Privacy Policy pursuant to Articles 13 and 14 GDPR
Data Controller:
(Name of the company / individual owner)
Address: Via Agostino Stellato 36/42, 81054 San Prisco (CE), Italy
Email: info@pietrangioli.it
Phone: 0823 797878
No Data Protection Officer has been appointed as it is not required under current legislation.
Last updated: December 4, 2025
1. Personal data we collect and how
Depending on the active functionalities on the site, we collect the following categories of data:
- Identification and contact data: first and last name, address, email, phone number, billing/shipping address, tax ID/VAT number (if required for invoicing).
- Order and payment data: information provided for purchases, payment method, billing data.
- Access and browsing data: IP address (if necessary), server logs, session data, technical cookies required for website operation (cart, login, session, language, security, preferences).
- Data for additional services (if active): newsletter, account registration, contact forms, customer support, returns, complaints.
- If active: analytics, marketing, remarketing, tracking — only after explicit user consent.
2. Purpose of processing and legal basis
Purpose / Data processed / Legal basis:
- Execution of sales/purchase/service contracts: Identification, contact, payment, shipping, invoicing, operational logs — Contractual necessity (Art. 6(1)(b) GDPR)
- User account management, login, access: Login, session, contact data — Contractual necessity / service execution
- Communication with the user: orders, shipments, assistance, mandatory communications: Contact data, order history — Contractual necessity / pre-contractual obligations
- Legal and fiscal compliance: Billing/shipping data, mandatory document retention — Legal obligation (Art. 6(1)(c) GDPR)
- Technical functioning of the website: sessions, security, language/currency preferences, cart — Technical cookies, session data, server logs — Legitimate interest of the controller (Art. 6(1)(f) GDPR)
- Anonymous statistics / analytics / service improvement (if active): Browsing data — only after explicit consent — User consent (Art. 6(1)(a) GDPR)
- Direct marketing / newsletter / promotions (if active): Email, name, preferences — only with explicit consent — User consent (Art. 6(1)(a) GDPR)
3. Data retention period
- Order and billing data: retained according to legal/fiscal obligations (e.g., 10 years) or as needed for order management.
- Account/registration data: retained as long as the user keeps the account, unless deletion is requested.
- Server logs and session data: only as long as necessary for technical operation, unless legal or security requirements apply.
- Marketing/analytics data: retained until consent is withdrawn.
4. Recipients / categories of recipients
Personal data may be shared with:
- Companies providing shipping, logistics, courier services — to process orders and shipments.
- Payment service providers (e.g., payment gateways, banks) — to process payments.
- IT / hosting / server / backup / security / website maintenance providers — as data processors.
- Tax / accounting consultants (for invoicing, accounting, legal obligations).
- If active and with consent: analytics services, newsletter platforms, marketing tools, social plugins, third-party marketing or advertising service providers.
All third parties are bound by written agreements to comply with GDPR data protection requirements.
5. International data transfers
If data is transferred outside the European Union (e.g., payment services, analytics, hosting, external platforms), adequate protection will be ensured using appropriate legal instruments (e.g., Standard Contractual Clauses, adequacy decisions, where applicable). Transfers will be indicated in this notice, and users may request copies of the safeguards adopted.
6. Data subject rights
Users can exercise their GDPR rights at any time:
- Right of access: know which personal data is processed about them.
- Right to rectification: correct inaccurate or incomplete data.
- Right to erasure (“right to be forgotten”): request removal of personal data where applicable.
- Right to restriction of processing: request suspension of processing in certain cases.
- Right to object: object to processing for legitimate interests, marketing, profiling.
- Right to data portability: receive their data in a structured format if processing is based on consent or contract.
- Right to withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.
- Right to lodge a complaint with a supervisory authority (in Italy: Garante per la protezione dei dati personali) if they believe processing is not compliant with GDPR.
To exercise these rights, contact the Data Controller at the email address above.
7. Mandatory or optional provision of data
Data required for contract execution or legal obligations (order, payment, shipping, invoicing) is mandatory: failure to provide it prevents order fulfillment or service delivery. Other data (e.g., marketing, newsletter, analytics) is optional and processed only with explicit user consent.
8. Cookies and other tracking tools
For non-essential cookies or tracking tools, it is mandatory to:
- Display a banner / cookie wall at first access, allowing free and informed choice before activating non-essential cookies.
- Provide an extended notice (Cookie Policy) describing which cookies/tools are used, purpose, duration, involved third parties, and how to refuse.
In Italy, it is strongly recommended to keep the Privacy Policy separate from the Cookie Policy and other legal documents.
9. Data security
We adopt adequate technical and organizational measures to protect personal data from unauthorized access, loss, alteration, or disclosure, following the principles of integrity, confidentiality, and protection.
10. Changes to this privacy notice
This notice may be updated at any time. In case of significant changes (e.g., new processing activities or services), the “last updated” date will be indicated, and, if necessary, consent will be requested again for processing that requires it (e.g., cookies, marketing).