Information on the processing of personal data

In this statement we provide you with all the information regarding the way in which we acquire and process your personal data in accordance with the GDPR 679/2016

Dear Customer

The company ROSSI 1947 Srl, data controller, carrying out the activity of selling food products in e-commerce with the PALATIFNI brand with headquarters up Passo Ponte Carrega 62Qr - 16141 Genoa (GE) email telephone +39 0108601096, protection the confidentiality of personal data and guarantees them the necessary protection from any event that could put them at risk of violation. As required by the European Union Regulation n. 679/2016 ("GDPR"), and in particular to art. 13, below we provide the user ("Interested") with the information required by law relating to the processing of their personal data.

The data provided aROSSI 1947 SRL, will be treated in accordance with the provisions of current privacy legislation which is based on EU Regulation 2016/679 (GDPR) and subsequent amendments as per Legislative Decree 101/2018.

This information is intended to inform the user about the methods of processing personal data concerning the data subjects in the simplest, most complete and detailed way possible.

1) Main definitions contained in the GDPR 679/2016

We inform you of the main definitions relating to data processingpersonal data contained in the GDPR 679/2016

For the purposes of this regulation, the following definitions apply:

1) "personal data": any information concerning an identified or identifiable natural person ("interested party"); the natural person who can be identified, directly or indirectly, with particular reference to an identifier such as the name, an identification number, location data, an online identifier or one or more characteristic elements of his physical identity is considered identifiable, physiological, genetic, psychic, economic, cultural or social;

2) "processing": any operation or set of operations, carried out with or without the aid of automated processes and applied to personal data or sets of personal data, such as the collection, registration, organization, structuring, storage , adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, limitation, cancellation or destruction;

3) "limitation of processing": the marking of personal data stored with the aim of limiting their processing in the future;

4) "profiling": any form of automated processing of personal data consisting in the use of such personal data to evaluate certain personal aspects relating to a natural person, in particularto analyze or predict aspects relating to the professional performance, economic situation, health, personal preferences, interests, reliability, behavior, location or travel of said natural person;

5) 'pseudonymisation' means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and subject to technical measures and organizational designed to ensure that such personal data are not attributed to an identified or identifiable natural person;

6) "archive": any structured set of personal data accessible according to specified criteria, regardless of whether this set is centralized, decentralized or distributed in a functional or geographical way;

7) "data controller": the natural or legal person, public authority, service or other body which, individually or together with others, determines the purposes and means of the processing of personal data; when the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria applicable to his designation may be established by Union or Member State law;

8) "data processor": the natural or legal person, the aupublic authority, the service or other body that processes personal data on behalf of the data controller;

... omitted

11) "consent of the interested party": any manifestation of free, specific, informed and unequivocal will of the interested party, with which the same expresses his / her consent, by means of an unequivocal positive declaration or action, that the personal data concerning him of treatment;

... omitted

Furthermore, in addition to the previous definitions, we inform you about the meaning of the following services:

a) "Remarketing and behavioral targeting":

This type of service allows this Website and its partners to communicate, optimize and serve advertisements based on the past use of this Website by the User.

This activity is carried out through the tracking of Usage Data and the use of Cookies, information that is transferred to the partners to whom the remarketing and behavioral targeting activity is connected. Some services offer a remarketing option based on email address lists.

In addition to the possibility to opt-out offered by the services listed below, the User can opt for the exclusion of the use of cookies by a third party service for some remarketing functions by visiting the opt-out page. out of the Network Advertising Initiative.

Users can also choose not to participate in certain fuelsadvertising through the corresponding device configuration options, such as mobile device advertising configuration options or general advertising configuration./ p>

Facebook Remarketing (Facebook, Inc.)

Facebook Remarketing is a remarketing and behavioral targeting service provided by Facebook, Inc. that connects the activity of this Website with the Facebook advertising network.

Personal Data processed: Cookies; Usage data.

Place of processing: Based on the information available on the specific site dedicated by each one.

Facebook Custom Audience (Facebook, Inc.)

Facebook Custom Audience is a remarketing and behavioral targeting service provided by Facebook, Inc. that connects the activity of this Website with the Facebook advertising network.

Users can choose not to use Facebook cookies for ad personalization by visiting this opt-out page.

Personal Data processed: Cookies; e-mail.

Place of processing: Based on the information available on the specific site dedicated by each one.

b) "Displaying content from external platforms":

This type of service allows you to view content hosted on external platforms directly from the pages of this Website and interact with them.

In the event that a service of this type is installed, it is possible that, even neIf Users do not use the service, it collects traffic data relating to the pages in which it is installed/ p>

Google Fonts

Google Fonts is a font style visualization service managed by Google LLC or by Google Ireland Limited, depending on the location in which this Website is used, which allows this Website to integrate such contents within its pages.

Personal Data processed: Usage data; various types of data as specified in the privacy policy of the service.

Place of processing: Based on the information available on the specific site dedicated by each one.

c) "Hosting and backend infrastructure":

This type of service has the function of hosting data and files that allow this website to function, allow its distribution and make available a ready-to-use infrastructure to provide specific features of this website./ p>

Some of the services listed below, if present, may work on geographically distributed servers, making it difficult to determine the actual location in which Personal Data is stored.

Dedicated Cloud Server: service provided by Gmg Net Srl at the Seeweb Srl data center

Personal Data collected: Cookies, Usage Data and various types of Data as specified in the privacy policy of the service.

Place of processing: Italy - Privacy Policy.

d) "Statistics":

The services contained in this section allow the Data Controller to monitor and analyze traffic data and are used to keep track of User behavior.

Google Analytics

Google Analytics is a web analysis service provided by Google Inc. ("Google"). Google uses the Personal Data collected for the purpose of tracing and examining the use of this Website, compiling reports and sharing them with other services developed by Google.

Google may use the Personal Data to contextualise and personalize the advertisements of its own advertising network.

Personal Data processed: Cookies; Usage data.

Place of processing: Based on the information available on the specific site dedicated by each one.

AWStats (this Website)

AWStats is a statistical software used by this website to analyze data directly and without the help of third parties.

The User can disable the collection of this statistical information by deactivating JavaScript in his browser. However, this action could adversely affect the User's browsing experience on this Website and other applications/ p>

Personal Data processed: Cookies; Usage data.

Facebook Ads conversion tracking (Facebook pixel) (Facebook, Inc.)

Facebook Ads conversion tracking (Facebook pixel) is a statistics service forcreated by Facebook, Inc. which links data from the Facebook ad network with actions performed on this Website. The Facebook pixel monitors the conversions that can be attributed to Facebook, Instagram and Audience Network ads.

Personal Data processed: Cookies; Usage data.

Place of processing: Based on the information available on the specific site dedicated by each one.

Facebook Analytics for Apps (Facebook, Inc.)

Facebook Analytics for Apps is a statistics service provided by Facebook, Inc.

Personal Data processed: Usage data; various types of data as specified in the privacy policy of the service.

Place of processing: Based on the information available on the specific site dedicated by each one.

e) "Cookie Policy:

Cookies are data created by a server that are stored in text files on the hard disk of the computer or on any device used by the user to access the Site on the Internet (smartphone, tablet) and allow to collect information on the navigation performed by the user on the Site.

Cookies can be stored permanently on your computer and have a variable duration (so-called persistent cookies), but they can also disappear when the browser is closed or have a limited duration (so-called session cookies).

Cookies can be installed by the site you are visiting (so-called first-party cookies) or posso be installed by other websites (so-called third-party cookies).

Types of cookies used and related purposes

Technical cookies

These first-party cookies are used to guarantee and facilitate the activities strictly necessary for the functioning of the Site for the normal navigation of the site and allow its functions (such as allowing for example to authenticate to restricted areas, to save your session, your preferences navigation, to save products in the cart, remember some criteria select them such as language, manage the distribution of traffic, etc.) and to collect some information in aggregate (anonymous) form about users.

Analytical cookies

These cookies are used to collect information on the use of the Site by users (number of visitors, pages visited, time spent on the site, etc.).

Profiling cookies

These cookies are necessary to create user profiles in order to send advertising messages in line with the preferences expressed by the user within the pages of the Site.

Profiling cookies - Social media

These third-party cookies allow users to interact with thesocial networks (Facebook, Twitter, YouTube, Vimeo, etc.) and in particular to share site content through the aforementioned channels.

Profiling cookies - Advertising

These third-party cookies allow the collection of visitor data and interests, in order to build a detailed profile on them which is subsequently used for marketing purposes. In this way, users will be able to receive personalized and targeted advertisements based on their interests.]

f) "Hosting Provider":

From English to host (to host), in computer science the service that places data relating to the pages of a website on a server is called hosting.

This 'Internet hosting' service gives individuals and companies the opportunity to ensure that their website is online, therefore accessible to everyone at any time of the day.

2) Purpose - Data subject to processing

We show you what data can be processed, possibly sent to ROSSI 1947 SRL

Data provided voluntarily

Data acquisition is the indispensable prerequisite for accessing the services offered by ROSSI 1947 SRL. Are understood as "data provided voluntarily" also those that are eventually sent by electronic mail (e-mail) to contact us.

The data ifrvono the owner to follow up the request for registration and the contract for the supply of the requested product, or for offers and promotions; is the information collected automatically through this Website (including by third-party applications integrated into this Website), including:

To contact the user:

residential address or where to send the purchased product (country of origin)

phone numbers

email address

the IP addresses or domain names of the computers used by the User connecting to this Website, the addresses in the Uniform Resource Identifier (URI) notation,

the characteristics of the browser and operating system used by the visitor,

in order to perform:

supply of the purchased product,

manage and execute contact requests forwarded by the interested party,

provide assistance,

fulfill the legal and regulatory obligations to which the Data Controller is required in relation to the activity exercised.

For the chosen payment data relating to:

Credit card



Bank transfer

using the following services:

Remarketing and behavioral targeting

Facebook Remarketing

Personal Data: Cookies; Usage data

Facebook custom audience

Personal Data: Cookies; e-mail

Viewing content from external platforms

Google Fonts

Personal Data: Usage data; various types of data as specified in the privacy policy of the service

Hosting and backend infrastructure

service provided by Gmg Net Srl at the Seeweb Srl data center


Google Analytics, AWStats and Facebook Ads conversion tracking (Facebook pixel)

Personal Data: Cookies; Usage data

Facebook Analytics for Apps

Personal Data: Usage data; various types of data as specified in the privacy policy of the service

In no case ROSSI 1947 SRL resells the personal data of the interested party to third parties or uses them for undeclared purposes. In particular, the data of the interested party will be processed for:

a) registration and requests for contact and / or information material

The processing of the personal data of the interested party takes place to carry out the preliminary activities and consequent to the request for registration, the management of requests for information and contact and / or sending of informative material, as well as for the fulfillment of any other obligation arising

b) the management of the contractual relationship

The processing of the personal data of the interested party takes place to carry out the preliminary activities and consequent to the purchase of a Service and / or a Product, the management of the related order, the provision of the Service itself and / or the production and / or the shipment of the purchased Product, the relative invoicing and payment management, the handling of complaints and / or reports to the assistance service andthe provision of the assistance itself, the prevention of fraud as well as the fulfillment of any other obligation deriving from the contract.

c) Legitimate interests pursued by the data controller or by third parties

Your data are processed on the basis of legitimate interests, the processing of information will be fair and will respect the principles of protection of personal data provided for by the current legislation GDPR679 / 2016 and subsequent amendments

d) promotional activities on Services / Products similar to those purchased by the interested party (Recital 47 GDPR)

The data controller, even without your explicit consent, may use the contact details communicated by the interested party, for the purpose of direct sales of their Services / Products, limited to the case in which they are Services / Products similar to those covered by the sale, unless the interested party explicitly objects.

e) commercial promotion activities on Services / Products other than those purchased by the Marketing Interested Party

The personal data of the interested party may also be processed for commercial promotion purposes, for surveys and market research with regard to the Services / Products that the Data Controller offers only if the interested party has authorized the processing and does not object to this. This treatment can take place, in an automated way, in the following ways: - e-mail; - sms; - telephone contact and can be done:

1. if the interested party does nothas withdrawn his consent for the use of the data;

2. if, in the event that the processing takes place through contact with a telephone operator, the interested party is not registered in the register of oppositions referred to in Presidential Decree no. 178/2010;

f) IT security

The Data Controller, in line with the provisions of Recital 49 of the GDPR, processes, also through its suppliers (third parties and / or recipients), the personal data of the interested party relating to traffic to an extent strictly necessary and proportionate to guarantee the security of networks and information (the various temporal connotations of the visit, such as the time spent on each page, and the details of the itinerary followed within the Application, with particular reference to the sequence of pages consulted, to the relative parameters the operating system and the user's IT environment), i.e. the ability of a network or information system to resist, at a given level of security, unforeseen events or illegal or malicious acts that compromise the availability , the authenticity, integrity and confidentiality of the personal data stored or transmitted. The Data Controller will promptly inform the Data Subjects, if there is a particular risk of violation of their data, without prejudice to the obligations deriving from the provisions of art. 33 of the GDPR relating to notifications of personal data breaches.

g) profiles ittion

The personal data of the interested party may also be processed for profiling purposes (such as analysis of the transmitted data and the selected Services / Products, proposing advertising messages and / or commercial proposals in line with the choices made by the users themselves) exclusively in the event that the interested party has provided explicit and informed consent (Google Analytics Statistics, AWStats and Facebook Ads conversion monitoring (Facebook pixel) Personal Data: Cookies; Usage data - Facebook Analytics for Apps Personal Data: Usage data; various types of Data as specified in the privacy policy of the service.

The Services / Products offered by the Data Controller are reserved for subjects legally able, on the basis of the relevant national legislation, to conclude contractual obligations. The Data Controller, in order to prevent illegitimate access to its services, implements preventive measures to protect its legitimate interest, such as checking the tax code and / or other checks, when necessary for specific Services / Products, the correctness of the data identification of identity documents issued by the competent authorities.

h) System log and maintenance:

For needs related to operation and maintenance, this Website and any third party services used by it may collect system logs, i.e. files that record the interactions and which may also contain Data Forsonal, such as the User IP address.

3) Legal basis of the processing

We illustrate the legal basis on which the various data processing carried out are based and we explain the validity requirements of your possible consent to the processing of your personal data./ p>

The processing of data sent is based on the consent of the interested party who is free to lend it or not. The consent of the interested party is essential for the purposes indicated above in point 2

Consent of the interested party

In all cases in which the user's consent is required for the processing, this must be aware, free and unconditional. Failure to provide data, however, could make it impossible to obtain certain services or performances (for example, you cannot subscribe to the newsletter service if you do not give the relative consent contained in the letter of obtaining consent)

In the matter of sensitive data such as those relating to health, consent is written and mandatory (art9 GDPR679 / 2016)

4) Processing methods

We inform you how your data is managed.

The data being processed are processed with IT tools in a mainly automated manner with techniques and precautions that reduce human intervention as much as possible. Manual access by authorized operators is provided only in casesprovided, including to fulfill specific legal obligations (for example for the billing of any paid services).

Response to "Do Not Track" requests

This Website does not support "Do Not Track" requests.

To find out if any third-party services used support them, the User is invited to consult the respective privacy policies

5) Data retention

We inform you where the data we acquire in person are stored.

The data we process directly are stored in our systems located at ROSSI 1947 SRL based in Passo Ponte Carrega 62Qr - 16141 Genova (GE) email info@palatifini.it_ telephone +39 0108601096

Statistics: Based on the information available on the specific site dedicated by each one.

Hosting and backend infrastructure: Italy

Remarketing and behavioral targeting: Based on the information available on the specific site dedicated by each one.

External platforms: Based on the information available on the specific site dedicated by each one.


The European Commission has the power to determine, based on Article 45 of Regulation (EU) 2016/679, whether a country outside the EU offers an adequate level of data protection.

The adoption of an adequacy decision involves

a proposal from the Euro Commissionpea

an opinion of the European Data Protection Board

approval by representatives of EU countries

the adoption of the decision by the European Commission

At any time, the European Parliament and the Council can ask the European Commission to maintain, amend or withdraw the adequacy decision as its act exceeds the implementing powers provided for in the regulation.

The effect of this decision is that personal data can flow from the EU (and Norway, Liechtenstein and Iceland) to that third country without any further safeguard being required. In other words, transfers to the country in question will be treated as intra-EU data transmissions/ p>

The European Commission has so far recognized Andorra, Argentina, Canada (commercial organizations), Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland

The Court of Justice of the European Union (CJEU) ruled on July 16, 2020 (the so-called "Schrems II Judgment") on the data transfer regime between the European Union and the United States, invalidating the Privacy adequacy decision Shield, adopted in 2016 by the European Commission following the forfeiturea Safe Harbor Agreement.

In the same judgment, the CJEU also considered valid the decision 2010/87 relating to the standard contractual clauses for the transfer of personal data to processors established in third countries.

The European Commission adopted on 12 July 2016 a decision on the so-called Privacy Shield, the agreement that regulates the transfer of data between the European Union and the USA.

The agreement protects the fundamental rights of individuals in the EU whose personal data is transferred to the United States, and sets firm rules for companies that transfer data across the Atlantic.

The new discipline provides:

• stringent protection obligations for companies that transfer data

• security measures regarding access to data by the United States Government

• specific tools for the protection of people

• the joint annual review of the agreement to monitor its implementation.

The new agreement follows the indications of the European Court of Justice, which on 6 October 2015 declared the Commission decision of 2000 on the exchange of data between the EU and the US, the so-called Safe Harbor, invalid./ p>

6) Subjects authorized to access the data

We inform you who can access the data we manage personally.

The communication of the personal data of the interested party takes place principallyipally towards third parties and / or recipients whose activity is necessary for the performance of the activities inherent to the relationship established and to respond to certain legal obligations, such as:

Accountant: for purposes such as administrative, accounting and contractual obligations, on the basis of the relevant mandatory legislation

Labor consultant: Administrative, accounting and contractual obligations related to the contractual performance based on the relevant mandatory legislation

Third party suppliers: for purposes such as provision of services (assistance, maintenance, delivery / shipment of products, provision of additional services, providers of electronic communications networks and services, insurance) connected to the requested service

Credit institutions: for purposes such as management of collections, payments, reimbursements related to the contractual service

External professionals / consultants and consultancy companies: for purposes such as compliance with legal obligations, exercise of rights, protection of contractual rights, credit recovery

Administrationfinancial, public bodies, judicial authorities, supervisory and control authorities: binding laws on the subject

Subjects formally delegated or with recognized legal title: suppliers, service providers, consultants, maintenance technicians

External platforms

Hosting providers, IT companies, communication agencies

The main services they offer are:

web space for a site (hosting);

access (access provider);

supply of mail.

Consequently they are divided into:

host provider (hosting websites);

access provider (which allows its users to access the internet via modem or dedicated connections);

network provider (which provides access to the network via the internet);

content provider (which offers content also published on its own ifrver);

service provider (which guarantees services such as access or mobile telephony);

cache provider (which stores data arriving from the outside in a temporary transit area, called cache, to speed up internet browsing).

ATTENTION: The Data Controller requires strict compliance with its Third Party suppliers and the Data Processors to comply with security measures equal to those adopted for the Data Subject by restricting the scope of action of the Data Processor to the treatments connected to the requested service. The Data Controller does not transfer your personal data to countries in which the GDPR is not applied (non-EU countries) unless otherwise specified, for which it will be informed in advance and your consent will be requested if necessary. The legal basis of these treatments is the fulfillment of the services inherent to the relationship established, compliance with legal obligations and the legitimate interest ROSSI 1947 SRL to carry out treatments necessary for these purposes.

7) Security measures

We inform you how we protect your data.

Appropriate security measures are observed to prevent the loss of data, their tampering, illicit use and unauthorized access. Furthermore, where appropriate, user data is processed and stored inencrypted way.

8) Duration of treatment

We inform you how long your data will be processed within our systems.

The data are processed for the time necessary to perform the service requested by the user, or required by the purposes described in this document and / or in the documents sent to ROSSI 1947 SRL. The interested party can always request the interruption of specific treatments (for for example the cancellation from the newsletter service) or the complete cancellation of your data, excluding the cases provided for by current legislation on the subject. The tests, records and certificates relating to courses on safety at work must be kept by us for 10 years by law.

As well as the data relating to specific services, indicated in point 2 of this document, may be kept, for a period equal to the legitimate interest of the data controller ROSSI 1947 SRL

Some data could be kept even after the cancellation for the period provided for the fulfillment of legal obligations, provided that it is not necessary to keep them further to defend or assert a right, such as the legitimate interest of the data controller, to fulfill any further legal obligations or orders from the authorities.

9) Data Controller - Data Processor

We indicate who is the owner of the dealand how you can contact him to ask your questions or exercise your rights.

The owner of the processing of personal data is: The company ROSSI 1947 Srl, with operational headquarters up Passo Ponte Carrega 62Qr - 16141 Genoa (GE) email telephone +39 0108601096,

10) Rights of the interested party

We inform you what your rights are and how you can exercise them: art from 15 to 21 GDPR679 / 2016

The subjects to whom the aforementioned personal data refer (so-called "interested parties"), have the right to exercise their rights in the manner and within the limits established by the current legislation pursuant to GDPR679 / 2016. In particular, the following rights are recognized to the interested party:

oraccess: the interested party has the right to ask whether or not there is a processing of data concerning him and, if so, he has the right to know such data. (Article 15)

orrectification: the interested party may request to rectify or supplement the data that he has provided us or in any case in our possession, if inaccurate, (art16)

orcancellation: the interested party can request that his data be deleted, if they are no longer necessary for the purposes for which they were collected or in the event of withdrawal of consent, oppositionto the processing, in the event of unlawful processing, or if there is a legal obligation to cancel; (Article 17)

orlimitation: the interested party may request the limitation of the processing of his personal data, when one of the conditions referred to in art. 18 of the GDPR; in this case, your data will not be processed, except for storage, without your consent except as specified in the same article in paragraph 2. (art18)

orobligation to notify in the event of rectification or cancellation of personal data or limitation of processing the data controller communicates to each of the recipients to whom the personal data have been transmitted any corrections or cancellations or limitations of processing carried out pursuant to Article 16, of Article 17 (1) and Article 18, unless this proves impossible or involves a disproportionate effort. The data controller informs the interested party of these recipients if the interested party requests it. (Article 19)

orportability: the interested party may request to receive his data, or to have them transmitted to another owner indicated by him, in a structured format, commonly used and readable by an automatic device. (Article 20)

or opposition: the interested party may object at any time to the processing of his data carried out on the basis of our legitimate interest, unless there are legitimate reasons for proceeding with the treatment that prevail over his, for example for the exercise or our defense in court. (art21)

Furthermore, pursuant to art. 7, par. 3, GDPR, we inform you that you can exercise your right to withdraw consent at any time, without prejudice to the lawfulness of the processing based on the consent given previously./ p>

To exercise these rights, report problems or ask for clarifications on the processing of personal data, send an email to:

If the user believes that he has not obtained an adequate and timely response regarding his requests regarding privacy, you have the right to contact the competent authority./ p>