privacy and security notices and other terms and conditions.

We do not guarantee and are not responsible for the privacy and security of such sites, nor for the accuracy, truthfulness or reliability of the information contained therein. Information you provide in public or semi-public contexts, including information you share on third-party social media platforms, may also be viewed by other users of the Services and/or users of such third-party platforms, without restrictions on their use by us or by third parties.

The inclusion of such links does not imply any endorsement by us of the content of those platforms or of their owners or operators, except as disclosed within the Services.

8. Children’s Data

The Services are intended for adults and are not directed to use by children. We do not knowingly collect personal data from individuals who are under the age of majority in your jurisdiction.

If you are a parent or guardian and believe that a minor has provided personal data through the Services, you may contact us using the contact details provided in this Notice to request deletion of such data.

As of the date of the last update of this Notice, we do not engage in any “sale” or “sharing” of personal data of individuals under 16 years of age, within the meaning of applicable data protection laws.

9. Data Security and Retention

Please note that no security measure is perfect or impenetrable and we cannot guarantee “absolute security”. Nevertheless, we implement appropriate technical and organizational measures to protect your personal data from unauthorized access, loss, disclosure or destruction.

In addition, data you send to us may not be secure during transmission. We recommend that you use only secure channels to communicate confidential or sensitive information to us.

Retention periods

The retention time of personal data depends on several factors, such as whether we need such data to maintain your account, to provide you with the Services, comply with legal obligations, resolve disputes or enforce other contracts and notices. In general:

  • Data relating to invoices, orders and accounting documents: 10 years;
  • Account data: for the entire duration of the account and up to 24 months after closure, unless longer legal obligations apply;
  • Marketing data (newsletters, promotional communications): until consent is withdrawn or for a maximum period of 24 months from the last interaction;
  • Technical and security logs: for periods consistent with security and monitoring purposes;
  • Data necessary for legal defence: until the expiry of limitation periods for claims (generally up to 10 years).

10. Your Rights and Choices

Depending on where you reside, you may have one or more of the rights concerning personal data listed below. These rights are not absolute and may only apply in certain circumstances; we may refuse your request to the extent permitted by law.

In particular, under the GDPR you have the right to:

Right of access

You may have the right to request access to your personal data we hold and to obtain a copy of the information processed (Art. 15 GDPR).

Right to rectification

You may have the right to request the correction of inaccurate personal data concerning you or the completion of incomplete data (Art. 16 GDPR).

Right to erasure (“right to be forgotten”)

You may have the right to request the erasure of your personal data that we hold, in the circumstances provided for by Art. 17 GDPR.

Right to restriction of processing

You may have the right to request restriction of the processing of your personal data in certain situations (Art. 18 GDPR).

Right to data portability

You may have the right to receive a copy of your personal data in a structured, commonly used and machine-readable format and to request that we transmit it to a third party, in certain circumstances (Art. 20 GDPR).

Right to object

You may have the right to object to the processing of your personal data based on our legitimate interests, including direct marketing (Art. 21 GDPR).

Withdrawal of consent

Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

Managing communication preferences

We may send you promotional emails and you can opt out of receiving them at any time by using the unsubscribe option in our emails. If you opt out, we may still send you non-promotional emails, such as those relating to your account or orders you have placed.

How to exercise your rights

You may exercise any of these rights where indicated in the Services or by contacting us using the contact details provided below.

You will not suffer any discrimination for exercising these rights. Before processing your requests, we may need to verify your identity, to the extent permitted by applicable law. In accordance with applicable law, you may appoint an authorised agent to make requests on your behalf to exercise your rights. Before accepting a request from an agent, we will ask them to provide evidence that they have been authorised by you and we may ask you to verify your identity directly.

For more information on how Shopify uses your personal data and on your potential rights, including those relating to data processed by Shopify as an independent controller, you can visit Shopify’s dedicated privacy website.

11. Complaints

If you have any complaints about how we process your personal data, please contact us using the contact details provided below. We will do our best to respond and address your concerns.

In addition, if you are located in the European Economic Area, you have the right to lodge a complaint with the competent supervisory authority. In Italy:

Garante per la Protezione dei Dati Personali
Website: www.garanteprivacy.it

If you reside in another EEA country, you can find a list of competent supervisory authorities on the official websites of the European Union.

12. International Transfers

Please note that we may transfer, store and process your personal data outside the country in which you reside.

If we transfer your personal data outside the European Economic Area or the United Kingdom (for example to Canada, the United States or other countries where Shopify or other service providers are located):

  • we will rely on appropriate transfer mechanisms, such as the European Commission’s Standard Contractual Clauses, or equivalent contracts issued by the competent UK authorities; or
  • we will carry out the transfer to countries for which there is an adequacy decision by the European Commission.

13. Changes to This Privacy Notice

We will update this Privacy Notice from time to time, including to reflect changes in our practices or for other operational, legal or regulatory reasons. We will publish the updated Privacy Notice on the website, change the “Last updated” date and issue a notice as required by applicable law.

14. Contact Details

Contact information:

  • Company name: The BigCig di Baesso Diego
  • Email: info@thebigcig.com
  • Address: Via Caluso 9, 10017 Montanaro (TO), Italy
  • VAT No.: IT13319930015

If you have any questions about our privacy practices or about this Privacy Notice, or if you intend to exercise any rights available to you, you may send an email to info@thebigcig.com or contact us at Via Caluso 9, 10017 Montanaro (TO), Italy.