Skip to Content

PRIVACY POLICY – GDPR (EU Reg. 2016/679)

1. Data Controller2. Types of data processed3. Purposes of processing4. Legal basis5. Processing methods6. Recipients and categories of subjects who may access the data7. Data retention8. Rights of the data subject9. Data transfer outside the EU10. Data Protection Officer (DPO)

1. Data Controller

The Data Controller is:[Company Name], with registered office at[Full Address], VAT[Number]. Contact email:[Email]– Phone:[Number].

2. Types of data processed

a) Identifying and business data

  • Company name

  • First and last name of the contact person

  • VAT number or Tax Code

  • Address, phone, email

  • Billing and delivery data

b) Navigation data

  • IP addresses

  • Access logs

  • Device identifiers

  • Anonymous or aggregated usage statistics

c) Data related to orders and payments

  • Purchase history

  • Amounts

  • Payment methods (we never store cards)

d) Data collected through cookies

(see Cookie Policy)

3. Purposes of processing

Data is processed for:

  1. Order management, deliveries, billing.

  2. Website registrationand VAT verification.

  3. Administrative, tax, and accounting management.

  4. Commercial or informational communications.related to products (only with prior authorization).

  5. Fraud protection and site security.

  6. Legal obligationsand food industry regulations.

  7. Anonymous statistical analysesto improve services.

4. Legal basis

The processing is based on:

  • Art. 6(1)(b) GDPR– Performance of a contract (order management).

  • Art. 6(1)(c)– Legal obligations.

  • Art. 6(1)(f)– Legitimate interest (security and prevention of abuse).

  • Art. 6(1)(a)– Consent (newsletter, non-technical cookies).

5. Processing methods

Data is processed using digital and paper tools, in compliance with the principles of lawfulness, fairness, transparency, and minimization.

Appropriate security measures are taken to prevent loss, theft, or unauthorized access.

6. Recipients and categories of subjects who may access the data

Data may be communicated to:

  • couriers and transporters

  • tax consultants/accountants

  • providers of management software

  • hosting providers and site maintenance

  • banks or payment services

  • competent authorities if required by law

7. Data retention

Accounting and tax data:10 years

Inactive customer account:max 36 months, unless required by law

Cookie: according to their respective technical times (see cookie policy)

8. Rights of the data subject

The user can exercise the following rights (art. 15–22 GDPR):

  • access

  • rectification

  • deletion (right to be forgotten)

  • restriction of processing

  • data portability

  • objection

  • withdrawal of consent at any time

Requests to be sent to:[Company email].

9. Data transfer outside the EU

If the site uses services that transfer data outside the European Union (e.g. Google, Meta, cloud services), the transfer will occur with appropriate safeguards provided by the GDPR (SCC – Standard Contractual Clauses).

10. Data Protection Officer (DPO)

“Not provided”.