Privacy Policy

This information is provided pursuant to Regulation (EU) 2016/679 (“GDPR”) and Legislative Decree 196/2003, as amended, (“Privacy Code”), and describes how we process the personal data of users who visit and use the rionerocaffe.it website and its online shop.

1. Data controller

The Data Controller is:

RIONERO SRL
Registered office: Via G. Mazzini 15 – 80053 Castellammare di Stabia (NA) – Italy
VAT No. / Tax Code: 08525151216
Email: info@rionerocaffe.it
PEC: rionero@pecimprese.it

The Data Controller has not currently appointed a Data Protection Officer (DPO).

2. Type of data processed

2.1 Browsing data

The computer systems and software procedures that govern the operation of the site acquire, during their normal operation, some personal data whose transmission is implicit in the use of internet communication protocols (e.g., IP addresses, time of request, page requested, browser type). This data is used solely to obtain anonymous statistical information on site usage and to monitor its proper functioning and security.

2.2 Data provided voluntarily by the user

This is the personal data entered by the user during:

• registering an account on the site;
• purchasing products and completing the checkout;
• request for information via contact form or email;
• newsletter subscription (if active);
• interactions with customer service.

For example: name, surname, shipping and billing address, tax code or VAT number if required for billing, telephone number, email address, order data and purchase history.

2.3 Payment data

Payments are handled through third-party providers (e.g., credit card networks, PayPal, and other payment gateways). The Owner does not store complete payment card details, but receives only the limited information necessary to process the transaction (outcome, transaction ID, and any last digits of the card).

2.4 Cookies and other tracking tools

The site uses technical, statistical, and, with your consent, profiling and marketing cookies. For more information, please consult the Cookie Policy.

3. Purposes and legal bases of the processing

Personal data is processed for the following purposes and on the following legal bases:

• Website navigation management, security, and abuse prevention : the Data Controller's legitimate interest in ensuring the proper functioning and security of the website.
• Account registration and customer profile management : execution of pre-contractual measures and the sales contract.
• Order management, payments, invoicing, shipping, and after-sales support : execution of the sales contract and fulfillment of legal obligations in tax and accounting matters.
• Response to requests for information : execution of pre-contractual measures and legitimate interest of the Data Controller in responding to requests.
• Sending newsletters and promotional communications about products and offers : explicit user consent or "soft spam" within the limits permitted by law for existing customers.
• Aggregate statistical analysis of site traffic (analytics) : user consent when required.
• Marketing and profiling activities via cookies : user consent.

4. Nature of the data provision

Providing data marked as mandatory during registration or checkout is necessary to complete the purchase of products. Failure to provide this data will prevent the contract from being concluded. Providing data for marketing purposes and for the use of non-technical cookies is optional. Failure to provide consent will not affect your ability to use the site or make purchases.

5. Methods of processing

Personal data is processed using computerized and electronic means, in accordance with the principles of lawfulness, fairness, transparency, data minimization, and security. The Data Controller adopts appropriate technical and organizational measures to prevent loss, misuse, or unauthorized access to data.

6. Data recipients

Personal data may be disclosed to:

• IT, hosting, website maintenance and e-commerce platform providers;
• payment service providers and credit institutions;
• couriers and shipping agents responsible for delivering the products;
• accounting, tax, and legal consultants, to the extent necessary to fulfill legal obligations;
• competent authorities, where required by regulatory provisions or orders of the authority.

These entities process the data as independent data controllers or as data processors appointed pursuant to Art. 28 GDPR.

7. Transfer of data outside the European Economic Area

The site uses services and platforms that may involve the transfer of personal data to countries outside the EU. In such cases, the transfer is carried out in compliance with the GDPR, based on adequacy decisions, standard contractual clauses, or other appropriate safeguards required by law.

8. Retention period

• Browsing data: retained for a maximum period of 24 months, except for any needs related to security or legal defense.
• Order and billing data: retained for the time necessary to execute the contract and for the subsequent 10 years in compliance with legal obligations.
• Account data: retained as long as the account remains active or until you request deletion.
• Data used for marketing purposes: retained until consent is revoked or deletion is requested.
• Data collected via cookies: stored as indicated in the Cookie Policy.

9. Rights of interested parties

As a data subject, you may exercise the following rights at any time:

• right of access to personal data;
• rectification of inaccurate data or integration of incomplete data;
• erasure of personal data in the cases provided for (“right to be forgotten”);
• limitation of processing;
• data portability;
• objection to processing based on legitimate interest;
• withdrawal of consent, without prejudice to the lawfulness of the processing based on consent before its withdrawal.

Requests can be sent to info@rionerocaffe.it or to PEC rionero@pecimprese.it.

Complaint to the Supervisory Authority

If you believe the processing of your personal data violates applicable law, you may file a complaint with the Italian Data Protection Authority (www.garanteprivacy.it) or another competent supervisory authority.

10. Changes to this policy

The Data Controller reserves the right to modify this Privacy Policy at any time. Changes will be posted on this page and, if relevant, communicated to users. Please consult this section regularly.