Privacy Policy
Privacy Policy pursuant to Article 13 of EU Regulation 2016/679 (GDPR)
Last updated: 10 June 2021
1. Data Controller
The Data Controller of the personal data processed through this website is:
RISTORENT S.r.l.
Registered office: Via Comezzano 43, 25030 Castelcovati (BS) – Italy
VAT No. / Tax Code: 02857840983
E-mail: info@ristorent.com
2. Scope of this Privacy Policy
This Privacy Policy describes how personal data of users are processed when accessing and using the website www.ginfumo.it (hereinafter the “Website”).
This Privacy Policy applies only to this Website and does not cover any third-party websites that may be accessed via links on the Website, for which RISTORENT S.r.l. assumes no responsibility.
3. Types of Personal Data Processed
a) Browsing data
The IT systems and software procedures used to operate the Website collect certain personal data whose transmission is implicit in the use of Internet communication protocols.
Such data include, by way of example:
-
IP addresses or domain names of devices used by users;
-
URI (Uniform Resource Identifier) addresses of requested resources;
-
date and time of requests;
-
request methods;
-
file size obtained in response;
-
numerical codes indicating the status of the server response;
-
parameters relating to the operating system and IT environment.
These data are not collected to identify users but may allow identification through processing and association with third-party data.
b) Data voluntarily provided by the user
Browsing the Website does not require the provision of personal data.
However, personal data may be provided voluntarily by the user when:
-
registering in the “Register” section of the Website;
-
entering data in the “Information > Shipping > Payment” sections accessible from the “Cart”.
The Data Controller processes only ordinary personal data, such as:
-
first name and last name;
-
e-mail address;
-
shipping and billing address.
b.1) Payment data
Payments are processed through external payment service providers (Nexi and PayPal).
Payment details are provided directly to the payment service providers and are not processed or stored by RISTORENT S.r.l., which receives only confirmation of successful payment in accordance with the providers’ privacy policies.
c) Cookies
For information regarding the use of cookies, please refer to the Cookie Policy available on the Website.
4. Legal Basis and Purposes of Processing
Browsing data
Legal basis: legitimate interest of the Data Controller.
Purposes:
-
enable Website access and navigation;
-
ensure proper functioning of the Website;
-
ensure Website and user security;
-
generate anonymous statistical data.
Browsing data may be used to ascertain liability in the event of cybercrime against the Website.
Registration data
Legal basis: legitimate interest of the Data Controller.
Purposes:
-
user registration and account management;
-
access to reserved services;
-
order and return management;
-
customer support.
Marketing and profiling (only with explicit consent)
Subject to the user’s explicit consent, personal data may be processed for:
-
sending newsletters and promotional communications;
-
marketing activities;
-
profiling for statistical and commercial analysis aimed at improving services and offers.
Contractual data (orders and payments)
Legal basis: performance of a contract and legal obligations.
Purposes:
-
pre-contractual activities;
-
order processing and delivery;
-
invoicing and accounting;
-
compliance with civil, tax and accounting obligations.
5. Mandatory or Optional Nature of Data Provision
-
Browsing data: mandatory for technical operation of the Website.
-
Registration data: mandatory to create an account.
-
Marketing and profiling data: optional.
-
Order and payment data: mandatory to complete purchases.
Failure to provide mandatory data will prevent registration or purchase completion.
6. Processing Methods and Security Measures
Personal data are processed by authorized personnel in compliance with principles of lawfulness, fairness and transparency, using electronic and non-electronic tools.
RISTORENT S.r.l. has implemented appropriate technical and organizational security measures in accordance with Articles 24, 32 and 35 GDPR to protect data against loss, misuse, unauthorized access or disclosure.
7. Data Recipients
Personal data may be disclosed to:
-
authorized employees and collaborators of the Data Controller;
-
appointed Data Processors pursuant to Art. 28 GDPR, including:
-
Website and e-commerce platform providers (e.g. Shopify Inc.);
-
email marketing services (e.g. Mailchimp);
-
-
banks and payment service providers;
-
logistics and shipping companies;
-
public authorities, where required by law.
An updated list of Data Processors may be requested from the Data Controller.
8. Data Dissemination
Personal data will not be disseminated to the public.
9. Data Retention
Personal data will be retained for the time strictly necessary to achieve the purposes for which they are processed, in compliance with applicable laws.
Where processing is based on consent, the user may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.
10. Data Storage Location
Personal data are stored within the European Union.
11. Data Subject Rights
Users have the right to:
-
access their personal data (Art. 15 GDPR);
-
rectify inaccurate data (Art. 16 GDPR);
-
request erasure (“right to be forgotten”) (Art. 17 GDPR);
-
restrict processing (Art. 18 GDPR);
-
data portability (Art. 20 GDPR);
-
object to processing (Art. 21 GDPR).
Users also have the right to lodge a complaint with the competent Supervisory Authority or seek judicial remedy.
12. How to Exercise Your Rights
Users may exercise their rights by contacting:
📧 info@ristorent.com
📬 RISTORENT S.r.l. – Via Comezzano 43, 25030 Castelcovati (BS) – Italy
13. Changes to this Privacy Policy
RISTORENT S.r.l. reserves the right to amend this Privacy Policy.
The “Last updated” date indicates the most recent revision. Substantial changes will be communicated via the Website or other appropriate means.