top of page

Privacy Policy

Privacy Policy – GDPR Compliance

In accordance with Articles 13 and 14 of EU Regulation 2016/679 (GDPR), Baroneserio S.r.l. informs users that the personal data provided will be processed in compliance with the principles of lawfulness, correctness, transparency, and confidentiality.

1. Data Controller

The Data Controller is Baroneserio S.r.l., headquartered at Via del Sole 33, 84080 Siano (SA), Italy.
Privacy contact email: amministrazione@baroneserio.it

2. Data Collected

While browsing or purchasing on the website, the following data may be collected:

  • identification and contact details;

  • data required to create an account;

  • order and payment information;

  • technical data (cookies, IP address, browsing logs);

  • data voluntarily provided through forms or customer support.

3. Purpose of Processing

Personal data is processed for the following purposes:

  • order, payment, and shipping management;

  • customer account registration and management;

  • customer support and assistance;

  • administrative, fiscal, and legal obligations;

  • sending newsletters and marketing communications with prior consent;

  • internal statistics and service improvement;

  • website security and fraud prevention.

4. Legal Basis

Processing is based on:

  • performance of a contract or pre-contractual measures;

  • compliance with legal obligations;

  • user consent for marketing activities;

  • the Data Controller’s legitimate interest (security, service improvement).

5. Processing Methods

Data is processed using electronic and/or paper tools, with appropriate technical and organizational measures to ensure security, integrity, and confidentiality.

6. Data Retention Period

Data is retained only for the time strictly necessary for the purposes described or for the statutory periods (e.g., tax data retained for up to 10 years).

7. Data Disclosure

Data may be shared with:

  • couriers and shipping providers;

  • payment institutions and anti-fraud services;

  • tax, legal, and administrative consultants;

  • technical providers, hosting services, CRM systems, newsletter platforms;

  • public authorities when required by law.

Data will not be publicly disclosed.

8. International Transfers

Any transfers of data outside the EU will comply with Articles 44–49 of the GDPR using adequate safeguards.

9. Data Subject Rights

Users may exercise the rights provided by Articles 15–22 of the GDPR at any time, including:

  • right of access;

  • rectification or deletion;

  • restriction or objection to processing;

  • data portability;

  • withdrawal of consent (without affecting prior processing);

  • lodging a complaint with the Data Protection Authority.

Requests can be sent to: amministrazione@baroneserio.it

bottom of page