PRIVACY NOTICE (pursuant to Article 13 GDPR)
Data controller
Dario Cecchini SRL, con sede in Via XX Luglio n.11 – 50022 Panzano in Chianti (FI) – Italia.
Email info@dariocecchini.com – pec dariocecchinisrl@cgn.legalmail.it
Personal data we process
We process common personal data (e.g. first name, last name, address, tax code/VAT number, phone number, email address and the data necessary to manage the order). The user may also provide data relating to third parties (e.g. a voucher recipient) under their own responsibility.
Why we process personal data (purposes and legal basis)
- Purchasing and order management/shipping/assistance (possibly also for third-party beneficiaries): to fulfill the order, ship the products, manage payments, returns, and assistance. Legal basis: Article 6(1)(b) GDPR.
- Gift voucher management (meal vouchers): Voucher recipients’ data will be used exclusively to personalize the vouchers, to prevent them from being used by unqualified recipients. Legal basis: Article 6(1)(b) GDPR.
- Requests via forms/contacts: to respond to information or support requests sent by the user. Legal basis: Article 6(1)(b) GDPR.
- Website security and browsing logs: technical data (e.g. IP address and server logs) used for security and the proper functioning of the website. Legal basis: Article 6(1)(f) GDPR.
How long do we retain data?
– Request/contact data: retained to manage the message and deleted within 6 months.
– Data relating to gift voucher recipients: retained to manage the gift and deleted within 24 months.
– Data relating to purchases: retained for the period required by tax regulations (10 years), barring disputes.
– Security logs (e.g., IP address): retained for 6 months.
To whom we disclose data
The data may be processed by providers acting as data processors, specifically:
– hosting and infrastructure provider (Aruba S.p.A.);
– payment service provider (PayPal).
The data may also be processed by authorized/designated personnel. The updated list of data processors may be requested from the Data Controller.
Where personal data is processed
Processing mainly takes place on servers located in the European Union. For certain services (e.g. payments via PayPal), data may also be processed outside the European Economic Area: in such cases, transfers are carried out in compliance with the safeguards provided for by Chapter V GDPR (e.g. adequacy decisions or Standard Contractual Clauses).
Data Subject Rights
You may exercise the rights set forth in Articles 15–22 of the GDPR (access, rectification, erasure, restriction, objection, and data portability where applicable) by writing to info@dariocecchini.com. You may also lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali).
The full text of EU Regulation 2016/679 and applicable national data protection laws are available on the website www.garanteprivacy.it.