Privacy Policy

With this Privacy Policy , the data controller, as defined below, provides users and visitors of the website http://www.puntocaffemassafra.com/ ("Site") with all information on the purposes for which it collects and processes their personal data, the categories of personal data being processed, the rights that are recognized to users and visitors of the Site pursuant to Regulation (EU) no. 679/2016 (so-called "GDPR") and the national legislation on data protection (collectively " Privacy Law "), and how the user and visitor to the Site can exercise these rights.

This Privacy Policy is intended to allow users and visitors to the Site to give - in an informed manner - consent to the processing of their personal data, where this is necessary on the basis of the so-called " Privacy Law".

This document can be printed using the print command present in the settings of any browser .

  1. Data Controller .

Punto Caffè di Tagliente Rosa (03126940737), in the person of its owner, current in Massafra (TA), at Via Guglielmo Marconi n. 50 (Italy - Italy ), is the owner of the processing of user / visitor data, collected through the Site (" Owner " or " Coffee Point ").

Certified e-mail address (PEC) of the Data Controller is: tagliente.rosa@pec.it

  1. Types of data collected .

The personal data of users / visitors that the Data Controller collects through the Site include:

  • personal data (name, surname, company name, date of birth, tax code, VAT number);
  • contact details (e -mail address or certified e-mail address - PEC, telephone number, physical shipping address and billing address);
  • any responses of users / visitors to the questions provided and any feedback requested by the Site through any online forms and / or surveys (hereinafter " Personal Data ").

The Personal Data listed above are collected by the Site at the time of registration on the Site, for users who register now for the first time on the Site (" User "), or when purchasing one or more of the products offered for sale. through the Site, for users not registered on the Site (" Guest ").

Unless otherwise specified on the Site, all the Personal Data requested are to be considered mandatory: it is understood that failure to provide the Personal Data marked as mandatory prevents registration on the Site or the use of the services offered therein, as well as failure to provide the Data. Personal that may be marked as optional does not prevent registration on the Site or the use of the services offered therein, but could - in any case - make their use less immediate.

This Site also uses the so-called Cookies and / or other tracking tools according to the methods and purposes described in the separate Cookie Policy (see Article 6).

The User / Guest assumes responsibility for the Personal Data of third parties that he has published or shared through this Site and guarantees to have the right to communicate or disseminate them, and to have made this Privacy Policy known to such third parties, freeing the Owner from any liability towards such third parties.

  1. Purpose and legal basis of the processing of Personal Data .

Purpose of the processing .

The Personal Data of Users / Guests will be processed by the Data Controller according to principles of necessity, data minimization, lawfulness, correctness, proportionality and transparency for the following purposes:

  1. provide the use of the Site, allow access and registration to the Site, as well as the use of the services offered through the Site, or the purchase of products online and order management and any other service that may be offered in the future through the Site of which the User / Guest requests the performance, as well as to improve the Site and the services offered therein;
  2. provide the User / Guest with the assistance service (by contacting the Owner directly), during registration on the Site and / or use of the Site and / or the services offered therein, or to resolve any reports of malfunctions and / or disputes;
  3. fulfill legal obligations, respond to requests from the competent authorities, protect their rights and interests, identify any malicious or fraudulent activities;
  4. provide the User / Guest, through the e -mail address indicated when registering on the Site or purchasing through the Site, commercial information and newsletters relating to products and services similar to those already purchased / requested by the User / Guest ;
  5. send the User advertising material and carry out promotional, marketing and / or direct sales activities of products and / or services sold and / or provided by the Owner;
  6. send the User commercial and promotional communications relating to selected third party products and / or services, with which the Data Controller may entertain legal relationships (without in this case there being communication of Personal Data to third parties);
  7. carry out any profiling activities towards the User of the Site, that is to evaluate his preferences, consumption habits and tastes, also by inviting them to participate in market research, for the subsequent sending of marketing communications

Legal basis of processing .

The aforementioned processing purposes (see section "Processing purposes", letters a - g) are processed by the Data Controller on the following legal bases:

  1. execution of the contract with the User / Guest and legitimate interest of the Owner;
  2. execution of the contract or pre-contractual measures at the request of the User / Guest and legitimate interest of the Owner;
  3. fulfillment of a legal obligation to which the Owner and / or legitimate interest of the Owner is subject;
  4. legitimate interest of the Data Controller, unless the User / Guest opposes;
  5. express consent of the User / Guest.

With reference to the purpose referred to in the aforementioned point d), the User / Guest may object to the receipt of such communications at any time, by contacting the Data Controller at the certified e-mail address (PEC) indicated in art. 1.

The contact methods aimed at direct marketing activities, on behalf of third parties and profiling as in points e), f) and g) above, may be both automated and non-automated (via e-mail , sms, push notifications, others massive messaging tools, etc ...), both traditional (telephone calls with an operator and / or postal items): in any case, however, the User / Guest may revoke their consent, even partially, for example by consenting only to traditional methods of contact.

If the User / Guest allows the profiling indicated in point g) above, it will presuppose a possible activity (including automated), in order to place the User / Guest in a category of subjects with homogeneous characteristics (in terms of purchasing preferences, product of interest and purchasing areas) on the basis of his previous purchasing experiences, of the market analyzes in which he may have participated, of his demographic class and of his activities on the Site.

Third Party Websites and Applications .

The Site may incorporate and / or - however - interact with applications and websites including third parties (" Websites and Third Party Applications " ), to make available to Users / Guests some of the ancillary services offered through the Site . and Third Party Applications are governed by their respective terms and conditions of use and privacy policies . The use by Users / Guests of Third Party Websites and Applications will be governed by the terms and conditions of use and privacy policies of such third parties, to which reference is made.

  1. Methods of processing - Recipients of Personal Data - Place and period of retention of Personal Data .

Processing methods .

The Data Controller adopts the appropriate security measures pursuant to art. 32 GDPR, aimed at preventing unauthorized access, disclosure, modification or destruction of the Personal Data of Users / Guests.

The processing is carried out on paper and / or using IT and / or telematic tools, with organizational methods and with logic strictly related to the purposes indicated in art. 3 above.

Recipients of Personal Data .

The processing of the Personal Data of Users / Guests will be entrusted, in individual operations, to the employees and / or collaborators of the Data Controller (administrative, commercial, marketing and / or system administrators), duly authorized and appointed.

Any third parties delegated by the Data Controller to process the Personal Data of Users / Guests (eg third party technical service providers, postal couriers, hosting providers , IT companies, communication agencies, etc.), will be appointed as Data Processors pursuant to art. 28 GDPR. The updated list of Data Processors can always be requested from the Data Controller, by contacting him at the PEC address indicated in the aforementioned article 1.

The Personal Data of Users / Guests may be disseminated and / or transferred outside the European Union.

Place and period of retention of Personal Data .

The Personal Data of Users / Guests will be stored on the Owner's servers , all located in the EU.

The Site may incorporate and / or interact with Third Party Websites and Applications, in order to make the accessory services offered through the Site available. The Third Party Websites and Applications are governed by their respective terms and conditions of use and related information on the privacy . The use by Users / Guests of Third Party Sites and Applications will therefore be governed by the terms and conditions of use and privacy policies of such third parties, to which reference is made and which you are invited to read.

The Personal Data of Users / Guests are processed by the Data Controller and kept for the time necessary for the purposes indicated in art. 3 above. In particular:

  • for the purposes referred to in points a), d), e), f) and g) of art. 3 above, the Personal Data of Users / Guests will be kept by the Data Controller (but not used for the purposes referred to in the aforementioned art.3, points d), e), f) and g) in case of opposition, or in case of absence. or subsequent revocation of consent) until the User / Guest deletes his account . It is understood that the Data Controller may keep the Personal Data of Users / Guests to defend their rights in relation to disputes outstanding at the time of the request or upon indication of the public authorities. The User can cancel his account or by sending an express request for the cancellation of Personal Data to the Owner (see Article 1 above);
  • for the purposes referred to in art. 3, point a) above, the Personal Data of Users / Guests will be kept until the execution of the existing contract or pre-contractual measure is completed. For the purposes referred to in art. 3, point d) above, the Personal Data of Users / Guests will be kept, except in the case of opposition, as long as the legitimate interest of the Owner persists. The Personal Data of the Guest will not be processed - and, therefore, stored - for the purposes referred to in art. 3, points e), f) and g) above;
  • for the purposes referred to in art. 3, point (b) above, the Personal Data of Users / Guests will be kept for the time strictly necessary to resolve the request for assistance, report and / or dispute and provide Users / Guests with feedback. Even in this case, however, it remains understood that the Data Controller may keep the Personal Data, within the limits of the law, to defend their rights in relation to existing disputes or on the recommendation of the public authorities;
  • for the purposes referred to in art. 3, point c) above, the Personal Data of Users / Guests will be kept by the Data Controller as long as the need for processing persists to fulfill these legal obligations.

At the end of the retention period, the Personal Data will be deleted: at the end of this term the right of access, cancellation, rectification and the right to the portability of the Personal Data can no longer be exercised.

  1. Rights of the User / Guest .

Users / Guests can exercise certain rights with reference to the Personal Data processed by the Owner. In particular, the User / Guest has the right to:

  • obtain information in relation to the purposes for which your Personal Data are processed, the period of processing and the subjects to whom the Personal Data are communicated (so-called right of access);
  • obtain the correction or integration of inaccurate Personal Data concerning him (so-called right of rectification);
  • obtain the cancellation of Personal Data concerning him in the following cases:
  1. the Personal Data are no longer necessary for the purposes for which they were collected;
  2. has withdrawn his consent to the processing of Personal Data, if they are processed on the basis of his consent;
  3. has opposed the processing of personal data concerning him, in the event that they are processed for a legitimate interest of the owner;
  4. the processing of your Personal Data does not comply with the law (so-called right of cancellation): the retention of Personal Data by the Owner is lawful if it is necessary to allow him to fulfill a legal obligation or to ascertain, exercise or defend a right in the judicial;
  • obtain that the Personal Data concerning him are only stored without any other use being made of them in the event that:
  1. should contest the accuracy of your Personal Data, for the period necessary to allow verification of the accuracy of such Personal Data;
  2. the processing is unlawful, but in any case opposes the cancellation of your Personal Data by the Data Controller;
  3. the Personal Data is necessary for the ascertainment, exercise or defense of a right in court;
  4. has opposed the processing and is awaiting verification of the possible prevalence of the legitimate reasons of the Data Controller with respect to those of the interested party (so-called right of limitation);
  • receive the Personal Data concerning him in a commonly used format, readable by an automatic and interoperable device (so-called right of portability).
  • obtain the termination of the processing in cases where your data are processed for the purposes of commercial communications / newsletters relating to products or services identical to those already purchased / provided by the Data Controller (so-called right of opposition);
  • withdraw your consent to the processing of Personal Data at any time, without prejudice to the lawfulness of the processing based on consent before the revocation.

How to exercise your rights .

To exercise the rights listed above, Users / Guests can send a request to the contact details of the Data Controller indicated in the aforementioned article 1: requests are filed free of charge and processed by the Data Controller as soon as possible. The User / Guest has the right to contact the Guarantor for the protection of personal data, based in Piazza di Monte Citorio, 121 - 00186 Rome (ROME), to assert his rights in relation to the processing of his Personal Data from part of the Owner.

  1. Cookie Policy .

This Website uses Cookies and other tracking tools, for which the User / Guest can consult the relative Cookie Policy .

  1. Changes to the Privacy Policy .

Without prejudice to the fact that the Data Controller in any case does not proceed with processing operations other than those expressly authorized and / or requested by the Users / Guests, this Privacy Policy may be subject to changes to comply with new provisions of the law, with the changed policies of processing of Personal Data by the Owner and / or following the modification of the characteristics of the Site and / or the services offered therein. Each updated version of this Privacy Policy will be made available on the Site in the dedicated section.

The Data Controller therefore invites Users / Guests to periodically consult the Privacy Policy published on the Site to always be informed of the latest published version.