Privacy Policy

This Privacy Notice is a part of Basket S.r.l.  Privacy Policy and provides mandatory information as required under Art. 13 of the EU General Data Protection Regulation (GDPR), regarding the transparency of personal data processing.

The Data Controller connected with this Privacy Notice is Basket s.r.l.

  1. Information collected. Lawful basis and purposes of processing activities.


The Controller processes personal data, contact details and billing information related to Customers and Suppliers, including e-mail addresses and names of the subjects involved in commercial relations, for the performance of a contract for the purchase or supply of good or to take steps to enter into it, to fulfill legal obligations and for the purpose of legitimate interest of the data controller (protection of Data Controller’s rights, marketing and other business related matters that may arise).


We use Customers’ and Suppliers’ personal data for the following purposes:

1.a. Performance of contracts;

1.b. Fulfill legal duties;

1.c. Record-keeping of business relations.

We also perform the following processing activities:

  1. Social Network. The Controller processes interactions with Facebook and LinkedIn Company Profile (user’s profile, communications, interactions), in joint control with social network provider, on the lawful basis of consent and until the opt-out (unsubscribe/unfollow) until the opt-out of the data subject.
  2. Newsletter. The Controller processes contact details of the newsletter’s subscribers on the legal basis of the consent (newsletter’s subscription) until the opt-out of the data subject.
  3. Data supply.

Due to the lawful basis for the processing, there is a contractual obligation to provide the personal data to carry out the activities under 1.a and 1.b. Insufficient personal data can prevent the conclusion of the contract or its execution.

  1. Data processing operations. Transfers to Third Parties.


The processing of personal data is performed by mixed instruments (both manual and automatic), in such conditions to be compliant with the purposes, also involving data processors. Automated decision-making activities aren’t carried out. Security, integrity and confidentiality are granted with appropriate technical and organizational measures.

The recipients of personal data collected and processed are business partners, Professional counselors, banks and insurance companies, Government offices, and service providers.

Any transfer of personal data to a third country or an international organization without an adequacy decision couldn’t be carried out without the consent of the data subject.

  1. Data retention period.

The data collected and processed will be retained if necessary, to comply with the Law and until the limitation period expiration.

  1. Rights of the data subject.

 Data subjects can exercise the right to access, rectification, erasure, restriction, portability, and also can object to or restrict the processing of personal data. Data subject can also lodge a complaint with a supervisory authority (i.e. DPA).

Data subject access and other rights requests can be made in any form, including email to the following address:

Send this to a friend