​​

I – INFORMATION REGARDING THE PRIVACY POLICY OF THE SITE

1. This section provides information on the management of Caffè ACO with regard to the processing of user data on Caffè ACO.

2. This privacy policy is also valid pursuant to Article 13 of Regulation (EU) No. 2016/679, concerning the protection of natural persons in relation to the processing of personal data and the free movement of such data, for those who interact with Caffè ACO and is accessible at the address corresponding to the homepage:

www.caffeaco.it

1. This policy applies only to Caffè ACO and not to other websites that can be reached via links on the site.

2. The purpose of this document is to provide information on the methods, timing, and nature of the information that data controllers must provide to users when they access the pages of Caffè ACO, regardless of the reason for the connection, in accordance with Italian and European law.

3. This policy may be modified due to the introduction of new regulations, so users are invited to periodically check this page.

4. If the user is under the age of 14, pursuant to Article 8, paragraph 1 of Regulation (EU) No. 2016/679, and Article 2-Quinquies of Legislative Decree 196/2003, as amended by Legislative Decree 181/18, consent must be authorized by the parents or guardians.

II – DATA PROCESSING

1 – Data Controller

1. The data controller is the natural or legal person, public authority, service, or other body that determines the purposes and means of processing personal data, and is also responsible for security aspects.

2. For this website, the data controller is: Alberto Carosio, and for any clarifications or exercising of user rights, you can contact him via email: caffeacoshop@gmail.com.

2 – Data Processor

1. The data processor is the natural or legal person, public authority, service, or other body that processes personal data on behalf of the data controller.

2. According to Article 28 of Regulation (EU) No. 2016/679, by appointment of the data controller, the data processor for the Caffè ACO website is: Alberto Carosio.

3 – Data Processing Location

1. The data processing related to the use of Caffè ACO takes place at Strada Rebba 59, 15076, Ovada (AL).

2. If necessary, data related to the newsletter service may be processed by the data processor or individuals appointed for this purpose at the relevant location.

III – COOKIES

1 – Types of Cookies

1. The Caffè ACO website uses cookies to make the user's browsing experience easier and more intuitive. Cookies are small text strings used to store information that may relate to the user, their preferences, or the access device (computer, tablet, or mobile) and are mainly used to adapt the site’s operation to the user’s expectations, providing a more personalized browsing experience and saving previously made choices.

2. A cookie is a small set of data transmitted to the user’s browser by a web server and can only be read by the server that made the transfer. It is not executable code and does not transmit viruses.

3. Cookies do not store personal information, and identifiable data will not be saved. However, it is possible to prevent the saving of some or all cookies. In this case, the use of the site and services offered might be compromised. To proceed without modifying cookie options, it is sufficient to continue browsing.

The following are the types of cookies used by the site:

2 – Technical Cookies

1. There are several technologies used to store information on the user's computer, which is then collected by websites. The most commonly used is HTML cookies. These are necessary for navigation and to facilitate access and use of the site by the user. They are required for the transmission of communication over the electronic network or for the service provider to provide the requested service.

2. The settings for managing or disabling cookies can vary depending on the browser used. However, the user can manage or request the general deactivation or deletion of cookies by modifying the settings of their browser. Disabling cookies may slow down or prevent access to some parts of the site.

3. The use of technical cookies ensures the safe and efficient use of the site.

4. Cookies inserted in the browser and retransmitted by Google Analytics or similar statistical services are considered technical if used for optimizing the site directly by the site owner, who can collect aggregate information about the number of users and how they visit the site. In these cases, for analytics cookies, the same rules apply in terms of notification and consent, as for technical cookies.

5. Regarding duration, cookies can be distinguished into session cookies, which are automatically deleted at the end of the session and help identify the user to avoid logging in on each page visited, and persistent cookies, which remain active on the computer until expiration or deletion by the user.

6. Session cookies may be installed to allow access to and stay in the reserved area of the portal as an authenticated user.

7. These cookies are not stored persistently but only for the duration of the session, and they disappear with the browser's closure. Their use is strictly limited to the transmission of session identifiers, necessary for the safe and efficient exploration of the site.

3 – Third-Party Cookies

1. Based on origin, cookies are divided into those sent to the browser directly from the site being visited and those from third parties sent to the computer from other sites, not from the one being visited.

2. Permanent cookies are often third-party cookies.

3. Most third-party cookies are tracking cookies used to identify online behavior, understand interests, and customize advertising proposals for users.

4. Analytical third-party cookies may be installed. These are sent by domains of third parties external to the site.

5. Third-party analytical cookies are used to gather information about user behavior on Caffè ACO. The collection is anonymous to monitor performance and improve the usability of the site. Third-party profiling cookies are used to create profiles related to users, to propose advertising messages in line with the choices made by the users.

6. The use of these cookies is governed by the rules set by the third parties involved, so users are encouraged to review the privacy policies and instructions for managing or disabling cookies on their respective web pages.

4 – Profiling Cookies

1. Profiling cookies are used to create profiles related to the user and are used to send advertising messages based on preferences expressed during web navigation.

2. When using these types of cookies, the user must provide explicit consent.

3. Article 22 of Regulation (EU) 2016/679 and Article 122 of the Data Protection Code apply.

IV – PROCESSED DATA

1 – Data Processing Methods

1. Like all websites, this site uses log files where information is automatically stored during user visits. The collected information might include the following:

– Internet Protocol (IP) address; – Type of browser and device parameters used to connect to the site; – Name of the Internet Service Provider (ISP); – Date and time of visit; – Referral page and exit page; – Number of clicks.

1. The above information is processed automatically and collected in an aggregated form to verify the proper functioning of the site and for security reasons. This information will be processed based on the legitimate interests of the data controller.

2. For security purposes (spam filters, firewalls, virus detection), automatically recorded data may include personal data such as the IP address, which may be used according to current laws to block attempts to harm the site or other users, or any harmful or illegal activities. This data is never used for identification or profiling but solely for protecting the site and its users. These details will be processed based on the legitimate interests of the data controller.

3. If the site allows comment insertion or specific services requested by the user, including submitting a resume for potential employment, the site will automatically collect and record some identifying data from the user, including the email address. These data are voluntarily provided by the user at the time of the service request. By submitting a comment or other information, the user explicitly agrees to the privacy policy and consents to the public dissemination of the submitted content, even to third parties. The received data will be used exclusively for providing the requested service and for the time necessary for its provision.

4. Information that users choose to make public through the services and tools provided on the site is provided voluntarily and knowingly, releasing the site from any responsibility for violations of the law. The user is responsible for verifying whether they have permission to enter personal data of third parties or content protected by national and international laws.

2 – Purpose of Data Processing

1. Data collected by the site during its operation are used for the above-mentioned purposes and the following:

– Advertising for sending newsletters

1. Data retention will be for the time strictly necessary to achieve the above purposes and in any case, no longer than one year.

2. Data used for security purposes (blocking attempts to damage the site) are retained for the time strictly necessary to achieve the previously mentioned purpose.

3 – Data Provided by the User

1. As mentioned above, the optional, explicit, and voluntary submission of email to the addresses provided on this site leads to the acquisition of the sender's address, which is necessary for responding to requests, as well as any other personal data included in the message.

2. Specific summary information will be progressively provided or displayed on pages of the site prepared for specific requested services.

4 – Support in Configuring Your Browser

1. The user can manage cookies through their browser settings. However, deleting cookies from the browser may remove preferences set for the site.

2. For more information and support, you can also visit the specific help page for the web browser you are using:

– Internet Explorer: http://windows.microsoft.com/en-us/windows-vista/block-or-allow-cookies

– Firefox: https://support.mozilla.org/en-us/kb/enable-and-disable-cookies-website-preferences

– Safari: http://www.apple.com/legal/privacy/it/

– Chrome: https://support.google.com/accounts/answer/61416?hl=it

– Opera: http://www.opera.com/help/tutorials/security/cookies/

5 – Social Network Plugins

1. This site also integrates social network plugins and/or buttons to allow easy sharing of content on your favorite social networks. These plugins are programmed not to set any cookies upon page access to safeguard user privacy. Cookies are only set, if provided by the social networks, when the user actively and voluntarily uses the plugin. Please note that if the user is logged into the social network, they have already consented to the use of cookies through this site when signing up for the social network.

2. The collection and use of information obtained through the plugin are regulated by the respective privacy policies of the social networks, which should be referred to:

• Facebook: https://www.facebook.com/help/cookies

• Twitter: https://support.twitter.com/articles/20170519-uso-dei-cookie-e-di-altre-tecnologie-simili-da-parte-di-twitter

• Google+: http://www.google.com/policies/technologies/cookies

• Pinterest: https://about.pinterest.com/it/privacy-policy

• AddThis: http://www.addthis.com/privacy/privacy-policy

• LinkedIn: https://www.linkedin.com/legal/cookie-policy

V. USER RIGHTS

1. Article 13, paragraph 2 of Regulation (EU) 2016/679 lists the user’s rights.

2. The Caffè ACO website intends to inform the user about the existence of their rights based on the following articles of Regulation (EU) 2016/679:

a) According to Article 15, the right of the data subject to request access to personal data, according to Article 16 the possibility of rectifying provided data, according to Article 18 the possibility of integrating or limiting the processing of personal data, or objecting, for legitimate reasons, to their processing under Article 21, in addition to the right to data portability under Article 20 of Regulation (EU);

b) The right to request deletion under Article 17, anonymization, or blocking of data processed in violation of the law, including data that does not need to be kept in relation to the purposes for which it was collected or later processed.

c) The right to obtain confirmation that the data update, rectification, integration, deletion, or blocking operations have been communicated, including regarding their content, to those to whom the data has been disclosed or disseminated, except when such notification is impossible or involves the use of disproportionate means in relation to the right being protected.

1. Requests can be addressed to the data controller, without formalities or, alternatively, using the form provided by the Data Protection Authority, or by sending an email to: caffeacoshop@gmail.com

2. When the processing is based on Article 6, paragraph 1, letter a) – explicit consent to use – or on Article 9, paragraph 2 letter a) – explicit consent to the use of genetic, biometric, health-related data, revealing religious beliefs, philosophical or trade union affiliation, or revealing racial or ethnic origin, political opinions – the user has the right to withdraw consent at any time without affecting the lawfulness of the processing based on the consent given before the withdrawal.

3. Likewise, in case of a violation of the regulation, the user has the right to file a complaint with the Data Protection Authority, the authority responsible for overseeing processing in the Italian State.

4. For a more detailed examination of the rights that apply, see Articles 15-22 of Regulation (EU) 2016/679.

VI – TRANSFER OF DATA TO NON-EU COUNTRIES

1. This site may share some of the collected data with services located outside the European Union. Specifically with Google, Facebook, and Microsoft (LinkedIn) through social plugins and Google Analytics services. The transfer is authorized and strictly regulated by Article 45, paragraph 1 of Regulation (EU) 2016/679, so no further consent is required. The companies mentioned above guarantee their adherence to the Privacy Shield.

2. Data will never be transferred to third countries that do not comply with the conditions specified in Article 45 et seq. of Regulation (EU).

VII. SECURITY OF PROVIDED DATA

1. This site processes user data in a lawful and fair manner, adopting appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of data. The processing is carried out using computer and/or telematic tools, with organizational methods and logic strictly related to the stated purposes.

2. In addition to the controller, in some cases, categories of staff involved in organizing the site (administrative, commercial, marketing, legal, system administrators) or external subjects (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) may have access to the data.

VIII. CHANGES TO THIS DOCUMENT

1. This document, which constitutes the privacy policy of this site, is published at:

caffeaco.it/privacy

1. It may be subject to changes or updates. If there are significant changes and updates, these will be highlighted with appropriate notifications to users.

2. Previous versions of the document will still be available on this page.

3. The document was updated on 05/06/2021 to comply with regulatory requirements, particularly in accordance with Regulation (EU) 2016/679.