PRIVACY POLICY

Data Controller

POMO ANGELA, P.IVA 08526260727
Registered Office: ANDRIA, VIA GERUSALEMME 19 – CAP 76123
Website: azaro.it
Email: info@azaro.it

Privacy Notice for Customers

This notice describes the methods and purposes of processing personal data by POMO ANGELA, P.IVA 08526260727, as the Data Controller, in full compliance with Regulation (EU) 2016/679 (GDPR) and applicable national legislation.

Scope of Application

This policy applies to all services provided on https://azaro.it and related applications.

Sources of Personal Data

  • Voluntary completion of forms on the site by the data subject (contact form, newsletter subscription);
  • Direct communications sent by the data subject to the Controller’s contact details (e.g., email);
  • Technical data automatically collected during site navigation (e.g., IP address, technical and functional cookies), in compliance with current cookie legislation (Art. 122 Legislative Decree 196/2003).

Purposes and Legal Bases of Processing

PurposeDataLegal Basis
Managing contact requestsName, email, messageArt. 6(1)(b) GDPR (pre-contractual measures)
Order fulfillment and invoicingIdentification data, contact data, contractual data, payment dataArt. 6(1)(b) GDPR (performance of a contract)
Compliance with legal and fiscal obligationsContractual data, invoicing dataArt. 6(1)(c) GDPR (legal obligation)
Newsletter subscriptionEmailArt. 6(1)(a) GDPR (explicit consent)
Direct marketing (promotions)Email, preferencesArt. 6(1)(a) GDPR (consent)
Aggregated statistical analysisAnonymous navigation dataArt. 6(1)(f) GDPR (legitimate interest)
Profile management and minimal profilingPurchase history, preferencesArt. 6(1)(a) GDPR (consent)

Processing Methods and Security Measures

Processing is carried out using electronic and organizational tools, ensuring:

  • SSL/TLS encryption on all login and transaction pages.
  • Database protection via firewalls and access controls.
  • Regular backups and disaster recovery procedures.
  • Physical and logical access controls for authorized personnel.
  • Vulnerability testing and regular system updates.

Categories of Personal Data Processed

  • Identification data: first name, last name, date of birth.
  • Contact data: email address, phone number, shipping address.
  • Payment data: payment method information (partly managed by payment providers).
  • Navigation data: IP address (anonymized), browser type, operating system, cookies.
  • Contractual data: order information, purchase history.

No special categories of data under Art. 9 GDPR are processed.

Recipients and International Transfers

Data may be disclosed to:

  • Authorized internal staff.
  • External processors appointed, such as:
    • Couriers for delivery (e.g., Courier X).
    • Payment providers (e.g., Stripe, PayPal).
    • Hosting and IT maintenance companies.
    • Tax and legal consultants.
    • Email marketing providers (e.g., Mailchimp) for newsletter delivery.

Transfers to third countries outside the EU occur only with appropriate safeguards (Standard Contractual Clauses or Binding Corporate Rules).

Retention Period

  • Form submissions: up to 12 months after last interaction;
  • Newsletter data: until consent is withdrawn;
  • Anonymous technical analytics data: according to the specific cookie terms;
  • Order and invoice data: stored for 10 years for fiscal obligations;

Profiling and Personalized Marketing

The site may use automated processes to suggest products based on purchase history. These activities are based on expressed consent. The data subject may object at any time via the unsubscribe link or by contacting info@azaro.it .

Cookies and Similar Technologies

For detailed information on technical, analytical, and profiling cookies used, their duration, and opt-out methods, see the Cookie Policy available on the site.

Data Subject Rights

Under the GDPR, the data subject has the right to:

  • Obtain confirmation of existence of personal data (Art. 15);
  • Request rectification or completion (Art. 16);
  • Request deletion (Art. 17);
  • Request restriction of processing (Art. 18);
  • Object to processing (Art. 21);
  • Receive data in portable format (Art. 20);
  • Withdraw consent at any time (Art. 7);
  • Lodge a complaint with a supervisory authority (Art. 77).

How to exercise: The data subject may exercise these rights by writing to info@azaro.it . The Controller will respond within 30 days.

Data Breach

In case of a personal data breach, the Controller will notify the Supervisory Authority within 72 hours and, if required, inform data subjects under Art. 34 GDPR.

Changes to This Notice

This policy may be updated. Please review it periodically. Any changes will be marked with the date of last revision.

Legal References

Below is a summary of the main legislative references, regulations, and guidelines applicable to this policy.

RegulationLink
The ePrivacy Directive (Directive 2002/58/EC)https://www.garanteprivacy.it/home/docweb/-/docweb-display/docweb/35284
Regulation (EU) 2016/679 (GDPR)https://eur-lex.europa.eu/legal-content/IT/TXT/HTML/?uri=CELEX:32016R0679
https://gdpr-info.eu
Directive 2009/136/EC (Cookie Law) implemented in Italy by Art. 122 of Legislative Decree 196/2003https://eur-lex.europa.eu/eli/dir/2009/136/oj
https://www.normattiva.it/uri-res/N2Ls?urn:nir:stato:decreto.legislativo:2003-06-30;196!vig:20250721#ART122
Italian Data Protection Authority Guidelines (10 June 2021)https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/9677876

For More Information

Visit the COOKIE POLICY to understand how we manage cookies.

Feel free to contact us via the details at the bottom of the page or on the Contact page.