Privacy Policy and Processing of Personal Data

Last updated: April 2026

This Privacy Policy describes how the Naturalpina Dolomitiwebsite (hereinafter the “Site”) is managed with regard to the processing of personal data of users who visit the site and make purchases through the e-commerce platform.

This privacy notice is provided pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (hereinafter “GDPR” or “Regulation”) and Legislative Decree 196/2003 (Privacy Code), as amended by Legislative Decree 101/2018, to those who interact with the Website’s web services.

 

1. Data Controller

The data controller is:

Naturalpina di Pedon Alice

Registered office: 41 Via A. Lazzarini – 32100 Belluno (BL)

Phone: 349-596-3857

Email: info@naturalpinadolomiti.it

 

2. Types of Data Processed

When you browse and use our e-commerce site, we collect and process the following categories of personal data:

2.1 Browsing data

The computer systems and software procedures used to operate this Website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This category includes IP addresses, the domain names of the computers used by users, the URI/URL addresses of the requested resources, the time of the request, the method used to submit the request to the server, and other parameters related to the user’s operating system and IT environment.

2.2 Data voluntarily provided by the user

We collect personal data that you voluntarily provide to us on various occasions:

  • Account registration and purchases (E-commerce): First name, last name, billing and shipping addresses, email address, phone number, payment information (processed through secure external gateways), order history.
  • Contact form fields: First name, last name, email address, phone number, and any other information included in the message.
  • Newsletter Subscription: Email address and name (upon explicit consent).

 

3. Purpose of Processing and Legal Basis

Personal data is processed for the following purposes:

Purpose
Legal Basis
Performance of the sales contract: Management of orders, payments, shipments, returns, and post-sale customer service.
Performance of a contract to which the data subject is a party (Art. 6(1)(b) of the GDPR).
Response to inquiries: Handling of communications sent via contact forms or email.
The performance of pre-contractual measures or the legitimate interests of the Data Controller (Art. 6(1)(b) and (f) of the GDPR).
Compliance with legal obligations: Retention of accounting and tax records as required by applicable law.
Legal obligation to which the Data Controller is subject (Art. 6, para. 1, subpara. c of the GDPR).
Marketing and Newsletters: Sending promotional communications, discounts, and updates on Naturalpina products.
Explicit consent of the data subject (Art. 6, para. 1, subpara. a of the GDPR).
Security and Fraud Prevention: Site monitoring to prevent illegal or fraudulent activity.
Legitimate interest of the Data Controller (Art. 6(1)(f) of the GDPR).

 

4. Processing Methods and Security

Personal data is processed using computer and telecommunications systems, in accordance with procedures strictly related to the purposes indicated above, and in a manner that ensures the security and confidentiality of the data.

In accordance with Article 32 of the GDPR, the Data Controller has implemented appropriate technical and organizational measures to protect personal data against destruction, loss, alteration, unauthorized disclosure, or accidental or unlawful access. Payment transactions are processed using secure encrypted protocols (SSL/TLS).

 

5. Recipients of the Data

Personal data will not be made public. However, in order to achieve the purposes indicated, the data may be disclosed to:

  • Authorized personnel: Employees and contractors of the Data Controller who have been trained and authorized to process the data.
  • Third-party service providers (Data Processors): Couriers and shipping companies, web hosting and maintenance service providers, payment gateways (e.g., PayPal, Stripe), tax and legal advisors, and newsletter distribution platforms.
  • Competent authorities: Where required by law or to protect the data subject’s rights.

The updated list of Data Processors is available at the Data Controller’s office.

 

6. Transfer of Data Outside the EU

Personal data is stored on servers located within the European Union. Should it become necessary to use cloud services or platforms located outside the European Economic Area (EEA), the Data Controller ensures that the transfer will take place in compliance with applicable legal provisions, entering into, if necessary, agreements that guarantee an adequate level of protection (e.g., Standard Contractual Clauses approved by the European Commission).

 

 7. Data Retention Period

Personal data will be retained for no longer than is strictly necessary to fulfill the purposes for which it was collected:

  • Browsing data: Deleted immediately after processing or retained for up to 7 days (unless necessary for the investigation of crimes).
  • Contractual and accounting data (E-commerce): Retained for 10 years from the date the contract is concluded, as required by Italian civil and tax law (Art. 2220 of the Italian Civil Code).
  • Data for contact requests: Retained for the time necessary to process the request and, in any case, for no longer than 36 months.
  • Data for marketing purposes: Retained until the user withdraws consent (unsubscribes).

 

8. Rights of the Data Subject

Pursuant to Articles 15–22 of the GDPR, the data subject has the right to:

  • Access: Obtain confirmation as to whether or not personal data is being processed and access it.
  • Correction: Request the correction of inaccurate data or the completion of incomplete data.
  • Deletion (Right to be Forgotten): Request the deletion of your data if the grounds provided for by law apply.
  • Restriction: Request a restriction on processing in specific circumstances.
  • Data portability: Receive your data in a structured, commonly used, and machine-readable format.
  • Right to Object: You have the right to object at any time to the processing of your data on legitimate grounds or for direct marketing purposes.
  • Withdrawal of consent: You may withdraw your consent at any time, without affecting the lawfulness of processing based on consent given prior to withdrawal.

To exercise these rights, the data subject may send a written request to the Data Controller at the following email address: info@naturalpinadolomiti.it.

The data subject also has the right to file a complaint with the Italian Data Protection Authority (www.garanteprivacy.it) if he or she believes that the processing violates applicable laws.

 

9. Changes to the Privacy Policy

The Data Controller reserves the right to make changes to this Privacy Policy at any time, notifying users on this page. Please check this page regularly, referring to the last updated date shown at the top.