Privacy Policy

PRIVACY POLICY OF WWW.SPREAFICOCERNIERE.IT
Last update: 30 September 2025

INTRODUCTION
This Privacy Policy explains how www.spreaficocerniere.it collects, uses, stores, and protects the personal data of users who visit the website or use its services.
It also describes your rights under Regulation (EU) 2016/679 (GDPR).

DATA CONTROLLER
SPREAFICO CERNIERE SRL
Via Paolo Vitalba 4A – 23801 Calolziocorte (LC) – Italy
Tel. +39 0341 641505
Email: vendite@spreaficocerniere.it

TYPES OF DATA COLLECTED
The website collects the following categories of personal data:

  1. Data collected automatically
    – IP addresses
    – Usage data
    – Referring URLs
    – Pageviews
    – Technical information about browser and device
    – Cookies and tracking tools (see Cookie Policy)
  2. Data provided voluntarily by the user
    – Name and surname
    – Email address
    – Phone number
    – Billing address
    – Shipping address
    – Payment information
    – Order ID and purchase details (in case of e-commerce operations)

Unless otherwise specified, providing personal data is necessary to access the website’s services.

METHODS OF PROCESSING
The Data Controller processes personal data using appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction.

Processing is carried out using IT and telematic tools, following organizational methods strictly related to the purposes described in this document.

In addition to the Data Controller, the following subjects may access the data:
– authorized internal staff;
– service providers (technical, IT, hosting, logistics, communication);
– third-party suppliers involved in the website’s operation.

These subjects may be appointed Data Processors where required.

PLACE OF PROCESSING
Data is processed at the Data Controller’s operational headquarters and through service providers that may operate from different countries.
More details are available by contacting the Data Controller.

RETENTION PERIOD
Personal data is stored for the time necessary to fulfil the purposes for which it was collected, unless a longer retention period is required by law or based on the user’s consent.

Examples:
– Contractual and invoicing data: up to 10 years (legal obligations)
– Contact form data: 12 months
– Technical logs: according to security requirements
– Cookies: as described in the Cookie Policy

PURPOSES OF THE PROCESSING
User data is collected to allow the Data Controller to:

– provide the website’s services;
– manage orders, payments, and shipments;
– fulfil legal obligations;
– respond to user requests;
– improve the browsing experience;
– monitor website performance and security;
– generate anonymous statistics;
– display external content (e.g., Google Fonts).

SERVICES USED FOR DATA PROCESSING

  1. Platform and hosting services
    The website operates using technologies such as WordPress and WooCommerce, which require data processing for functionality, security, and e-commerce management.
  2. Analytics
    Anonymous analytics may be collected through WooCommerce internal attribution tools.
    Collected data: usage statistics, session information, pageviews.
  3. External content display
    Google Fonts (Google LLC) may collect technical device and browser data.
    Location of processing: USA
    Data: usage data, technical information

LEGAL BASIS FOR PROCESSING
Data is processed on the following legal bases:

– user consent;
– execution of a contract or pre-contractual measures;
– compliance with a legal obligation;
– legitimate interest of the Data Controller (e.g., security, anonymous analytics).

USER RIGHTS
Under GDPR, users may exercise the following rights:

– access their personal data;
– request rectification;
– request deletion (right to be forgotten);
– request restriction of processing;
– object to processing;
– request data portability;
– withdraw consent at any time;
– lodge a complaint with the competent Data Protection Authority.

Requests must be addressed to the Data Controller at the contact details above.

DATA TRANSFER OUTSIDE THE EU
Some third-party services (such as Google Fonts) may involve the transfer of data outside the European Economic Area.
Such transfers are made in compliance with GDPR safeguards (adequacy decisions, Standard Contractual Clauses, supplementary measures).

SYSTEM LOGS AND MAINTENANCE
Technical logs may be collected automatically for security and operational purposes. These logs may contain personal data such as IP addresses.

CHANGES TO THIS PRIVACY POLICY
The Data Controller reserves the right to update or modify this Privacy Policy at any time.
Changes will be posted on this page, and the update date will be adjusted accordingly.

CONTACTS
SPREAFICO CERNIERE SRL
Via Paolo Vitalba 4A – 23801 Calolziocorte (LC)
Email: vendite@spreaficocerniere.it
Phone: +39 0341 641505