Privacy

Privacy Policy

This policy describes how we process the personal data of users who visit and use the website www.tavoloverde.com (hereinafter, the "Site"), and is provided pursuant to Art. 13 of Regulation (EU) 2016/679 ("GDPR") and applicable Italian data protection legislation.

This information applies exclusively to this Site and not to other websites that may be consulted via external links.

1. Data controller

The Data Controller is:

PNO S.r.l.

Registered office: Via Guido Reni, 42 – 00196 Rome (RM) – Italy 

Email: amministrazione@pnosrl.com

The Data Controller determines the purposes and means of processing personal data.

2. Types of data processed

a) Browsing data

The computer systems and software procedures used to operate the Site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.

These include, but are not limited to:

  • IP addresses,
  • domain names of the devices used,
  • URI addresses of the requested resources,
  • time of request,
  • parameters relating to the user's operating system and computing environment.

This data is used exclusively for anonymous statistical purposes and to verify the proper functioning of the Site.
It may also be used to ascertain liability in the event of computer crimes. The data is retained for the time strictly necessary and in compliance with the law.

b) Data provided voluntarily by the user

The optional, explicit, and voluntary sending of communications (for example, via email or form) involves the acquisition of the sender's contact details and any additional personal data entered.

The data provided during:

  • registering an account,
  • placing an order,
  • request for information,

They are necessary to allow the correct provision of the requested services. Failure to provide them may make it impossible to process the user's requests.

3. Purpose and legal basis of the processing

Personal data are processed for the following purposes:

  • management of the contractual and pre-contractual relationship;
  • order fulfillment and shipment management;
  • fulfillment of legal and tax obligations;
  • management of requests for assistance or information;
  • protection of the Data Controller's rights (e.g. defense in court).

The legal basis for the processing is:

  • the performance of a contract or pre-contractual measures (Article 6, paragraph 1, letter b GDPR);
  • fulfillment of legal obligations (Article 6, paragraph 1, letter c GDPR);
  • the legitimate interest of the Data Controller (Article 6, paragraph 1, letter f GDPR).

4. Methods of processing

Personal data is processed in compliance with the principles of fairness, lawfulness, transparency, and data minimization, using paper, computer, and electronic means, with appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of the data.

5. Data retention

Personal data will be retained for the time necessary to achieve the purposes for which it was collected and, in any case, in compliance with applicable legal obligations.
Data related to contractual relationships will be retained for up to 10 years after the termination of the relationship , as required by tax and civil law.

6. Data recipients

Personal data may be communicated to:

  • employees and collaborators of the Owner, duly authorized;
  • suppliers of technical, logistical, IT and administrative services;
  • consultants and professionals, where necessary;
  • public authorities, in cases provided for by law.

These entities will process the data as Data Processors or independent Data Controllers .

The data will not be disclosed.

7. Data transfer

Personal data is processed and stored within the European Union .
If it becomes necessary to transfer data to countries outside the EU, this will be done in compliance with the guarantees provided by the GDPR.

8. Cookie

The Site uses technical cookies and, with your consent, analytics and/or third-party cookies.
For more information, please consult the dedicated Cookie Policy .

9. Rights of the interested party

The user, as an interested party, can exercise the rights provided for in Articles 15-22 of the GDPR at any time, including:

  • access to personal data;
  • rectification or update;
  • erasure (right to be forgotten);
  • limitation of processing;
  • data portability;
  • opposition to processing;
  • complaint to the Italian Data Protection Authority.

10. How to exercise your rights

Your rights may be exercised by contacting the Data Controller:

11. Updates

This policy may be subject to changes or updates.
Users are encouraged to review it periodically.