// Privacy Policy

Data Protection

Last updated: April 2026

This privacy policy explains how Pale Blue di Haroon Ikhlaq ("we", "us", "our") collects, uses, and protects personal data when you use our website and services, in accordance with EU Regulation 2016/679 (GDPR) and the Italian Personal Data Protection Code (D.Lgs. 196/2003, as amended by D.Lgs. 101/2018).

Data Controller

The data controller is Pale Blue di Haroon Ikhlaq, Piazza Della Vittoria 29, 10147 Torino, Italy. VAT IT 12847640013. Email: info@roboticsquare.com. PEC: haroonikhlaq@pec.it. As a sole trader (ditta individuale), the owner personally acts as data controller pursuant to Art. 4(7) GDPR.

Data We Collect

We collect: (a) data you actively provide — name, email address, company name, phone number, and messages submitted via our contact and quote forms; (b) account data — email and hashed password for registered users; (c) order and transaction data — shipping address, order history, payment reference numbers (we do not store full card numbers, which are processed exclusively by Stripe); (d) technical data collected automatically — IP address, browser type and version, device identifiers, pages visited, and timestamps via server logs. We do not collect sensitive personal data (special categories under Art. 9 GDPR).

Purposes and Legal Bases of Processing

We process your data for the following purposes and legal bases: (1) Responding to inquiries and processing quote requests — Art. 6(1)(b) GDPR (steps prior to entering a contract); (2) Fulfilling orders and managing the business relationship — Art. 6(1)(b) GDPR (contract performance); (3) Sending transactional emails (order confirmations, invoices) — Art. 6(1)(b) GDPR; (4) Improving our website and services — Art. 6(1)(f) GDPR (legitimate interests); (5) Complying with legal and fiscal obligations under Italian law — Art. 6(1)(c) GDPR. We do not carry out automated decision-making or profiling within the meaning of Art. 22 GDPR.

Data Retention

We retain personal data only as long as necessary for the stated purposes or as required by law: contact and quote inquiry data — up to 3 years from last interaction; order and transaction data — 10 years as required by Italian accounting and tax law (D.P.R. 600/1973 and D.P.R. 633/1972); user account data — until account deletion is requested; server logs — up to 12 months. Upon expiry, data is securely deleted or anonymised.

Your Rights

Under the GDPR (Arts. 15–22) and D.Lgs. 196/2003 you have the right to: access your personal data (Art. 15); rectify inaccurate data (Art. 16); request erasure ('right to be forgotten', Art. 17); restrict processing (Art. 18); receive your data in a portable format (Art. 20); and object to processing based on legitimate interests (Art. 21). To exercise any right, contact us at info@roboticsquare.com. We will respond within 30 days. You may also lodge a complaint with the Italian Data Protection Authority: Garante per la protezione dei dati personali, Piazza Venezia 11, 00187 Roma, www.garanteprivacy.it — or the supervisory authority of your EU country of residence.

Cookies and Local Storage

We use the following cookies and similar technologies: (1) NEXT_LOCALE — functional cookie, always active, stores your language preference, 1-year lifetime, does not track you. (2) PostHog analytics cookies — optional, set only if you click 'Accept Analytics' in the cookie banner; used to understand how visitors navigate the site (pages viewed, searches, cart actions); stored on PostHog EU-region servers; no advertising profiles are built. In addition, we use browser localStorage for: your authentication tokens (cleared on logout), your visual theme preference, and a flag recording your cookie choice. Rejecting analytics cookies means PostHog is never initialised and no analytics data is collected. You may withdraw consent at any time by clearing your browser cookies and localStorage.

Third-Party Service Providers

We engage the following sub-processors under Art. 28 GDPR data processing agreements: Stripe, Inc. — payment processing (data transferred under EU Standard Contractual Clauses; see stripe.com/privacy); Resend, Inc. — transactional email delivery; PostHog, Inc. — privacy-friendly analytics (only if you accept analytics cookies; data stored on EU-region servers; see posthog.com/privacy). Our servers are hosted within the EU. We do not sell, rent, or trade personal data to third parties for marketing purposes. International transfers outside the EEA are conducted only where adequate safeguards are in place (adequacy decision, SCCs, or other Art. 46 GDPR mechanism).

Security Measures

We implement appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access (Art. 32 GDPR). Measures include: HTTPS/TLS encryption for all data in transit; password hashing using industry-standard algorithms; access controls limited to authorised personnel; regular security reviews. In the event of a personal data breach likely to result in a high risk to your rights, we will notify you without undue delay in accordance with Art. 34 GDPR.

Changes to This Policy

We may update this privacy policy from time to time. The current version with its effective date is always available on this page. For material changes that affect your rights, we will provide notice via email or a prominent website notice where required by law.

// Data Protection Contact

For questions about this privacy policy or to exercise your data protection rights, please contact us:

info@roboticsquare.com