Privacy Policy

Sigil Magik Engine - Protecting Your Digital Sacred Space

Last Updated: Version 1.0 of July 30, 2025

SNAP S.r.l.s., with registered office in via Luigi Settembrini n. 30, 00195 Rome, as the Data Controller (hereinafter "Data Controller"), collects and processes personal data in compliance with Regulation (EU) 2016/679, the General Data Protection Regulation ("GDPR"), Legislative Decree 30 June 2003, n. 196, consolidated text ("Privacy Code"), provisions and guidelines of the Data Protection Authority ("Garante") and the European Data Protection Board ("EDPB"), all cumulatively referred to as ("Italian Privacy Legislation"), in observance of privacy principles and the rights of Data Subjects.

Pursuant to Articles 13 and 14 GDPR, the Data Controller communicates through this Privacy Policy how and why it collects and processes personal data of users and customers ("Data Subjects") of the website https://www.sigilmagikengine.com/ ("Website").

This Privacy Policy must be read and applies to the processing of personal data of Data Subjects together with the Website's Cookies Policy.

Please read this Privacy Policy carefully before browsing, registering, using the Website and purchasing the products offered through it.

1. Definitions

The terms used in this Privacy Policy and defined in Art. 4 GDPR, even if not written in capital letters, regardless of singular and/or plural, masculine and/or feminine form, have the same meaning attributed by the GDPR and apply in addition to the definitions identified in this Privacy Policy, for example:

§ Data Controller:
the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
§ Personal Data:
any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
§ Data Subject:
the identified or identifiable natural person to whom the personal data refers;
§ Processing:
any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
§ Data Processor:
a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
§ Third Party:
a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

2. Types of Personal Data

The Data Controller collects and processes personal data provided and/or indicated by Data Subjects at different times during interaction with them through the Website.

🌐 Navigation & Website Usage

System and maintenance logs: files that record interactions within the Website, including IP addresses

Usage data: collected automatically through tracking tools such as cookies, including IP addresses, URI addresses, request methods, browser characteristics, visit patterns, and geographic data

Segmentation data: cart items, wishlist additions, checkout processes, payment data, registration forms, visits, purchases, and user behavior patterns

📝 Registration & Information Requests

Personal details: name, surname, date of birth

Contact details: email address, mobile phone number

Registration data: username and password

Request data: questions, preferences, opinions related to services and products

🛒 Sales & E-commerce

Personal details: name, surname, citizenship

Contact details: email, phone, physical address

Payment data: payment methods, credit card data, PayPal details

Billing data: tax code, VAT number

Product data: type of product, purchase history

3. Purposes and Legal Bases of Processing

The Data Controller collects and processes the personal data of Data Subjects for the following purposes, relying on the following legal bases:

a. Response to Information Requests & Account Registration
Legal basis: Pre-contractual measures at the request of the Data Subject
b. Management of Website Registration
Legal basis: Performance of a contract to which the Data Subject is a party
c. Account Closure/Deletion Management
Legal basis: Performance of a contract to which the Data Subject is a party
d. Product Communications Management
Legal basis: Performance of a contract to which the Data Subject is a party
e. Payment Service Provider Relations
Legal basis: Performance of a contract to which the Data Subject is a party
f. Accounting and Tax Obligations
Legal basis: Performance of a contract / Compliance with legal obligation
g. Purchase Order Processing and Supplier Communication
Legal basis: Performance of a contract to which the Data Subject is a party
h. Invoice Processing and Management
Legal basis: Performance of a contract / Compliance with legal obligation
i. Compliance with Judicial/Administrative Orders
Legal basis: Compliance with legal obligation
l. Website Provision and IT Security
Legal basis: Legitimate interest of the Data Controller
m. IT Infrastructure Security Management
Legal basis: Legitimate interest of the Data Controller
n. Complaint and Rights Management
Legal basis: Legitimate interest of the Data Controller
o. Exercise/Defense of Legal Rights
Legal basis: Legitimate interest of the Data Controller
p. Corporate Operations Management
Legal basis: Legitimate interest of the Data Controller
q. Marketing Communications
Legal basis: Consent of the Data Subject
r. Analytics and Profiling Cookies
Legal basis: Consent of the Data Subject (via CMP)
s. Profile Creation and Personalized Communications
Legal basis: Consent of the Data Subject

4. Nature of Personal Data Provision

📋 Mandatory Data

For personal data processing necessary for legal compliance or contract performance (purposes a.-i.), provision is mandatory. Refusal would make it impossible to provide Website services.

⚖️ Legitimate Interest Data

For processing based on legitimate interest (purposes l.-p.), provision is necessary. Refusal would prevent Website availability and service provision.

✅ Optional Data

For consent-based processing (purposes q.-s.), provision is optional. Refusal does not affect Website usage or core services.

5. Processing Methods

The Data Controller processes personal data through electronic, automated, IT and telematic tools, with organizational methods and logic strictly related to the purposes indicated in this Privacy Policy and in compliance with Italian Privacy Legislation.

Security Measures: During processing, the Data Controller adopts appropriate security measures to prevent unauthorized or unlawful access, disclosure, modification or destruction of personal data.

6. Retention Period

🗂️ Account Data

Personal data for Website registration is kept until account closure. Upon closure request, accounts are deactivated within 2 days and deleted within 30 days.

📊 Legal Obligations

  • Accounting/Tax data: 10 years from invoice date
  • Website usage data: 3 years from last interaction
  • Dispute data: Until exhaustion of judicial proceedings
  • Consent-based data: Until consent withdrawal

Note: For cookie retention periods, please refer to our Cookies Policy.

7. Data Communication and International Transfers

👥 Authorized Personnel

Data Controller's personnel, duly trained and authorized, may access personal data based on the principle of minimum privilege.

🔧 Data Processors and Third Parties

Personal data may be shared with external subjects such as:

  • a) Technology service providers: Marketing services (Mailchimp), IT services (Shopify), Review services (Judge.me)
  • b) Independent controllers: Product suppliers for shipping
  • c) Advertising services: Google ads, Facebook ads, TikTok ads
  • d) Payment services: PayPal, Shopify, Apple Pay, banking institutions
  • e) Professional services: Legal, tax and commercial consultants
  • f) Legal authorities: When required by law or court proceedings
  • g) Corporate operations: In case of mergers, acquisitions, or sales

🌍 International Transfers

Personal data may be transferred outside the European Economic Area to product suppliers. When recipients are in jurisdictions without adequate protection, appropriate measures are adopted (e.g., Standard Contractual Clauses) to ensure equivalent protection.

Contact us at support@sigilmagikengine.com for information about data processors, third parties, or international transfer measures.

8. Automated Processing

The Data Controller may perform automated processing in the following circumstances:

  • 🔐 Consent management: Collecting and storing consent logs with timestamps
  • 🍪 Cookie preferences: Managing user preferences for tracking technologies
  • 🎯 Profiling: Creating user profiles for personalized communications and marketing optimization

9. Rights of Data Subjects

Data Subjects may exercise their privacy rights under Articles 7, 15 et seq. GDPR by contacting us at support@sigilmagikengine.com

🔍Right of Access

Obtain confirmation of data processing and access to personal data, including processing purposes, data categories, recipients, and retention periods.

✏️Right to Rectification

Obtain rectification of inaccurate personal data and completion of incomplete data.

🗑️Right to Erasure

Obtain erasure of personal data when no longer necessary, consent withdrawn, or processing unlawful.

🛑Right to Restriction

Obtain restriction of processing when accuracy contested, processing unlawful, or data needed for legal claims.

📦Right to Data Portability

Receive personal data in structured, machine-readable format and transmit to another controller.

Right to Object

Object to processing based on legitimate interests or for marketing purposes, including profiling.

🤖Automated Decision-Making

Right not to be subject to decisions based solely on automated processing with legal effects.

🔄Withdrawal of Consent

Withdraw consent at any time without affecting lawfulness of prior processing.

Complaint Rights: Data Subjects have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali).

10. Data Controller Contact Information

📧 Contact Details

Controller: SNAP S.r.l.s.

Registered Office: Via Luigi Settembrini n. 30, 00195 Rome, Italy

Support Email: support@sigilmagikengine.com

Business Email: snapsrls@gmail.com

11. Changes to This Privacy Policy

The Data Controller reserves the right to make changes to this Privacy Policy at any time by informing Data Subjects through updates published on the Website.

Please regularly consult this Privacy Policy page, referring to the date of last modification.

Consent Updates: If changes concern consent-based processing, the Data Controller will collect renewed consent from users where required.

🌟 Quick Links

Website: https://www.sigilmagikengine.com/

Cookies Policy: Cookies Policy

Terms & Conditions: Terms & Conditions

© 2025 Sigil Magik Engine - All rights reserved | Privacy Policy v1.0