index
Standard Delivery - £2.90 & Next working day - £4.90

Privacy policy

Privacy Policy of www.quarantacaffe.it
Last updated: [28/07/2022]

With this Privacy Policy, the data controller, as defined below, wishes to provide
users and visitors of the website www.quarantacaffe.it (the "Site") with all information regarding the purposes
for which it collects and processes their personal data, the categories of personal data processed, the rights
granted to users and visitors of the Site pursuant to Regulation (EU) No. 679/2016 ("GDPR") and
national data protection legislation (collectively, "Privacy Law"), and how
users and visitors of the Site can exercise these rights. This Privacy Policy also aims to allow
users and visitors of the Site to provide informed consent to the processing of their
personal data, where required by the Privacy Law.
This document can be printed using the print command in the settings of
any browser.


1. Data Controller
4.0 Caffè Srl (VAT No. 02557570740), with registered office at Via Provinciale Per Lecce 83, 72100 Brindisi (BR),
Italy, is the data controller of the user/visitor data collected through the Site (“Data Controller” or
“Quaranta Caffè”).
Data Controller email address: privacy@quarantacaffe.com

2. Types of Data Collected
The personal data of users/visitors that the Data Controller collects through the Site include:
– Personal data (name, surname, company name, date of birth, tax code, VAT number);
– Contact details (email address, telephone number, physical shipping address and
billing address); and
– Any responses from users/visitors to questions provided and feedback requested by the Site through
online forms and surveys (hereinafter, “Personal Data”).

The Personal Data listed above is collected by the Site at the time of:
– registration on the Site, for users who are registering for the first time on the Site (“User”);
or
– purchase of one or more of the products offered for sale through the Site, for users not registered on the
Site (“Guest”).

Unless otherwise specified on the Site, all Personal Data requested is
mandatory. It is therefore understood that failure to provide Personal Data marked as
mandatory will prevent you from registering on the Site or using the services offered therein; failure to provide
Personal Data marked as optional will not prevent you from registering on the Site or
using the services offered therein, but may make their use less immediate and
user-friendly.

This site also uses cookies and/or other tracking tools according to the methods and purposes
described in the Cookie Policy (see art. 6 below).

The User/Guest assumes responsibility for the Personal Data of third parties that he/she has published or shared
through this Site and guarantees that he/she has the right to communicate or disseminate them, and that he/she has made
this Privacy Policy known to said third parties, releasing the Data Controller from any liability towards such third parties.

3. Purposes and Legal Basis for the Processing of Personal Data

Purpose of processing
The Personal Data of Users/Guests will be processed by the Data Controller according to the principles of necessity,
data minimization, lawfulness, fairness, proportionality, and transparency for the following purposes:

(a) provide the Site, allow access and registration on the Site, as well as the use of the services offered
through the Site, i.e. the purchase of products online and order management and any other service
that may be offered in the future through the Site that the User/Guest requests, as well as to
improve the Site and the services offered therein;
(b) provide the User/Guest with customer service (by filling out the appropriate form on the Site or
by contacting the Data Controller directly) during registration on the Site and/or use of the Site and the services
offered therein, and also to resolve any reports of malfunctions and/or disputes;
(c) comply with legal obligations, respond to requests from the competent Authorities, protect their rights
and interests, and identify any malicious or fraudulent activities;
(d) provide Users/Guests, via the email address provided during registration on the Site or when making purchases
through the Site, with commercial information and newsletters relating to products and services similar to those already
purchased/requested by the User/Guest;
(e) send the User advertising material and carry out promotional, marketing and/or
direct sales activities for products and/or services sold and/or provided by the Data Controller;

(f) sending the User commercial and promotional communications relating to products and/or services of
selected third parties (i.e., companies in the Group to which the Data Controller belongs, parent companies, subsidiaries and/or
affiliates, companies affiliated with the Data Controller and third-party partners), with whom the Data Controller has
legal relationships (without, in this case, disclosing Personal Data to third parties);
(g) carrying out profiling activities with respect to the User of the Site, i.e., evaluating their preferences,
consumer habits and tastes, including by inviting them to participate in market research, for the subsequent
sending of profiled marketing communications.

Legal Basis for Processing
The above-mentioned processing purposes (see the “Purposes of Processing” section, letters (a) to (g)) are
processed by the Data Controller on the following legal bases:
(a) performance of the contract with the User/Guest and legitimate interest of the Data Controller;
(b) performance of the contract or pre-contractual measures at the request of the User/Guest and legitimate
interest of the Data Controller
; (c) fulfillment of a legal obligation to which the Data Controller is subject and/or legitimate interest of the Data Controller;
(d) legitimate interest of the Data Controller, unless the User/Guest objects;
(e) express consent of the User;
(f) express consent of the User; and
(g) express consent of the User.

With reference to the purpose referred to in point (d) above, the User/Guest may object
to receiving such communications at any time by clicking on the link at the bottom of the relevant email or by contacting the
Data Controller at the email address indicated in art. 1 above.

Contact methods for direct marketing, on behalf of third parties, and profiling purposes, as
per points (e), (f), and (g) above, may be both automated (via email, text message, push notifications,
other mass messaging tools, etc.) and traditional (telephone calls with an operator and
postal mailings). In any case, the User may withdraw their consent, even partially, for example
by consenting only to traditional contact methods.
If the User consents to the profiling indicated in point (g) above, this will involve an
automated process aimed at placing the User in a category of individuals with similar characteristics (in
terms of purchasing preferences, product interests, and purchasing areas) based on their
previous purchasing experiences, any market analyses they may have participated in, their
demographics, and their activities on the Site.

Third-Party Websites and Applications
Users are reminded that the Site may incorporate or otherwise interact with third-party websites and applications
("Third-Party Websites and Applications") to make available to Users/Guests some of the additional services
offered through the Site. Third-Party Websites and Applications are governed by their respective terms and conditions of use and
privacy policies. Users'/Guests' use of Third-Party Websites and Applications will
therefore be governed by and subject to the terms and conditions of use and privacy policies of such third parties, to which
reference is made.

4. Processing methods; Recipients of Personal Data; Location and period of storage of
Personal Data

Processing methods.
The Data Controller adopts appropriate security measures pursuant to Art. 32 GDPR, aimed at preventing
unauthorized access, disclosure, modification, or destruction of Users'/Guests' Personal Data.
Processing is carried out on paper and/or using computerized and/or electronic tools, using
organizational methods and methods strictly related to the purposes indicated in Art. 3 above.

Recipients of Personal Data:
The processing of Users'/Guests' Personal Data will be entrusted, for individual transactions, to the Data Controller's duly authorized and appointed employees
and/or collaborators (administrative, commercial, marketing, legal, and system administrators ). Any third parties delegated by the Data Controller to process Users'/Guests' Personal Data (e.g., third-party technical service providers, postal couriers, hosting providers, IT companies, and communications agencies) will be appointed as Data Processors pursuant to Art. 28 of the GDPR. An updated list of Data Processors may be requested from the Data Controller at any time by contacting the email address indicated in Art. 1 above. Users'/Guests' Personal Data will not be disclosed or transferred outside the European Union.


Place and period of storage of Personal Data
The Personal Data of Users/Guests will be stored on the Data Controller's servers, all located in the EU.

That said, Users/Guests are reminded that the Site may incorporate or otherwise interact with Third Party Websites and
Applications, in order to make available the ancillary services offered through the Site. Third Party Websites and
Applications are governed by their respective terms and conditions of use and privacy policies.

The use of Third Party Sites and Applications by Users/Guests will therefore be governed by and subject to the
terms and conditions of use and privacy policies of such third parties, to which reference is made.

The Personal Data of Users/Guests are processed by the Data Controller and retained for the time necessary for the
purposes indicated in Article 3 above. In particular:
– for the purposes referred to in points (a), (d), (e), (f), and (g) of Article 3 above, the Personal Data of Users will be
retained by the Data Controller (but not used for purposes (d), (e), (f), and (g) in the event of opposition, or in the
absence or subsequent withdrawal of consent) until the User deletes his/her account. It is
understood, however, that the Data Controller may retain the Personal Data of Users to defend its rights in
relation to disputes pending at the time of the request or upon indication from public authorities.
The User may delete his/her account by sending an express request to the Data Controller to delete his/her Personal Data
(see Article 1 above);
– for the purpose referred to in point (a) of Article 3 above. 3 above, the Personal Data of Guests will be retained until
the contract or pre-contractual measures in place have been fully executed. For the purposes referred to in
point (d) of Article 3 above, the Personal Data of Guests will be retained, unless they object, for as long as
the legitimate interest of the Data Controller persists. The Personal Data of Guests will not be processed – and therefore
retained – for the purposes referred to in points (e), (f), and (g) of Article 3 above;
– for the purposes referred to in point (b) of Article 3 above, the Personal Data of Users/Guests will be retained
for the time strictly necessary to resolve the request for assistance, report, and/or complaint and
provide the Users/Guests with feedback. However, in this case too, it is understood that the Data Controller may
retain the Personal Data, within the limits of the law, to defend its rights in relation to ongoing disputes
or upon request from public authorities; and
– for the purpose referred to in point (c) of Article 3 above. 3 above, the Personal Data of Users/Guests will be retained
by the Data Controller for as long as the need for processing persists to fulfill said legal obligations.

At the end of the retention period, the Personal Data will be deleted. Therefore, upon expiration of this
period, the rights to access, erasure, rectification, and portability of the Personal Data
can no longer be exercised.

5. User/Guest Rights
Users/Guests may exercise certain rights with respect to the Personal Data processed by the Data Controller.
In particular, the User/Guest has the right to:
– obtain information regarding the purposes for which his/her Personal Data is processed, the period of
processing and the subjects to whom the Personal Data is disclosed (so-called right of access);
– obtain the rectification or integration of inaccurate Personal Data concerning him/her (so-called right to rectification);
– obtain the erasure of Personal Data concerning him/her in the following cases: (a) the Personal Data
is no longer necessary for the purposes for which it was collected; (b) he/she has withdrawn his/her consent to the
processing of Personal Data if it is processed on the basis of his/her consent; (c) he/she has objected to the processing of Personal Data.

processing of your Personal Data if it is processed for a legitimate interest
of the Data Controller; or (d) the processing of your Personal Data is unlawful (so-called right to
erasure). However, we inform you that the Data Controller may lawfully retain your Personal Data
if it is necessary to comply with a legal obligation or to establish,
exercise, or defend legal claims;
– to have your Personal Data retained without any other use
if (a) you contest the accuracy of your Personal Data, for a period necessary to
allow us to verify the accuracy of your Personal Data; (b) the processing is unlawful but you oppose
the erasure of your Personal Data by the Data Controller; (c) you
require the Personal Data to establish, exercise, or defend legal claims; (d) the data subject has objected to the
processing and is awaiting verification whether the legitimate grounds of the
Data Controller override those of the data subject (so-called right to restriction of processing); – receive the Personal Data concerning him or her
in a commonly used, machine-readable, and interoperable format (so-called right to data portability); – obtain cessation of processing in cases where his or her Data is processed for the purposes of commercial communications/newsletters relating to products or services identical to those already purchased/provided by the Data Controller (so-called right to object); and – withdraw his or her consent to the processing of his or her Personal Data at any time, without prejudice to the lawfulness of processing based on consent before its withdrawal.

 

 


How to exercise your rights:
To exercise the rights listed above, Users/Guests can send a request to the
Data Controller's contact details indicated in Article 1 above. Requests are submitted free of charge and will be processed by the
Data Controller as quickly as possible. Finally, we remind you that Users/Guests have the right to contact the
Italian Data Protection Authority, located in Piazza di Monte Citorio, 121 – 00186 Rome (RM),
to assert their rights regarding the processing of their Personal Data by the Data Controller.

6. Cookie Policy
This website uses cookies and other tracking tools. To learn more, the user/guest
can consult our Cookie Policy.

7. Changes to this Privacy Policy.
While the Data Controller will not, under any circumstances, process data other than those
expressly authorized and/or requested by Users/Guests, this Privacy Policy may be
subject to changes to comply with new laws, the Data
Controller's changed Personal Data processing policies, and/or following changes to the Site's features and/or the services
offered therein. Each updated version of this Privacy Policy will be made available on the Site in the
dedicated section: the Data Controller therefore invites Users/Guests to periodically consult the Privacy Policy
published on the Site to stay informed of the latest published version.

Quality Guaranteed
Our products are made with excellent raw materials
Secure Payments
Advanced encryption to protect your data in every transaction.
Shipping
Next working day - £4.90
Standard Delivery - £2.90
Customer Support
At your disposal to answer questions and resolve any doubts

© 2025 – All rights reserved