Privacy Policy
Dear User,
Casa del Caffè Vergnano S.p.A. has developed the following Privacy Policy according to the European General Data Protection Regulation (“GDPR”) 2016/679, articles 13 and 14, as Data Controller and owner of this site and its subdomains.
Casa del Caffè Vergnano S.p.A. is located in Italy (Santena, province of Turin). This means that, even if the website and e-commerce (which is entirely managed by a third-party supplier) https://www.caffevergnano.us are dedicated to an audience located in the United States of America, users can enjoy the laws about the protection of personal data provided by the European Regulation 2016/679.
We inform users that, regarding the processing of personal data carried out through this website and the related third-level domains (hereinafter for brevity also "the Site" and/or "the Sites") without extending to other websites possibly reached by the user via referral links inserted within it.
The processing of personal data takes place in compliance with current legislation on the protection of personal data and is based on the principles of correctness, lawfulness, transparency and data protection.
Data Controller
Data Controller is:
Casa del Caffè Vergnano S.p.A. located in Santena (TO), S.S. Torino-Asti, km 20 – 10026. Our contact dedicated to the exercise of personal data is [email protected]. Please refer to this mail address exclusively for "my rights regarding the protection of personal data" section.
Casa del Caffè Vergnano S.p.A. has also nominated as Data Protection Officer Spaziottantotto S.r.l., located in Turin (TO), Corso Ferrucci 77/9 – 10138. You can contact the DPO at the following e-mail [email protected]
My rights regarding the protection of personal data
At any time, you can: exercise your rights (access, rectification, cancellation, limitation, portability, opposition, absence of automated decision-making processes) when provided for in relation to the data controller, pursuant to articles. from 15 to 22 of the GDPR (at this link, you will be able to consult the Regulation - 2016/679 - EN - gdpr - EUR-Lex (europa.eu)); lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it); if the processing is based on consent, revoke this consent given, taking into account that the revocation of consent does not affect the lawfulness of the processing based on consent before the revocation.
Any request regarding the exercise of your rights must be addressed to the Data Controller by e-mail at the address [email protected]
E-commerce – Terms and Conditions of the Site for the processing of personal data
The following information is intended for all users who visit and interact with the e-commerce site https://www.caffevergnano.us.
Casa del Caffè Vergnano S.p.A. manages the initiatives and contents that can be included on this website. Order management, product sales, and delivery, as well as warranties, returns and refunds management have been outsourced to a dedicated third-party supplier. The legal and commercial relationships arisen during the purchase of the products within this e-commerce are therefore delegated to the terms and conditions of the supplier, which the user signs during the checkout phase.
Casa del Caffè Vergnano S.p.A. does not control nor is responsible for the supply of goods or services offered by the e-commerce manager, nor the payment data transactions that are made by the user during checkout. In the event of a complaint or other request relating to these areas, write an email to [email protected]
In terms of privacy and limited to this aspect, in order to access the purchase of products on this website, it is not necessary to register on the e-commerce site, as you can check out the order directly. The site allows you to purchase products without prior registration and creation of an e-commerce account.
The Data Controller will process the personal data provided by the user at the time of registration and for the possible conclusion of the online purchase contract of a product, in compliance with the provisions of EU Regulation 679/2016 (GDPR) and the relevant legislation in force on the matter.
This is the data processed for the management of carts, orders and any registered user profile and includes personal details, addresses, purchase list, reports and notes. The personal data provided is also processed through delegated third parties (companies for home delivery, mailing and data entry) for the administrative management of orders and purchases; the management of any participation in loyalty programs; the processing of anonymous statistics linked to the detection of purchasing behaviour; with prior consent, the sending of advertising material relating to products and offers, possibly through the use of e-mail or telephone messages.
Furthermore, during free navigation within the e-commerce and, following registration, during the period of access to the personal area of the e-commerce, the interested party's browsing data will be collected for the sole purpose of obtaining anonymous statistical information on the use of e-commerce and to check its correct functioning, without associating them with data from other sources but reserving the right to verify them retrospectively if concrete indications of illegal use are brought to our attention. As regards the use of Cookies, within e-commerce and within the personal area of the e-commerce, the interested party is asked to read the website cookie policy.
The transfer, storage and processing of the interested party's data collected through e-commerce are ensured through appropriate technical and security measures. All the interested party's information is protected with the access keys that the user has chosen, the passwords are not recorded in clear text but rather protected with MD5 technology. Furthermore, e-commerce is provided over an HTTPS encrypted connection.
Sources and categories of personal data
Personal data held by Casa del Caffè Vergnano S.p.A. are collected directly from the data subject. This site does not collect data belonging to particular categories of data, which means those suitable for revealing racial or ethnic origin, philosophical or other religious beliefs, political opinions, membership of trade unions, associations or organizations of a religious, philosophical, political or trade union, the state of health and sexual life.
Cookie
This site and its subdomains save cookies on the user’s browser for the transmission of personal information and to enhance the experience. In fact, cookies are small text strings that the sites visited by the user send to his terminal (usually to the browser), where they are stored, sometimes even with long-term persistence characteristics, to then be re-transmitted to the same sites at the next visit.
Further details as well as the possibility to modify your consent to the use of cookies are available by consulting the website cookie policy.
Navigation data
The systems, computer procedures, and protocols that manage this website acquire a series of data related to your identity. This information is not collected to be associated with identified interested parties, but by their very nature could, through processing and associations with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's IT environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.
This site uses SSL or TLS encryption for security purposes and to protect the transmission of confidential content, such as requests you send to us as a site operator. You can recognize an encrypted connection in your browser's address line when it changes from "http://" to "https://" and the lock icon appears in your browser's address bar. If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.
Profiling data
The website of Casa del Caffè Vergnano S.p.A. can acquire information based on preferences, habits or interest and behaviors expressed by the data subject while browsing the site or through the analysis of orders, only if a specific consent is given, and for the purpose of sending commercial communications deemed in line with the interests of the user.
In the absence of such consent, which can be given during the filling of the contact forms, Casa del Caffè Vergnano S.p.A. will not send detailed commercial communications. Is also possible that through links or by incorporating third-party elements, this information is acquired by independent or separate parties. In this regard, see the section “What cookies are present on the site https://www.caffevergnano.us“ in the website cookie policy.
Data provided voluntarily by the user
The optional, explicit and voluntary sending of electronic mail to the addresses indicated on the Site involves the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data included in the email.
The explicit and voluntary sending of the forms that can be filled on the site, containing data of the interested party also involves processing to follow up on pre-contractual obligations or the execution of the services envisaged with the sending of the forms.
This information may concern personal details, contact details, telephone numbers, accommodation facility, e-mail addresses of the interested parties and of identifying and identifiable third parties having legal rights with the user of the site.
The User assumes responsibility for the personal data of third parties obtained, published or shared through this Site and guarantees that he or she has the right to communicate or disseminate them, freeing the Casa del Caffè Vergnano S.p.A. from any liability towards third parties
Newsletter, Mailing-list
The e-mail contacts used to send communications from the site come from voluntary registrations by the recipient who is always subjected to a confirmation request, as well as from information acquired in the context of the sale of products or services of the Owner or in any case similar. This includes the sending of information, promotional communications and material. In the event that the communications are not of interest to the recipient, it is possible to avoid any further contact by clicking the appropriate link contained in each message, or by writing to the contact details at the bottom exercising your right to unsubscribe from the newsletter.
Contact form
By filling in the contact form with their data, the user consents to their use to respond to requests for information, quotes, or any other nature requested via the contact form. Any interest in collecting and/or recording particular or judicial data is excluded; therefore, we invite you not to provide this information when filling out the contact form. In the event that the user voluntarily communicates his/her personal data belonging to particular categories (e.g. regarding the state of health), in this case the undersigned organization will proceed with the cancellation if it does not jeopardize the processing of the data.
Reserved area
The information that the user uploads to the reserved area is protected by encryption and authentication systems and is accessible only to authorized users, i.e. the directly interested parties and/or the intermediaries involved. This information is not subject to dissemination operations. The Data Controller does not intentionally collect or store personal data from individuals under the age of 18, nor does it intentionally allow such minors to use the Site. Users under 18 are asked not to register on the Site and not to provide personal data.
Purposes and legal bases of the processing
Your personal data are used to:
- allow navigation on the site (ref. art.6 par..1 letter f) of the GDPR);
- possibly to perform the service or provision requested as part of the normal activity carried out by the undersigned organization (ref. art.6 par.1 letter b) of the GDPR), by way of non-exhaustive example:
- allow registration to e-commerce and manage access to the related services;
- allow and facilitate the purchase of products online and the possible conclusion of the purchase contract via e-commerce;
- maintain and manage the account created following registration;
- store data and information in the created account (e.g. personal data, history of orders/purchases/returns, preferred delivery and billing addresses);
- allow you to put products in the cart and conclude the purchase contract via e-commerce;
- allow and facilitate the purchase of products online and the possible conclusion of the purchase contract via e-commerce for those who use the "Purchase as guest" service by not registering on the e-commerce;
- execute the purchase contract and the related purposes and fulfill all legal obligations connected thereto;
- delivery of the products sold by courier;
- general assistance and customer care activities.
- for purposes related to obligations established by law, as well as by provisions issued by authorities legitimized to do so by law (ref. art. 6 par. 1 letter c) of the GDPR), by way of non-exhaustive example:
- execution of administrative and/or accounting and/or fiscal obligations, connected to the provision of e-commerce services and/or the concluded purchase contract (e.g.: keeping the accounting records and issuing the invoice sales);
- for the assessment, exercise or defense of a right in court and out of court (legitimate interest) of the undersigned organization (ref. art. 6 par. 1 letter f) of the GDPR);
- for functional purposes, according to the legitimate interest of the Data Controller in particular; for navigation and usage logs to protect the site and the service from cyber-attacks, identify any malicious or fraudulent activities (ref. art. 6 par. 1 letter f) of the GDPR.
- for direct marketing purposes according to the consent given by the data subject (ref. art. 6 par. 1 letter a) of the GDPR) or the legitimate interest of the Data Controller (ref. art. 6 par. 1 letter f) of the GDPR). In particular; for cookies, the advertising ids used to show advertising and announcements; for e-mail addresses for sending (newsletters) information regarding initiatives, events and communications of a commercial, promotional, sale of services nature and measurement of the degree of satisfaction by the Data Controller.
Consequences of refusing to provide data
The provision of the data collected from the interested party is optional but essential for the purpose of processing the same for the purposes in letters a) and b). In the event that the interested parties do not communicate their essential data and do not allow the processing, it will not be possible to proceed with the completion and implementation of the proposed services and follow up on the contractual obligations undertaken, with consequent prejudice to the correct fulfillment of regulatory obligations, such as for example accounting, fiscal and administrative ones, etc.
Apart from what is specified for navigation data, the user is free to provide personal data for cookies and specific requests via forms e.g. on products and/or services. Failure to provide them may make it impossible to obtain what is requested. For all non-essential data, including those belonging to categories, the provision is optional. In the absence of consent or incomplete or incorrect provision of certain data, including those belonging to particular categories, the required obligations could be so incomplete as to cause prejudice either in terms of sanctions or loss of benefits, or due to the impossibility of guaranteeing the congruity of the processing itself with the obligations for which it is carried out, and for the possible mismatch of the results of the processing itself with the obligations imposed by the legal provisions to which it is addressed, meaning that the undersigned organization is exempted from any and all liability for any sanctions or afflictive measures.
Data processing methods
The processing connected to the site's web services is conducted with automated tools for the time strictly necessary to achieve the purposes for which they were collected; they take place at the hosting service located in the United States of America and are handled only by technical personnel in charge of processing, or by any persons in charge of maintenance and administration operations. Specific security measures are observed to prevent data loss, illicit or incorrect use, unauthorized access, and loss of confidentiality.
Data processing involves the collection, recording, organization, storage, processing, modification, cancellation, and destruction or the combination of two or more of these operations. In relation to the aforementioned purposes, the processing of personal data takes place using manual, IT, and telematic tools, with logic strictly related to the purposes themselves and, in any case, to guarantee security and confidentiality, personal data will be processed in compliance with the methods indicated in Article 5 of EU Regulation 2016/679. This regulation provides, among other things, that data be processed lawfully and correctly, collected and recorded for specific, explicit, and legitimate purposes, accurate, and if necessary updated, relevant purposes, complete and not excessive in relation to the purposes of the processing, respecting the fundamental rights and freedoms, as well as the dignity of the interested party with particular reference to confidentiality and personal identity, through protection and security measures.
The undersigned organization has prepared and will further improve the data access and storage security system. An automated decision-making process (e.g. profiling) is not carried out by default. If the data subject gives specific consent, it will be possible for Casa del Caffè Vergnano S.p.A. to provide commercial communications based on preferences, habits, and behaviors.
Transfers outside the European Union
The processing will mainly take place within the United States of America but could also take place in Italy if deemed functional to the efficient fulfillment of the purposes pursued in compliance with the guarantees in favor of the interested parties.
Finally, processing that takes place in non-EU and non-EEA countries when, at the request of the interested party, connections to the site come from such countries, is outside the responsibility of the Data Controller.
Data retention period
Personal data will be retained, in general, as long as the purposes of the processing continue according to the category of data processed. The Data Controller may be obliged to retain personal data for a longer period in compliance with a legal obligation or by order of an authority.
Categories of recipients
The data (only the essential ones) are communicated:
- to persons in charge and responsible for processing, both internal to the undersigned organization and external, who carry out specific tasks and operations (site administration, analysis of navigation and traffic data, management of e-mails and forms sent voluntarily by the user, processing e-commerce requests and orders and supporting e-commerce services, etc.);
- in the cases and to the subjects provided for by law.
The data will not be disclosed unless otherwise provided by law or subject to anonymization. Without prejudice to what is specified for cookies and third-party elements, without the prior general consent of the interested party to communications to third parties, it will be possible to proceed exclusively with services that do not provide for such communications. If necessary, specific and timely consent will be requested and the subjects who receive the data will use them as independent data controllers.
In some cases (not subject to the ordinary management of this site) the Authority may request news and information for the purposes of controlling the processing of personal data. In these cases the response is mandatory under penalty of administrative sanction.
Information format
This privacy policy can be consulted automatically via any browser for Internet browsing. In any case, please report any difficulties encountered in viewing this information in order to be able to provide alternative means if necessary. This document will be subject to updates; It is the user's responsibility to consult the document and its updates.