Privacy Policy

Privacy Policy

NOTICE PURSUANT TO ART. 13 OF REGULATION (EU) 2016/679 - PRIVACY POLICY https://shop.susafa.com/it/

Dear User, we inform you that pursuant to Article 13 of Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data, the data you provide will be processed in accordance with the principles of lawfulness, fairness, and transparency, and to protect your privacy and your rights. Therefore, we provide you with the following information:

1. The Data Controller is Società Agricola Susafa S.r.l., via Gen. G. Arimondi, 2 - 90143 Palermo, Italy. You can contact us at info@susafa.it.

2. The Data Protection Officer (DPO) can be contacted at dpo@susafa.it.

3. Categories of data processed
The Data Controller processes personal identification and contact data such as name, surname, email address, and telephone number, as well as shipping and billing information, tax information (tax code or VAT number), and information relating to orders placed and products purchased. Payment data is processed through third-party providers specializing in electronic payment services; The Data Controller does not retain complete data on the payment methods used. Browsing data, such as IP address, device identifiers, access logs, and technical information relating to the use of the website, are also processed. Special categories of data pursuant to Art. 9 of the GDPR are not processed.

4. Purpose of processing
Personal data is processed:

  1. To allow registration and management of the user's personal account, to allow access to the reserved area and to make online purchases. In this case, processing is necessary for the performance of a contract or pre-contractual measures taken at the request of the data subject pursuant to Art. 6, paragraph 1, letter a) of the GDPR. b) GDPR.
  2. To allow the purchase of products in "guest" mode, without registering on the site, as well as to manage administrative, accounting, tax, and logistical activities related to the execution of the sales contract, including the delivery of the products. In this case too, the legal basis is Art. 6, paragraph 1, letter b) GDPR.
  3. To respond to requests for information or clarification made via the contact form or via email. This processing is based on the adoption of pre-contractual measures at the request of the data subject pursuant to Art. 6, paragraph 1, letter b) GDPR. b) GDPR.

Browsing data is processed to ensure the proper functioning of the site, the security of networks and IT systems, and the prevention of fraudulent use.

Providing the data required for registration or to make purchases is mandatory; failure to provide it will make it impossible to create an account or complete the order. Providing data for sending contact requests is necessary to provide a response.

5. Retention Period
User account data is retained until the interested party requests its deletion. Order and billing data are retained for 10 years, in compliance with civil and tax obligations. Data provided through the contact area is retained for the time strictly necessary to provide feedback and in any case no longer than 12 months, unless a contractual relationship is established.

Browsing data and security logs are retained for a maximum period of 6 months, except where required by judicial authorities to investigate criminal offenses. Regarding cookies and tracking tools, please refer to the Cookie Policy, which details the retention periods for each type of cookie used.

6. Processing Methods
Personal data is processed using computerized and electronic means, in compliance with the principles of lawfulness, fairness, transparency, minimization and storage limitation, adopting appropriate technical and organizational measures to guarantee the security and confidentiality of the data.

7. Data Recipients
The data may be processed by expressly authorized and adequately trained internal personnel. They may also be disclosed to third parties who provide services essential to the website's activities, such as IT and hosting providers, e-commerce platforms, couriers and freight forwarders, tax and administrative consultants, and payment service providers. The parties who process data on behalf of the Data Controller are appointed as Data Processors pursuant to Art. 28 GDPR. Payment providers operate as independent data controllers in accordance with their own privacy policies.

The data may be disclosed to public bodies or competent authorities for the fulfillment of legal obligations pursuant to Art. 6, paragraph 1, letter c) of the GDPR.

8. Transfers to non-EU countries
If, for technical or organizational reasons, personal data is transferred to countries outside the European Union, the transfer will take place in compliance with Articles 44 et seq. GDPR, based on adequacy decisions by the European Commission or through the adoption of Standard Contractual Clauses or other appropriate safeguards provided for by applicable law.

9. Rights of the Data Subject
The data subject may exercise the rights provided for in Articles 15–22 of the GDPR at any time, including the right to access, rectification, erasure, restriction of processing, data portability, and objection to processing. Requests can be sent to the Data Controller at the contact details above or to the DPO. The right to lodge a complaint with the Italian Data Protection Authority pursuant to Article 77 of the GDPR remains unaffected.