Privacy Policy

The document was updated on 16/05/2018 to comply with the new regulatory provisions on the protection of personal data.




Data controller
This privacy policy applies to website (together also “The Site”). Data controller, pursuant Section 28 D.lgs.196/2003 (hereinafter “Privacy Code” or “Code), is Caffèorchidea Editore Srl (hereinafter also “Caffèorchidea”) Via Casarsa, 28 – 84025 Eboli (SA), C.F. e P. IVA n. 05532450656.


Purposes of the processing
As better explained in the sections that allow users to join – by giving their personal information – to services provided for by the Site, users’ data are processed to allow us to respond to their specific requests. In particular, collection and subsequent processing of data are done for the following purposes:

a) Site registration;
b) Subscription to the newsletter via email;
c) Content sharing over the Site;
d) Customer relationship management;
e) Purchasing editorial product branded Caffèorchidea;
f) Requests of information;
h) Entering and participating to promotions offered to new or old customers;
i) purposes of statistical research / analysis on aggregated or anonymous data, without the possibility of identifying the user, aimed at measuring the functioning of the site.

When purchasing products or services in the Caffèorchidea e-shop, Caffèorchidea, as the data controller, may send promotional emails about products or services similar to those purchased by the data subject, who may oppose immediately to the sending of such emails by sending an email to Caffèorchidea will not use the data provided for purposes other than those provided for the above mentioned service, that the user has requested, or within the specified limits from time to time described in the eventual additional specific information notice for a different and particular service requested by the user.


Subjects that process your data
For purposes connected to the provision of services requested by the user, personal data will be made available to third parties, who will act autonomous data controllers in providing their services as requested by the user (for example, companies that delivery purchased products) or to whom the communication of data is required to comply with laws or regulations. We have appointed data processors. In particular, we have appointed as external data processor for providing hosting service Aruba Spa, Localita il Palazzetto n. 4, Bibbiena (Ar), Italy. The updated list of data processors is available upon request sent to the data controller. Personal data will be made available to people expressly authorized by the data controller – and so appointed as persons in charge of the processing, who carry out processing activities necessary for the purposes listed above; such appointed individuals belong to administrative personnel, communication, accounting, legal advice, technical maintenance of information systems, and marketing personnel, depending on the specific request made by the data subject over this Site. The Data Controller does not transfer personal data to third countries or international organizations, however, reserves the right to use cloud services; in which case, the service providers will be selected among those who provide adequate guarantees, as required by art. 46 GDPR 679/16. Your data may be transferred abroad, to European Union countries or to other countries deemed as safe by the European Commission, or even to Countries outside the European Union which are not included in the list of safe Countries, with which we will stipulate in advance, the specific agreements for the protection of your privacy, containing standard contractual clauses given by the European Commission decision of 5 February 2010, or that has obtained the Privacy Shield certification for data transfers between EU and US.


How we process your data
All processing activities performed as part of the services available through this Site is made by electronic or telematic means, or by print/manual means. The data will be processed within the purposes for which they were collected and in compliance with current security standards, for the purposes listed above or specified from time to time in any further information notice given to the user. Personal data will be processed for the time strictly necessary to achieve the purposes for which they are collected.


Types of personal data processed and optionality for provision of personal data
The forms to be filled on this Site provides both for personal data that are strictly necessary to request which if not given it won’t be possible to proceed with the request, and for personal data that is optional and not strictly necessary to respond to requests.


Navigation data
During their normal operation, the computer systems and software procedures used by this website acquire some personal data, the transmission of which is implicit in the use of internet communication protocols. This is information which is not collected in order to be associated with particular persons, but which by its nature could, through processing and combination with data held by third parties, enable users to be identified. This category includes: IP addresses and domain names of computers utilized by users to connect to the website, addresses of requested resources in URI (Uniform Resource Identifier) notation, the time the request was made, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the state of the response given by the server (successful conclusion, error, etc.) and other parameters relating to the user’s operating system and informatics environment. This data is used solely to obtain anonymous statistical information on the use of the website and to verify that it is functioning correctly (see also the paragraph on Cookies). The data could be used by the competent authorities to ascertain responsibility in hypothetical cases of computer-related crime resulting in damage to the site.: other than this occurrence, personal data are not stored for more than seven days.


Personal data provided voluntarily by the user
Personal data normally required for the use of services of this Site is constituted by personal records, contact and payment instruments and details. The optional, specific and voluntary sending of e-mail to addresses listed on this Site or filling out electronic forms of contact involves the subsequent acquisition of sender’s address, necessary to respond to requests, and any other personal data included in the message. Specific brief information notices will be provided or displayed on web pages dedicated to specific on demand services. Generally, sensitive data is not processed as per Section 4 D.lgs. 196/2003 (in case of processing of sensitive data for certain services a specific information notice will be given together with the express request for consent by the data subject).


Social plug-ins
Although it is currently not possible, in the future access to the site and services could also be done using credentials provided by a third party, such as Twitter, Facebook, Google+ or similar service. In this case, the user shall check the service’s settings and read carefully the policies of the third party provider, as he may authorize such third party vendor to share his personal information and to authorize Caffèorchidea to collect information such as contacts, friends and other user personal data. We will store the user’s account identification code associated with the third party provider when using it to log in to Caffèorchidea or sharing content over the Site; personal data will be stored for as long as necessary to provide the services required. If the user creates a Caffèorchidea account or use the Site’s services by connecting through social plug-in buttons, we may use the information in the account of origin to complete his profile on the Site. User may update or change the information of the profile and contact information at any time through the social plug-ins. We may also collect information about user and his use of our services through cookies and other similar technologies implemented on the site, in the terms explained in the specific section of this policy.


Data subjects’ rights
Data subjects have the right at any time to obtain confirmation of the existence of such data and to know its content and origin, to verify its accuracy or request its integration, updating, or correction (Section 7 D.lgs. 196/2003). As per Article 7 D.lgs. 196/2003, the user shall have the right to request the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, and to oppose to the processing for legitimate reasons.


Requests should be sent to the data controller by post or by e-mail to the following address: