Privacy Policy

This Privacy Policy describes how Ghep sarl (hereinafter, “Company”), with headquarters at 3 Place des Moulins, 98000 Monaco, collects, uses, shares and protects the personal data of users of the website guruofficialbrand.com in compliance with Regulation (EU) 2016/679 (“GDPR”) and applicable regulations. Ghep sarl is the Data Controller and can be contacted for any requests regarding personal data at the email ghep@ghep.mc.

Personal data collected: While using our website and purchasing GURU products, we may collect various categories of personal information. This includes data provided directly by the user (name, surname, shipping/billing address, email, phone number, payment details), necessary to create an account, place an order, and receive assistance. We also collect data related to transactions (products purchased, amounts, payment method used) and communications with us (for example, any support emails or chats). We may also automatically collect information through cookies and similar technologies, such as IP address, browser type, device used, and website navigation data (pages visited, time spent, etc.), for statistical purposes and service improvement.

Purposes and legal bases for processing: Users’ personal data are processed for various purposes, each with an appropriate legal basis. The main purposes are: (a) Order fulfillment and service provision – we use the data to process orders, make payments through selected gateways, ship products to the indicated address, and provide order status updates (performance of a contract); (b) Customer communication and support – we use email or phone to send order confirmations, service information, and respond to support requests (contract performance or legitimate interest); (c) Compliance with legal obligations – we retain data necessary for accounting, tax, and warranty obligations (legal obligation); (d) Marketing and updates – only with the user’s explicit consent, we may use the provided email to send newsletters or promotional offers related to our brand; the user can revoke consent at any time and choose not to receive further marketing communications; (e) Website improvement and analysis – we collect navigation data and preferences (often in aggregate or anonymized form) to understand how customers use our site and services, in order to improve user experience and our products (legitimate interest). If we use non-essential cookies or similar tracking tools for analysis or advertising purposes, we do so based on user consent, as described in our Cookie Policy and through the cookie banner shown on first access.

Sharing data with third parties: Users’ personal data are shared with third parties only to the extent necessary to pursue the purposes described above. In particular, data may be communicated to: technical and hosting service providers (for website operation), payment service providers (such as credit card platforms or PayPal, to which transaction data is transmitted – the Company does not store complete payment card details for security reasons; such information is managed directly by external payment providers according to their own privacy policies), delivery/shipping service providers (couriers to whom we communicate name, address, and telephone number necessary for order delivery), logistics partners and warehouses (to prepare and ship products), analytics or advertising service providers (such as web traffic analysis tools or online marketing – in this case, data collected through cookies or scripts on our site may be sent to these third parties, who process them according to their own privacy policies). We ensure that all these third parties process personal data only on our behalf and according to documented instructions (when operating as data processors for the Company) or, where applicable, as independent controllers (for example, in the case of external services such as social media if the user interacts through related plugins). In any case, we share only strictly necessary data (minimization principle) and contractually require adequate data protection guarantees. Furthermore, if the user clicks on links or accesses third-party services through our site (e.g., links to social networks or payment on an external site), the data provided to such third parties will be subject to their respective privacy notices: our Company does not control nor assume responsibility for the content, policies, or practices of third-party websites.

Cookies and similar technologies: Our site uses cookies and similar tools. For complete details, please refer to the Cookie Policy below. In summary, we use: technical cookies necessary for the site’s operation and execution of essential functions (such as remembering items in the cart, account access, language preferences – these cookies do not require consent), performance and analytical cookies to collect aggregate statistical information on site usage (used only with consent where required by law), and potentially third-party cookies related to external functionalities (for example, for social media plugin integration or for marketing/advertising profiling purposes, also activated only if the user consents through the cookie banner). The user can manage their cookie preferences at any time (see Cookie Policy).

Data retention: We retain users’ personal data for the time strictly necessary to achieve the purposes for which they were collected, in compliance with the principle of storage limitation. In general, data related to purchases and transactions will be retained for the “entire duration of the contractual relationship and subsequently for the period required by applicable legislation (for example, 10 years for information relevant for accounting and tax purposes). Data collected for marketing purposes will be retained until the” user revokes consent or requests deletion (or, in the absence of interactions, for a limited period defined according to industry practices). Navigation data (server logs, analytics) are kept in aggregate or anonymized form where possible, and in any case for short periods compatible with statistical purposes. Upon expiration of retention periods, data will be securely deleted or irreversibly anonymized.

Data subject rights: Users (natural persons whose data we process) enjoy specific rights over their personal data, guaranteed by the GDPR. In particular, the user has the right to: (1) Access – obtain confirmation of whether data processing concerning them is in progress and access such data in an intelligible form, as well as receive information on purposes, categories of data, recipients, retention period, and the existence of other rights (Art. 15 GDPR); (2) Rectification – request the correction or updating of their personal data if inaccurate or incomplete (Art. 16 GDPR); (3) Erasure – obtain the erasure of personal data concerning them (“right to be forgotten”), for example if the data is no longer necessary in relation to the purposes or if it is processed unlawfully (Art. 17 GDPR); (4) Restriction – obtain the restriction of processing in certain circumstances (e.g., if they contest the accuracy of the data, for the period necessary for appropriate verifications) (Art. 18 GDPR); (5) Portability – receive in a structured, commonly used, and machine-readable format the personal data provided, and transmit them to another controller, where technically feasible (Art. 20 GDPR); (6) Objection – object at any time to the processing of data concerning them based on the legitimate interest of the controller or for marketing purposes, unless there are compelling legitimate grounds for the controller to continue the processing (Art. 21 GDPR); (7) Not to be subject to automated decision-making – right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects or similarly significantly affects the person, except in cases of explicit consent or contracts that provide for it (Art. 22 GDPR). Furthermore, the user has the right to be informed transparently about how their data is used (right exercised through this privacy notice itself and other informative communications). These rights can be exercised at any time by the data subject by contacting us at the indicated references. The Company commits to respond to requests without undue delay and, in any case, within one month of receiving the request, extendable up to three months in cases of particular complexity (in accordance with Art. 12 GDPR). The exercise of rights is free of charge, except for manifestly unfounded or excessive requests, for which a fee may be charged. In case of doubts about the identity of the requester, we may ask for additional information necessary for verification. Finally, if the user believes that the processing of their data occurs in violation of data protection regulations, they always have the right to lodge a complaint with the competent Data Protection Authority (for example, the Privacy Guarantor in Italy or another authority in the EU country of residence).

International data transfers: As a rule, users’ personal data are processed and stored within the European Economic Area. If for technical or operational reasons we need to transfer data to third countries (for example, if some of our service providers are located outside the EU, such as cloud providers or email marketing services), we will ensure that an adequate level of protection is guaranteed in line with Chapter V of the GDPR. In particular, we will adopt appropriate safeguards such as the stipulation of standard contractual clauses approved by the European Commission, any adequacy decisions, or adherence to recognized codes of conduct and certifications. The user can request more details on transfer measures by writing to us.

Data security: We are committed to protecting users’ personal data through appropriate technical and organizational security measures. We use encryption protocols (such as SSL/TLS) to protect data during transmission, and implement access controls, firewalls, and internal procedures aimed at preventing unauthorized access, disclosure, or alteration of data. Despite this, it is noted that no computer system is completely secure: therefore, while doing our best to protect personal information, we cannot guarantee absolute security against any breach. In the event of personal data breaches that pose a high risk to users’ rights and freedoms, we will inform the data subjects and competent authorities as required by law.

Minors: The GURU Official Brand website and services are not intended for minors under 16 years of age. We do not knowingly collect personal data from minors under this age. Minor users must refrain from using the site for purchases or sending us personal information, except when this occurs through the involvement of a parent or guardian. If we become aware of having inadvertently collected information from a minor without the necessary parental consent, we will delete it as soon as possible.

Privacy Policy updates: This privacy notice may be subject to changes over time – for example, due to regulatory updates or changes in our processing. In case of substantial changes, we will inform users through the website (and/or via email, where appropriate). The date of the last update is indicated at the top of this document. We invite you to periodically consult this page to stay informed about our privacy practices.

For any questions, doubts, or requests regarding the Privacy Policy or the processing of personal data, you can contact us at “the email address ghep@ghep.mc. We will be happy to provide clarifications and assistance on” exercising your privacy rights.