PRIVACY POLICY OF THE WEBSITE WWW.CAFFEVERO.IT

This Privacy Policy describes how the website www.caffevero.it (hereinafter referred to as
the “Website”) is managed with regard to the processing of personal data of users who consult it and use its services. The information is provided pursuant to Article 13 of Regulation (EU) 2016/679 (hereinafter “GDPR”) to those who interact with the web services of Coffee Company S.p.A.
This policy is provided only for the Site in question and not for other websites that may be consulted by the user via links.

1. DATA CONTROLLER

The data controller is:
Coffee Company S.p.A.
Registered office: Via del Commercio, 1 – 36100 Vicenza (VI), Italy
Contact email: marketing@caffevero.it

2. TYPES OF DATA COLLECTED

Among the Personal Data collected by this Website, either independently or through third parties, there are: Tracking Tools, Usage Data, first name, last name, telephone number, email address, company name, geographical location, browsing data, session statistics, device and browser information, search history, interests, clicks, pages visited (pageviews) and referring URLs.
Personal Data may be freely provided by the User or, in the case of Usage Data, collected automatically when using this Site.
Unless otherwise specified, all Data requested by this Website is mandatory.
If the User refuses to provide them, it may be impossible for this Website to provide the Service.
In cases where this Website indicates that certain Data is optional, Users are free to refrain from communicating such Data, without this having any consequence on the availability of the Service or its operation.
Any use of Cookies – or other tracking tools – by this Website or by the owners of third-party services used by this Website, unless otherwise specified, is for the purpose of providing the Service requested by the User, in addition to the further purposes described in this document and in the Cookie Policy.

3. PURPOSE AND LEGAL BASIS OF THE PROCESSING

User Data is collected to allow the Data Controller to provide its Services, comply with legal obligations, respond to requests or enforcement actions, protect its rights and interests (or those of Users or third parties), identify any malicious or fraudulent activities, as well as for the following purposes:

  • Management of the online store and provision of requested services: to manage purchase orders, the creation and management of user accounts, payments, shipments and customer support. The legal basis is the performance of a contract to which the data subject is party or the performance of pre-contractual measures (Art. 6, para. 1, letter b, GDPR).
  • Marketing and Commercial Communications: subject to specific and optional consent, to send newsletters, commercial communications, promotional material and to implement inbound marketing strategies relating to the Data Controller’s products and services. The legal basis is the consent of the data subject (Art. 6, para. 1, letter a, GDPR).
  • Statistics and Analysis: to monitor and analyse traffic data and to track User behaviour in aggregate and anonymous form (where possible) or even individually. The legal basis may be the Data Controller’s legitimate interest in improving its services (Art. 6, para. 1, letter f, GDPR) or the consent of the data subject for non-anonymised tools.
  • Remarketing and Profiling: to show personalised advertisements based on the interests expressed by the User while browsing. The legal basis is the consent of the data subject (Art. 6, para. 1, letter a, GDPR).
  • Interaction with external platforms: to view content hosted on external platforms and interact with it. The legal basis is the legitimate interest of the Data Controller in improving the presentation of the Website (Art. 6, para. 1, letter f, GDPR).
  • Compliance with legal obligations: for purposes related to obligations under laws, regulations or EU legislation, as well as provisions issued by authorities authorised to do so. The legal basis is the need to comply with a legal obligation (Art. 6, para. 1, letter c, GDPR).

4. METHODS, PLACE OF PROCESSING AND SECURITY MEASURES

The Data Controller takes appropriate security measures to prevent unauthorised access, disclosure, modification or destruction of Personal Data.
The processing is carried out using IT and/or telematic tools, with organisational methods and logic strictly related to the purposes indicated. In addition to the Data Controller, in some cases, other parties involved in the organisation of this Website (administrative, commercial, marketing, legal, system administrators) or external parties (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) may have access to the Data, also appointed, if necessary, as Data Processors by the Data Controller.
The Data is processed at the Data Controller’s operating offices and in any other place where the parties involved in the processing are located. The User’s Personal Data may be transferred to a country other than the one in which the User is located. Some of the third-party services listed below may transfer data outside the European Economic Area (EEA). For further information, please refer to the privacy policies of the individual services.

5. RETENTION PERIOD

The Data is processed and stored for the time required for the purposes for which it was collected.

  • Personal Data collected for purposes related to the performance of a contract between the Data Controller and the User will be retained until the performance of that contract is completed and for the following 10 years for legal obligations (e.g. invoice retention).
  • Personal Data collected for purposes related to the legitimate interest of the Data Controller will be retained until such interest is satisfied.
  • When the processing is based on the User’s consent, the Data Controller may retain the Personal Data for a longer period until such consent is revoked (e.g. for marketing purposes, the data will be retained for 24 months, unless revoked).

At the end of the retention period, Personal Data will be deleted. Therefore, upon expiry of this term, the right of access, deletion, rectification and the right to data portability can no longer be exercised.

6. DETAILS ON THE PROCESSING OF PERSONAL DATA

Personal Data is collected for the following purposes and using the following services:

  • Contact form
    By filling in the contact form with their Data, the User consents to its use to respond to requests for information, quotes or any other kind indicated by the form header. Personal Data collected: first name, last name, email address, telephone number, company name.
  • User database management.
    These services allow the Data Controller to build user profiles starting from an email address, name or any other information that the User provides to this Site, as well as to track the User’s activities through statistical features.
    Active Campaign is an address management and email messaging service. Personal Data processed: email address, name and various types of Data as specified in the service’s privacy policy. Place of processing: USA. Privacy Policy: https://www.activecampaign.com/legal/privacy-policy”.
    Tag management: This type of service is used for the centralised management of tags or scripts used on this Website. Google Tag Manager is a tag management service. Personal Data processed: Usage Data and Tracking Tools. Place of processing: USA. The services contained in this section allow the Data Controller to monitor and analyse traffic data.
    Google Analytics is a web analytics service provided by Google LLC. Google uses the Personal Data collected for the purpose of tracking and examining the use of this Site, compiling reports and sharing them with other services developed by Google. In some configurations, the IP address is anonymised. Personal Data processed: Usage Data and Tracking Tools. Place of processing: USA. Privacy Policy “https://policies.google.com/privacy”WordPress Stats is a statistics service provided by Automattic Inc. Personal Data processed: Usage Data and Tracking Tools. Place of processing: USA. Privacy Policy: “https://automattic.com/privacy/”.
    Meta Events Manager and Meta Ads Conversion Tracking (Meta Pixel) Meta Platforms Ireland Limited. These services link data from the Meta ad network with actions taken within this Site. Personal Data processed: Usage Data and Tracking Tools. Place of processing: Ireland. Privacy Policy: “https://www.facebook.com/about/privacy/”.
    Remarketing and behavioural targeting. These services allow this Site and its partners to communicate, optimise and serve advertisements based on the User’s past use of this Site.
    Google Ads Remarketing and Google Ads Conversion Tracking (Google LLC.) These services are provided by Google LLC and connect the activity of this Website with the Google Ads advertising network. Personal Data processed: Usage Data and Tracking Tools. Place of processing: USA. Privacy Policy: “https://policies.google.com/privacy” “https://adssettings.google.com/authenticated” Display of content from external platforms. These services allow you to view content hosted on external platforms directly from the pages of this Site and to interact with them.
    Google Fonts (Google LLC) Font style display service. Personal Data processed: Usage Data and various types of Data as specified in the privacy policy of the service. Place of processing: USA Privacy Policy: “https://policies.google.com/privacy”.
    Font Awesome (Fonticons, Inc.) Font style display service. Personal Data processed: Usage data. Place of processing: USA. Privacy Policy “https://fontawesome.com/privacy”
    Adobe Fonts (Adobe Systems Incorporated). Font style display service. Personal Data processed: Usage data and various types of Data as specified in the privacy policy of the service. Place of processing: USA. Privacy Policy: “https://www.adobe.com/privacy/policy.html”
    Hosting and backend infrastructure. These services are used to host Data and files that enable this Website to function. The service used is “Shared hosting” provided by Axera S.p.A.. For more information, please refer to the provider’s privacy policy.

7. USER RIGHTS

Users may exercise certain rights with regard to the Data processed by the Data Controller. In particular, the User has the right to:

  • withdraw consent at any time.
  • object to the processing of their Data.
  • access their Data.
  • verify and request rectification.
  • obtain the restriction of processing.
  • obtain the erasure or removal of your Personal Data.
  • receive their Data or have it transferred to another data controller (right to portability).
  • lodge a complaint with the competent data protection supervisory authority (for Italy, the Garante per la Protezione dei Dati Personali, www.gpdp.it).

8. HOW TO EXERCISE YOUR RIGHTS

To exercise their rights, Users may send a request to the contact details of the Data Controller indicated in this document. Requests are filed free of charge and processed by the Data Controller as quickly as possible, and in any case within one month.

9. FURTHER INFORMATION ON PROCESSING

  • Legal defence: The User’s Personal Data may be used by the Data Controller in court or in the preparatory stages of any legal proceedings to defend against abuse in the use of this Website or related Services by the User.
  • System logs and maintenance: For operational and maintenance purposes, this Website and any third-party services it uses may collect system logs, i.e. files that record interactions and may also contain Personal Data, such as the User’s IP address.
  • Changes to this privacy policy: The Data Controller reserves the right to make changes to this privacy policy at any time by notifying Users on this page. Please therefore consult this page regularly, referring to the date of the last modification indicated at the bottom.

Last update: December 2025.