Privacy Policy (GDPR-Compliant Version)

Last updated: 15.11.2025

1. Data Controller

The controller of your personal data is:
Sport Shirt – Sport Shirt Y & H S.R.L. Via Gravina 21 MT, Matera, Italy.
86 Xinxia Blvd, Longgang 518111, Shenzhen, Guangdong Province
Website: sportshirt.pro
Contact email: shop@sportshirt.pro

---

2. Types of Personal Data We Process

Depending on how you use our website, we may process the following categories of data:

• Identification data – name, surname (if provided in comments or account creation).
• Contact details – email address, website URL (if provided).
• Technical data – IP address, browser user-agent, cookies, device information.
• Profile data – account information, login data, preferences, profile picture (e.g. via Gravatar).
• Content data – comments and any associated metadata.
• Media data – images uploaded by registered users (including potential EXIF metadata).

We do not intentionally process sensitive data (special categories under GDPR).

---

3. Purposes and Legal Basis for Processing

We process your data only when it is lawful under GDPR. Below is a clear breakdown:

3.1 Comments

• Purpose: Handling user comments, preventing spam, improving security.
• Legal basis:
  • Art. 6(1)(b) GDPR – performance of a service (enabling commenting).
  • Art. 6(1)(f) GDPR – our legitimate interest in preventing spam and abuse.

3.2 User Accounts

• Purpose: Creating and maintaining your user account.
• Legal basis: Art. 6(1)(b) GDPR – performance of a contract.

3.3 Cookies

• Purpose: Operation of the website, user convenience, login functionality, analytics (if enabled).
• Legal basis:
  • Art. 6(1)(f) GDPR – essential cookies (site functionality).
  • Art. 6(1)(a) GDPR – consent for non-essential cookies (if used).

3.4 Security and Server Logs

• Purpose: Ensuring the security and stability of the website.
• Legal basis: Art. 6(1)(f) GDPR – legitimate interest in maintaining website security.

3.5 Embedded Content

• Purpose: Displaying third-party embedded materials (videos, images, articles).
• Legal basis: Art. 6(1)(a) GDPR – consent for third-party tracking where applicable.

---

4. Use of Gravatar

When you leave a comment, an anonymized hash generated from your email address may be sent to the Gravatar service to determine whether you use it.
Gravatar’s privacy policy: automattic.com.

After your comment is approved, your Gravatar profile picture becomes visible to the public in connection with your comment.

---

5. Media Files

If you upload images to the site, avoid uploading files containing EXIF location data. Visitors may download and extract location information from images posted on the site.

---

6. Cookies

We use several types of cookies:

6.1 Comment cookies

Store your name, email and website for convenience when posting future comments.
Expiration: 1 year.

6.2 Login cookies

Used to maintain your session and screen display preferences.

• Login cookies expire after 2 days.
• Screen options cookies expire after 1 year.
• “Remember Me” login lasts 2 weeks.

6.3 Temporary cookies

Created when visiting the login page to check if your browser accepts cookies. Removed when the browser closes.

6.4 Post-publication cookies

If you edit or publish an article, a non-personal cookie storing the post ID is saved.
Expiration: 1 day.

---

7. Embedded Content

Embedded content from other websites behaves exactly as if the user had visited the external site directly.
These websites may:

• collect data about you,
• use cookies,
• integrate additional third-party tracking tools,
• monitor your interaction with embedded content.

If you are logged into the external service, your interactions may be tracked as well.

---

8. Data Retention

8.1 Comments

We store comments and related metadata indefinitely to recognize and automatically approve follow-up comments.

8.2 User Accounts

For registered users, we store profile information until the user deletes or modifies it.
Administrators may also view and edit that information.

8.3 Required retention

Some data must be retained for legal, security or administrative reasons.

---

9. Your Rights Under GDPR

As a data subject, you have the following rights:

• Right of access (Art. 15 GDPR) – obtain a copy of your data.
• Right to rectification (Art. 16 GDPR) – correct inaccurate or incomplete data.
• Right to erasure (Art. 17 GDPR) – request deletion of your data (“right to be forgotten”).
• Right to restriction of processing (Art. 18 GDPR).
• Right to data portability (Art. 20 GDPR).
• Right to object (Art. 21 GDPR) – to processing based on our legitimate interests.
• Right to withdraw consent (Art. 7(3) GDPR) – at any time, without affecting earlier processing.
• Right to lodge a complaint with a supervisory authority (Art. 77 GDPR).

To exercise your rights, contact us via: shop@sportshirt.pro.

---

10. Data Transfers

Visitor comments may be checked using automated spam detection services, which may involve data processing outside the EU.
When transferring data outside the EEA, we use mechanisms compliant with GDPR (e.g. Standard Contractual Clauses).

---

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• encryption,
• access control,
• security monitoring tools,
• server-level protections.

Despite these measures, no online transmission is 100% secure.

---

12. Changes to This Policy

We may update this Privacy Policy from time to time.
The latest version will always be available on this page.