Privacy Policy

SITE PRIVACY AND COOKIE POLICY WWW.NONNASILIVI.COM

Dear Interested Party,

below are all the information regarding the data processing carried out on the e-commerce site www.nonnasilvi.com (hereinafter the Site) or originating from orders, contact requests, and other operations you perform using its functionalities.

This document (hereinafter the "Privacy Policy") was drafted to allow you to understand how your personal data will be processed within the use of the Site and to provide you with all the information so that you can also give explicit and informed consent to the processing carried out, where necessary.

Preliminarily, the collection and processing of your personal data that you will provide or that will be collected through the Site will take place according to the principles and rules established by EU Reg. 679/2016 and Italian legislation on the matter, and therefore complying with criteria of lawfulness, fairness, transparency, purpose limitation and retention limitation, data minimization, accuracy, integrity, and confidentiality.

Index of the privacy policy

1. The processing and data collected, purposes and legal bases
2. The Data Controller
3. The Data Protection Officer
4. Data Recipients
5. The data retention period
6. The rights of the Interested Party
7. Site cookie policy
8. Changes to this privacy notice

1. The processing and data collected, purposes and legal bases

1.a Conclusion of the contract and execution of sales contracts through the Site's functionalities

On the Site, in application of the general contract conditions (https://nonnasilvi.com/pages/termini-e-condizioni), the following personal data are collected: buyer's first and last name, data for invoicing and issuing related tax documents, shipping data such as recipient's name, residence or domicile addresses, contact data such as phone number and email. It is specified that online payments are managed by external platforms (Paypal/Shopify) and not by the Site owner; these operators are therefore the sole and exclusive Data Controllers of the data processing carried out in relation to the payment and the Interested Party is invited to review the privacy policies of those platforms and the banking services used.

The purpose of this collection is to allow the conclusion of the sales contract between the Owner and the Interested Buyer, as well as the execution of the contract thus formed, including the phases of preparation and execution of the shipment of the purchased goods as well as post-sale assistance. The collection is also aimed at maintaining contact with the customer in all the aforementioned phases, according to the specific needs possibly indicated by the Interested Party.

Furthermore, the collection and processing of personal details and other data necessary for invoicing are aimed at proper accounting management. Failure to provide these data completely may prevent or significantly delay the execution of the sales contract for the ordered goods.

The legal bases for the collection and processing in question are: the establishment and full and exact execution of the contract with the Data Subject (see art. 6, § 1, lett. b) of EU Reg. 2016/679); compliance with legal obligations incumbent on the Controller, for example due to the statute, Italian tax and fiscal regulations, public procurement and anti-mafia legislation (art. 6, § 1, lett. c) of EU Reg. 2016/679).

1.b General product newsletter for sale on the Site 

On the Site, the Data Subject can choose to subscribe to the general Newsletter service related to the products present or promoted on the Site. Only the following personal data are collected: name, email address, through CAPTCHA protection.

The purpose of this collection is to send a newsletter containing general promotional information, and therefore in no way personalized in relation to the purchases and interests of the Data Subject. Subscription to the newsletter does not also imply the creation of a personal profile on the Site, which can be requested separately by the Data Subject.

The legal basis for the collection and processing in question is the Data Subject's explicit consent only (art. 6, § 1, lett. a) of EU Reg. 2016/679). In case of refusal to give consent, the Data Subject can still order products on the Site.

 

1.c Browsing data, Statistical surveys and analysis with aggregated data on interaction and use of the Site

For detailed information regarding this collection and processing, please refer to the Site's Cookie Policy (https://nonnasilvi.com/pages/politica-sulla-privacy). The data in question may include cookies, Site usage data, anonymized data such as numerical identifiers (ISP) that in no way allow identification of the Data Subject.

The purpose of the processing is to allow the Site operator to optimize its operation and the public offering of products, including for the planning of marketing and remarketing campaigns for the Site and the products offered for sale on it.

The legal bases for the collection and processing provided here are: the explicit consent of the Data Subject for all navigation data other than technical cookies necessary for the functioning of the site (art. 6, § 1, lett. a) of EU Reg. 2016/679); the legitimate interest of the Controller for all other cookies, as these are necessary for the correct and optimal display and navigation of the Site, for its operation, and to improve both the user experience and the offer of goods presented for sale, also considering the device chosen by the Data Subject, and not conflicting with overriding interests, rights, or fundamental freedoms of the Data Subject who, as a Site user, by browsing also gives explicit consent to such automated and/or anonymous processing and who can at any time delete or disable cookies, as indicated in the Cookie Policy (art. 6, § 1, lett. a) and f) of EU Reg. 2016/679). In case of refusal of consent, disabling or deletion of cookies or other navigation data, the Data Subject may be prevented from browsing the Site or its proper functioning.

Apart from the collections and processing indicated above and their related limits, no other personal data collections or processing are ongoing on the Site, and the Data Subject will always be timely and in advance informed of any changes to the collections or processing to which their personal data on the Site are subject.

 

2. The Data Controller

The Data Controller is solely and exclusively the company Nonna Silvi S.r.l. Società Benefit, represented by the pro tempore legal representative, with registered office at Via delle Cascine, 1/a – 50051 Castelfiorentino (FI), VAT and Tax Code 07347870482, registered with the R.E.A. of the Florence Chamber of Commerce under no. FI-697257, PEC nonnasilvisrl@pec.it. For communications regarding the personal data of the Data Subjects, the email address [nonnasilvicommerciale@gmail.com] is active.

 The Data Protection Officer (DPO)

The processing carried out on the Site does not require the appointment of any DPO because the Data Controller and its Data Processors do not perform any regular or systematic monitoring, nor large-scale processing of data necessary for the provision of the services offered, not even simply connected or accessory to the main activities of the Controller. For any information, you can always contact the Controller at the following email address: [insert privacy email].

 

4. Data Recipients

Your Personal Data may be shared with the following parties (the "Recipients"): parties typically acting as data processors (internal and external), namely: i) individuals, companies, or professional firms providing assistance and consultancy to the Owners in accounting, administrative, legal, tax, and financial matters; owners of websites linked to the Site through cookies and other features; parties with whom it is necessary to interact for the provision of Services (e.g., Newsletter); parties delegated to perform technical maintenance activities (including maintenance of network devices and electronic communication networks); persons authorized by the Owners to process Personal Data necessary to carry out activities strictly related to the provision of Services, who have committed to confidentiality or have an adequate legal obligation of confidentiality (e.g., employees of the Owners); parties, entities, or authorities to whom it is mandatory to communicate your Personal Data for Compliance purposes, or to prevent Abuse or Fraud, or by order of authorities.

Your data is usually processed and stored within the EU territory. In the event that a Data Processor needs to transfer, even partially, your data outside the EU, such transfer occurs only to countries for which there is an express recognition that they offer a level of protection equivalent to that of the EU or such transfer is based on appropriate safeguards, in particular according to the standard contractual clauses approved by the EU Commission.

For any information, you can always contact the Owner at the following email address: [nonnasilvicommerciale@gmail.com].

 

5. The Data Retention Period

All personal data collected is retained for the time necessary and sufficient to properly perform the service requested by the Interested Party and in any case no longer than thirty days from the receipt of your legitimate request for deletion.

Without prejudice to the above, the data related to the execution of the sales contract will be retained for the correct delivery of the goods to the interested party and, in particular, the data used for the issuance of invoices or other transport or tax documentation will be kept until the expiration of the applicable statutes of limitations and forfeitures, also to allow the Owner to provide after-sales and warranty services, or to defend their legitimate rights and interests in out-of-court and judicial proceedings (e.g., debt recovery or other disputes related to the products).

Data related to the newsletter and browsing data (cookies) will be retained until consent is withdrawn by the Data Subject, provided that the Data Subject may suspend processing at any time and resume it in the future by providing their personal data again. In case of consent withdrawal, a specific log will be kept to demonstrate, upon request by the Data Subject or the competent Supervisory Authority, the granting and withdrawal of such consents.

 

6. The Rights of the Data Subject

The Data Subject may exercise all the following rights:

1. Access your personal data pursuant to art. 15 Reg. EU 2016/679. This right also includes the ability to obtain a copy of the personal data collected and processed by the Data Controller. After verifying the legitimacy of the request, the Data Controller will provide the requested information and a copy of the data. In the case of manifestly unfounded or excessive requests, also due to their repetition, the Data Subject must pay the Data Controller a reasonable fee related to the administrative costs incurred by the Data Controller to fulfill the request.
2. Request the correction of your personal data pursuant to art. 16 Reg. EU 2016/679. The Data Controller will communicate this correction to any recipients of the personal data pursuant to art. 19 Reg. EU 2016/679, unless this is impossible or involves disproportionate effort, with the Data Subject retaining the right to know the identity of such recipients.
3. Request the deletion of your personal data (so-called right to be forgotten) pursuant to and within the limits established by art. 17 Reg. EU 2016/679. The Data Controller will communicate this deletion request to any recipients of the personal data pursuant to art. 19 Reg. EU 2016/679, unless this is impossible or involves disproportionate effort, with the Data Subject retaining the right to know the identity of such recipients.
4. Request the restriction of the processing of your personal data pursuant to and within the limits established by art. 18 Reg. EU 2016/679. The Data Controller will communicate this restriction request to any recipients of the personal data pursuant to art. 19 Reg. EU 2016/679, unless this is impossible or involves disproportionate effort, with the Data Subject retaining the right to know the identity of such recipients.
5. Object to the processing of your personal data pursuant to and within the limits of art. 21 Reg. EU 2016/679.
6. Request the portability of your personal data, pursuant to and within the limits established by art. 20 Reg. EU 2016/679. The Data Controller reserves the right to verify the technical feasibility of the transmission to another data controller indicated by the Data Subject on a case-by-case basis.
7. Without prejudice to processing already carried out, withdraw any consent previously given at any time, for processing based on that legal basis.
8. File a complaint with a supervisory authority pursuant to art. 77 EU Reg. 2016/679.

 

The data subject may address their requests to the Owner using the contact details provided above.

 

7. Site cookie policy

A cookie is a small file that a website asks the browser used by the user to store on the device, to remember certain information, such as the preferred language or login data. These cookies are called first-party cookies. The Owner also uses third-party cookies – that is, cookies created and made available by a party other than the Owner – for example, to enable effective promotional and online marketing initiatives for our products.

Below is information about the various cookies used by the Site that may be installed on your devices during Site navigation.

 Strictly necessary cookies

These cookies are necessary for the operation of the Site and cannot be disabled. They are usually set in response to actions you take on the Site that constitute a service request, such as setting privacy preferences, logging in, or filling out forms. You can set your browser to block or receive alerts about these cookies, but if blocked, some parts of the Site may not function.

These cookies do not store your personal information and therefore do not require your explicit consent. 

Performance cookies

These cookies allow us to count visits to the Site and their origin: this data allows us to measure and improve the Site's performance, to know which pages are more or less popular, and to see how visitors interact with the Site. All this information collected by cookies is automatically aggregated and analyzed anonymously.

You have the option to refuse consent to the use of these cookies. 

Social media cookies

These cookies are created by a series of social media services we have added to the site to allow you to share our content with your friends and connections. With these cookies, it is possible to monitor your Internet browser activity on other sites and thus create a profile of your interests. These cookies impact the content and advertising messages you see on other websites you visit.

You have the option to refuse consent to the use of these cookies. 

Functionality cookies

These cookies enable the Site to provide advanced features and personalization. They allow us to offer you additional services, alone or with the help of third parties who make their services available on our Site.

If you do not consent to these cookies, some or all of these services may not work. 

Cookies for targeted advertising

These cookies are set by our advertising partners.

They may be used by these companies to build a profile of your interests and show you relevant ads on other sites. They do not directly store personal information and are based only on identifying your browser and device.

If you refuse these cookies, you will receive less targeted advertising on sites other than the Site.

  

To disable cookies, except for those strictly necessary, you can refuse them at the first access to the Site using the refuse function on the appropriate banner or by clicking on the “x” of the same banner. Alternatively, after a previous acceptance, you can disable the Site's cookies through the internet browser features you have chosen for browsing. For more information, we refer to the support information of the most popular internet browsers, noting that such information is not verified by us as it relates to third-party services:

The list of cookies:

Cookie Domain Description Duration Type keep_alive nonnasilvi.com The keep_alive cookie is used to maintain a user's session active on a website, preventing automatic logout during periods of inactivity. 1 hour Necessary secure_customer_sig nonnasilvi.com Shopify sets this cookie to be used in connection with customer login. 1 year Necessary localization nonnasilvi.com The localization cookie stores user preferences for language and region to provide a personalized browsing experience. 1 year Necessary cart_currency nonnasilvi.com Shopify sets this cookie to remember the user’s country of origin and populate the correct transaction currency. 14 days Necessary _tracking_consent .nonnasilvi.com Shopify sets this cookie to store a user's preferences if a merchant has set up privacy rules in the visitor's region. 1 year Necessary _cmp_a .nonnasilvi.com The _cmp_a cookie is typically used for consent management, helping websites comply with legal requirements by storing user consent preferences. 1 day Necessary _shopify_y .nonnasilvi.com This cookie is associated with Shopify's analytics suite. 1 year Analytics _shopify_s .nonnasilvi.com This cookie is associated with Shopify's analytics suite. 1 hour Analytics _orig_referrer .nonnasilvi.com Shopify sets this cookie to be used in connection with the shopping cart. 14 days Analytics _landing_page .nonnasilvi.com Shopify installs this cookie to track landing pages. 14 days Analytics CLID www.clarity.ms Microsoft Clarity set this cookie to store information about how visitors interact with the website. The cookie helps to provide an analysis report. The data collection includes the number of visitors, where they visit the website, and the pages visited. 1 year Analytics _shopify_sa_t .nonnasilvi.com Shopify sets this cookie for marketing & referrals. 1 hour Analytics _shopify_sa_p .nonnasilvi.com Shopify sets this cookie for marketing & referrals. 1 hour Analytics shopify_pay_redirect nonnasilvi.com Shopify sets this cookie to enable secure online payment and checkout. 1 hour Necessary __kla_id nonnasilvi.com Klaviyo sets this cookie to collect information on the visitor’s behavior. This information is used for internal analytics and to optimize the website. It also registers if the visitor has subscribed to a newsletter. 1 year 1 month 4 days Analytics _clck .nonnasilvi.com Microsoft Clarity sets this cookie to retain the browser's Clarity User ID and settings exclusive to that website. This guarantees that actions taken during subsequent visits to the same website will be linked to the same user ID. 1 year Analytics _clsk .nonnasilvi.com Microsoft Clarity sets this cookie to store and consolidate a user's pageviews into a single session recording. 1 day Analytics _fbp .nonnasilvi.com Facebook sets this cookie to store and track interactions. 3 months Analytics MUID .bing.com Microsoft Bing sets this cookie to identify unique web browsers visiting Microsoft sites. These cookies are used for advertising, site analytics, and other operational purposes. 1 year 24 days Advertisement MR .c.bing.com This cookie, set by Bing, is used to collect user information for analytics purposes. 7 days Analytics SRM_B .c.bing.com Used by Microsoft Advertising as a unique ID for visitors. 1 year 24 days Performance SM .c.clarity.ms Microsoft Clarity cookie set this cookie for synchronizing the MUID across Microsoft domains. session Analytics MUID .clarity.ms Microsoft Bing sets this cookie to identify unique web browsers visiting Microsoft sites. These cookies are used for advertising, site analytics, and other operational purposes. 1 year 24 days Advertisement MR .c.clarity.ms This cookie, set by Bing, is used to collect user information for analytics purposes. 7 days Analytics ANONCHK .c.clarity.ms The ANONCHK cookie, set by Bing, is used to store a user's session ID and also verify the clicks from ads on the Bing search engine. The cookie helps in reporting and personalization as well. 10 minutes Advertisement lastExternalReferrerTime nonnasilvi.com never Other klaviyoOnsite nonnasilvi.com never Other lastExternalReferrer nonnasilvi.com never Other getItem nonnasilvi.com never Other setItem nonnasilvi.com never Other removeItem nonnasilvi.com never Other clear nonnasilvi.com never Other length nonnasilvi.com never Other key nonnasilvi.com never Other user-location-data nonnasilvi.com session Other _cltk nonnasilvi.com session Other klaviyoPagesVisitCount nonnasilvi.com session Other _pay_session shop.app Shopify sets this cookie to enable secure checkout and payment function on the website. session Necessary

 

8. Changes to this privacy notice

This privacy notice will be regularly reviewed by the Data Controller and corrected in case of changes to be communicated to the Data Subjects. Any changes will be appropriately indicated on the Website and by other means, where appropriate. In any case, no new or different processing will be undertaken by the Data Controller without first informing the Data Subjects.