Privacy & cookie policy

Cookie Policy

This Privacy Policy is provided, in compliance with Articles 13 and 14 of the EU Regulation 679/2016 (hereinafter: “Regulation”), to users (hereinafter: “Users” or “User”) of the website https://www.fierrofood.it/ (hereinafter: “Site”) owned by “Robeef S.r.l.” with registered office in Milan (MI), via Paolo Giovio n. 24, VAT No. 11280110963 (which is the Data Controller, hereinafter: “Data Controller”) or to those who subsequently purchase the products offered on the Site itself or register for the newsletter service (hereinafter: “Newsletter”), giving us their consent for a specific purpose (hereinafter: “Customers” or “Client”), and is aimed at describing the way in which the Site is managed with reference to the processing of personal data, as well as to allow the Users of the Site to know the purposes and methods of processing of personal data by the Data Controller in the event of their conferment. Where, on the other hand, while browsing the Site, the User and/or Customer accesses through links to pages or sites operated by third parties, for the processing of personal data, reference should be made to the Privacy Notices published therein.

Specifically, this Privacy Policy describes how the Data Controller collects, uses, processes, and discloses your personal data when you access and use the Site and the services provided therein, specifically:

1. Who is the data controller?
2. Principles applicable to the Processing of Personal Data
3. Type of Users
4. What categories of data does the Data Controller collect and use?
5. Why is personal data collected?
6. Who sees, receives and uses the data and where can this be done?
7. Method of processing and storage of personal data
8. What are the rights to data protection and how can they be exercised?
9. Contact details of the Data Controller
10. Cookie-related information
11. Update and previous versions of this Privacy Policy

This document also informs the User on how to exercise his/her rights (including the right to object relating to part of the data management carried out by the Data Controller). More information regarding the rights and how to exercise them can be found in the following paragraphs of this Privacy Policy.
As specified in the General Conditions and Terms of Service, the services offered by the Data Controller are intended for persons over the age of 18. Should the Data Controller become aware of the processing of data of children under 18 years of age without valid parental or legal guardian consent, it reserves the right to unilaterally discontinue the use of the service offered as well as to delete the data acquired.
Terms that are not defined in this Privacy Policy (such as “Service” or “Service Owner”) have the same meaning as described in the General Terms and Conditions of Service.
Who is the Personal Data Controller?
Where the terms “Company”, “its/its” or “Data Controller” are present within this Privacy Policy, they are intended to refer to:
“Robeef S.r.l.”, a company incorporated under Italian law, registered in the Register of Companies of the Milan Chamber of Commerce with REA number MI-2591713, C.F. / VAT No. 11280110963 and having its registered office in Milan (MI), via Paolo Giovio no. 24, which is the owner of the processing of personal data of Users and/or Customers pursuant to this Privacy Policy.
Principles applicable to the Processing of Personal Data
The Data Controller, pursuant to and for the purposes of the Regulations, hereby announces that the aforementioned legislation provides for the protection of individuals with regard to the processing of personal data, and that such processing will be based on the principles of correctness, lawfulness, transparency and protection of confidentiality and fundamental rights.

What categories of data does the Data Controller collect and use?
If you visit the Site and use the search service or register with the Site itself, the Data Controller collects the following categories of personal data:
4.1. Personal data provided by the User

The services used on the website “https://www.fierrofood.it/” are as follows:

Font Awesome; Google reCAPTCHA; Google Tag Manager; Facebook Ads conversion tracking (Facebook pixel); Stripe; Meta Events Manager; JSDELIVR; Google Ads conversion tracking; Google Analytics 4.

Personal data shared with the Data Controller, including those shared when registering for the Newsletter to receive marketing communications and those sent via the site’s contact forms, as well as those provided to us while using the services, including information entered into the platform and contained in comments, reviews or messages sent via e-mail or through social media channels.

More specifically:
When contact occurs between the Data Controller and the User and/or Client via e-mail or through social media, the Data Controller may collect: personal data provided to us by the User and/or Client when the same connects with the Data Controller, including first and last name, user name (if available), telephone number (where necessary) and e-mail address. In particular, Users are provided with a Live Chat system reserved for them to respond to ads via chat. However, messages exchanged between Users are encrypted and saved in the Data Controller’s database by generating a unique encryption key for each message. Both the encrypted message and the key needed to decrypt the message will then be saved in the database. In addition, Users will be able to decide whether or not to receive notifications regarding the ads via email.

When the User and/or Customer signs up for personalized marketing services (“Newsletter”) the following data may be provided to the Data Controller: personal details (including first name, last name and e-mail address), the way the website is accessed, including IP address, online identifiers and browser details.

Browsing behaviors or personal interests may also be provided to us. Note that some of this information may be collected automatically in accordance with Sec. 4.2.

With reference to the particular categories of personal data, it should be noted that the Data Controller, where strictly necessary and within the limits and in compliance with the law, will use such data exclusively to fulfill or require the fulfillment of specific obligations or to perform specific tasks required by the legislation of the European Union.
The aforementioned personal data, when requested, are necessary for proper performance of the contract between the Data Controller and the User and/or Customer and to enable the Data Controller to fulfill its legal obligations, except where the latter depends on the consent of the data subject as a legal basis for processing and for the legitimate interest of the Data Controller. Without them, the latter may not be able to provide all the services requested.

It is important that all personal data provided by the User and/or Client are correct and accurate. This means, purely by way of example, assurance by the User and/or Client that the contact details held by the Data Controller (including e-mail address) are correct at all times.

4.2. Personal data automatically collected by the Site, from communications sent by the Data Controller and/or third parties
The Data Controller collects information related to visits to and use of the Site, such as the device and browser used, the IP address or domain names of the computers connected to the Site, the Uniform Resource Identifier (URI) notation addresses of the requests made, the time of the request the date and time of the visit, the duration of the visit, the referral site and the navigation path on the Site related to the visit and interactions on the Site itself, the method used in submitting the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (successful, error, etc.) and other parameters related to the operating system and computer environment of the User and/or the Customer.

For more information about the purposes for which the Data Controller collects and uses this information, see the section on Cookies in this Privacy Policy (10. Cookie Information). Note that personal information may also be linked to Cookies, e.g., to collect information about how you use the Site and the services offered there.

The Data Controller may proceed to automatically collect certain personal data from the User and/or Customer also in order to understand how the User and/or Customer interacts with communication material sent to him/her by the same Data Controller, e.g. e-mails, including the actions he/she takes in relation to such communications, e.g. clicks on links in the text of the e-mail, the duration and frequency of interactions with the e-mail itself.

To the extent permitted by applicable law, automatic collection of User and/or Customer personal data may also occur in the event that the Data Controller receives additional information about the User and/or Customer such as fraud detection information and warnings from third-party service providers and/or partners for its fraud prevention activities.
5. Why is personal data collected?
In general terms, the Data Controller uses personal data to provide services requested by the User and/or Customer, send service communications, report important changes to the Site, and possibly propose content and advertisements that the Data Controller believes may be of interest to the User and/or Customer.

More specifically, personal data provided by Users through the use of the Site, will be processed with their consent, for the purposes described below:
Provision of services accessible through the Site:

In order to provide certain services such as:
create and maintain the contractual relationship established for the provision of the requested product and/or service at every stage and through any possible integration and/or modification requested by the User and/or the Client;
in-depth study of the activities, events and other initiatives, institutional and educational, organized or carried out by the Data Controller;
management and processing, in relation to what is indicated in the previous point, of the questions and requests for interaction with the Data Controller and the subjects referable to the latter’s organization.

On what legal basis?
To fulfill a contract or for the performance of a service or measures related to a contract and/or service (i.e., to provide the services requested, and/or to provide the User with assistance)

B. Compliance with legal, regulatory, and compliance requirements
To comply with legal, regulatory, and compliance requirements and to respond to requests from government or law enforcement authorities that are conducting an investigation.
On what legal basis?
To comply with the law (i.e., to share personal data with regulatory authorities)

C. Integrative statistical and behavioral analysis
To perform aggregative statistical analysis on anonymous groups or to analyze the behavior of identifiable individuals, so that we can see how they use the Site, the services provided therein, and verify the performance of the related activity.
On what legal basis?
To pursue the legitimate interests of the Data Controller (i.e., to improve the Site, its functionality, and the services offered therein)

D. Sending personalized and profiled marketing communications
To send personalized and profiled marketing communications only with the consent of the User and/or Client, as well as to share via e-mail and on the Site or on third party sites (e.g., through advertisements) the best offers and promotions on products and services that the Data Controller deems may be of interest in when they respond to the interests of the User and/or Client. Personalized services or offers may be marketed by the Data Controller or its partners or business associates operating in the following sectors: tourism, leisure, entertainment, high-tech, fashion, decoration, FMCG, food & beverage, finance, banking, insurance, energy, environment, communication, mass media, real estate, pharmaceuticals, clothing and textiles, education and training, publications and publishing, information and communication technology, retail, sports, telecommunications, and general services. For this purpose, the Data Controller may:
– analyze the personal data collected to create a profile of the User’s and/or Customer’s interests and preferences, in order to create personalized and targeted communications that are relevant and consistent with the User’s and/or Customer’s profile;
– combine the information collected through cookies with information related to purchases made on the Site and with information that the Data Controller may receive from third parties, who collect the User’s and/or Customer’s data in a manner agreed with the same.
– Analyze information about interaction with the communication material sent by the Data Controller, e.g., data on when e-mails were opened or to determine whether advertisements were viewed and whether there was interaction with them, to record the number of times each advertisement was viewed, to prevent a single advertisement from being shown too frequently, etc.
– temporarily share an encrypted version of the User’s and/or Client’s e-mail address with partners scrupulously selected by the Data Controller, who may combine this information with other forms of online identifiers or other personal data in order to show the same User and/or Client the Data Controller’s offerings on multiple devices or channels, e.g. on social networks (Facebook, Pinterest, Instagram, Twitter).
– use automated decision-making processes to segment and target product offerings based on the User and/or Customer’s requests and needs, reducing the risk of proposing inappropriate or irrelevant information and/or offers to the same. The User and/or Customer has the right to request manual decision-making, express his or her opinion, or challenge decisions based solely on automated processing, including profiling, if such decisions produce legal or other similar effects. For further details, you can contact our data protection officer, whose contact details are provided in Article 9 of this Privacy Policy.
On what legal basis?
Where the User and/or Customer gives their consent

E. Security of the Site and the systems used by the Data Controller
To maintain the security of the Site and the systems used by the Data Controller to provide the Services and to prevent and detect fraud, security incidents, and/or other crimes.
On what legal basis?
To pursue the legitimate interest of the Data Controller (i.e., to ensure the security of the Site and systems)

F. Compliance Verification and Legal Actions
To verify compliance with the General Conditions and Terms of Service and for the establishment, exercise, or defense of a right in court.
On what legal basis?
To pursue the legitimate interests of the Data Controller (i.e., in accordance with the General Conditions and Terms of Service, to protect the rights of the Data Controller in the event of disputes or complaints)

G. Customizing advertisements and online marketing notifications
To tailor and customize advertisements and online marketing notifications based on information collected through cookies and related to the User’s and/or Customer’s use of the Site, the products and services provided therein as well as other sites (for more information please refer to the section on cookies in this Privacy Policy).
On what legal basis?
Where the User and/or Customer gives consent (i.e. through the Cookie banner or via browser settings)
H. Personnel Recruitment and Selection Activities
To evaluate applications sent by Users as part of the personnel recruitment and selection process as well as, where appropriate for the open position, for the purpose of establishing the employment relationship and fulfilling legal obligations related to the relationship.
On what legal basis?
Where the User gives consent, as well as the need to enter into a contract with the same for the purpose of establishing the employment relationship.

Where the processing of personal information is based on legitimate interest, the Data Controller conducts an assessment to ensure that its interest in the use of the data is legitimate and that the User’s fundamental privacy rights are not overridden by its legitimate interests (“comparative assessment”). Further information on the comparative assessment can be found by contacting the Data Controller at Fierro.food@gmail.com.

Who sees, receives, and uses the data, and where can this be done?
6.1. Categories of data recipients
The Data Controller shares personal data, for the purposes described in this Privacy Policy, with the following categories of recipients:
its employees and/or authorized contractors who provide support and consulting services in the areas of administration, product, legal advice, information systems, as well as to personnel in charge of maintaining the network and hardware and software equipment of the Data Controller;
the relevant authorities, if there is a requirement to do so under current regulations;
the competent authorities and third party law enforcement agencies, if this is necessary in order to enforce the General Conditions and Terms of Service as well as to protect and defend the rights or property of the Data Controller or the rights and property of third parties;
third parties who receive the data (e.g., business consultants, professionals in the provision of tax due diligence, “due diligence,” or estimating the value and capabilities of the business), if it is necessary in connection with sales of the Data Controller’s business or assets (an eventuality in which the data will be disclosed to the Data Controller’s consultants and advisors of any potential buyer and will be transferred to the new owners).
the personal data collected may also be processed by subjects or categories of subjects who act as data processors pursuant to Article 28 of the Regulations or who are authorized to process the data pursuant to Article 29 of the Regulations;
in addition, for some services, the data may be communicated to companies that collaborate with or use the services of the Data Controller with the sole intent of providing the services requested by the User. In these cases, the companies are autonomous controllers of the processing of personal data, so the Data Controller is not responsible for the processing of data by them. The Data Controller is also not responsible for the content of and compliance with the legislation on the protection of personal data by sites not operated by the same.
The full list of subjects to whom personal data may be disclosed is available at the registered office of the Data Controller and can be requested by writing to fierro.food@gmail.com.
6.2. Transfer of data
The processing of the User’s personal data will take place at the registered office of the Data Controller (see point 1), on the Data Controller’s own servers and at the offices of any other parties to whom the data may be transmitted for the purpose of providing the services requested by the User to the Data Controller.
In addition, personal data collected through the Site, may be transferred outside the national territory, only and exclusively for the performance of the services requested through the Site and in compliance with the specific provisions of the Regulations.
Some personal data may be shared with recipients located outside the European Economic Area. The Data Controller ensures that the processing of personal data by these recipients will take place in compliance with the Regulations.
However, should the User wish further details regarding the safeguards put in place, the Data Controller can be contacted by writing to fierro.food@gmail.com.

7. Methods of processing and storage of personal data

The Data Controller ensures that personal data will be processed in full compliance with the Regulations, through manual, computer or telematic systems and, where necessary, in paper format, and will be stored in the Data Controller’s database, protecting the privacy and rights of the User and/or Customer through the adoption of appropriate technical and organizational measures to ensure a level of security appropriate to the risk. The processing may also be carried out through automated tools capable of storing, managing and transmitting the data themselves.
The data collected and processed will be protected with physical and logical methods such as to minimize the risks of unauthorized access, dissemination, loss and destruction of data, pursuant to Articles 25 and 32 of the Regulations.
Pursuant to Article 7 paragraph 3 of the Regulations, the data subject has the right to obtain at any time the revocation of consent to processing.
If a request for cancellation is not received by the Data Controller, the personal data will be retained by the Data Controller for as long as necessary to achieve the purposes and carry out the activities described in this Privacy Policy, or as otherwise communicated to the User and/or the Customer, or for as long as permitted by applicable law.
Further information regarding the period of retention of personal data by the Data Controller is available below:

Data related to purchases made on the Site (first and last name, address, contact information, etc.) – Retention period: 10 years from the date of purchase;

Contract documents – Retention period: 10 years from the date of purchase;

Unencrypted credit card data – Retention periods: not retained;

Financial/transaction-related information – Retention period: 10 years from the completion of the financial transaction;

Data related to audits for fraudulent transaction detection (anti-fraud) – Retention period: 5 years from rejection of the cause transaction;

Data used for marketing purposes (data subject to the consent of the User and/or Client and used for marketing activities towards them) – Retention period: 5 years from the granting or renewal of consent by the User and/or Client through interaction with marketing communications.

Data collected during personnel recruitment and selection activities – Storage Term: Such personal data will be retained for a period of time not exceeding the time strictly necessary for the evaluation of the candidacy for possible inclusion in the Company’s personnel and, in any case, not exceeding 12 months, after which such data will be removed by the Data Controller from both the computer systems and any paper files in its possession, without prejudice to any further retention obligations provided for by applicable law and unless otherwise requested by the User and/or Candidate (in which case the legal basis for this further processing will be the consent of the User and/or Candidate themselves).

On the other hand, with regard to personal data collected through tags, the following retention periods apply:

Technical cookies – Retention period: maximum 3 years, starting from the date of browsing on the Site;
Non-technical cookies – Retention period: maximum 1 year, starting from the date of the data subject’s consent.

8. What are the data protection rights and how can they be exercised?

You can exercise the rights guaranteed by the Regulation (Articles 15-22), including the rights to:
Right of access: receive confirmation of the existence of personal data, access the content of personal data and obtain a copy.

Right of rectification: update, rectify and/or correct personal data.

Right to erasure/right to be forgotten and right to limitation: to request the deletion of data or the limitation of data that have been processed in violation of the law, including data whose storage is not necessary for the purposes for which the data were collected or processed; where we have made personal data public, you also have the right to request the deletion of personal data and the taking of reasonable measures, including technical measures, to inform other data controllers who are processing personal data of the request to delete any link, copy or reproduction of such personal data.

Right to data portability: to receive in a structured, commonly used, machine-readable format a copy of the personal data provided to the Data Controller for the purposes of a contract or with the User’s consent, and to request that such personal data be transferred to another data controller.

Right to revoke consent: in the event that the Data Controller depends on the User’s consent, the User will always have the option to revoke such consent, although the Data Controller may have other legal bases for processing such data for other purposes.

Right to object at any time: right to object at any time to the processing of personal data in certain circumstances (particularly in cases where it is not necessary to process the data to meet contractual or legal requirements, or where the Company uses such data for direct marketing activities.

Right not to be subjected to a decision based solely on automated processing, including profiling: it is always possible to request that manual decision-making be carried out instead, to express one’s opinion, or to challenge decisions based solely on automated processing, including profiling, if such decisions produce legal or other similar effects.

You can exercise these rights at any time in the following ways:
by contacting the Data Controller by e-mail at fierro.food@gmail.com.
Your rights regarding your personal data may be restricted in certain situations. For example, if complying with this request reveals the personal information of another person or if there are legal requirements or compelling legitimate reasons, the Data Controller may continue processing the personal information for which deletion has been requested.
There is also the right to file a complaint if you believe that your personal information has been mishandled. You are encouraged to first contact the Data Controller, but you may, to the extent that this right applies to your case, complain directly to the competent data protection supervisory authority.

9. Contact details of the Data Controller
The contact details of the Data Controller of the above data are:
“Robeef S.r.l.”, a company incorporated under the laws of Italy, registered in the Register of Companies of the Milan Chamber of Commerce with REA number MI-2591713, Tax Identification Number / VAT No. 11280110963 and having its registered office in Milan (MI), via Paolo Giovio no. 24.

10. Information related to Cookies
For any information related to Cookies please visit the following page.

11. Update and previous versions of this Privacy Policy

This Privacy Policy may be subject to change over time – including related to the possible enactment of new industry regulations, the updating or delivery of new services, or to intervening technological innovations. Therefore, the Data Controller reserves the right to amend this Privacy Policy at any time in accordance with this paragraph. If the Data Controller makes changes to this Privacy Policy, it will post the revised Privacy Policy on the Site and insert the “last updated” date at the beginning of this Privacy Policy.

Cookie	Duration	Description
__stripe_mid		Stripe sets this cookie to process payments.
__stripe_sid		Stripe sets this cookie to process payments.
_GRECAPTCHA		This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
cookielawinfo-checbox-analytics		This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional		The cookie is set by GDPR cookie consent to record the user consent for the cookies in the "Functional" category.
cookielawinfo-checbox-others		This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-advertisement		Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-necessary		This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the "Necessary" category.
cookielawinfo-checkbox-performance		This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the "Performance" category.
CookieLawInfoConsent		Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
elementor		This cookie is used by the website's WordPress theme. It allows the website owner to implement or change the website's content in real-time.
viewed_cookie_policy		The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga		The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_57ZH1MKY24		This cookie is installed by Google Analytics.
_gat_gtag_UA_164675372_45		Set by Google to distinguish users.
_gcl_au		Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid		Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
CONSENT		YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.

Cookie	Duration	Description
_fbp		This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
fr		Facebook sets this cookie to show relevant advertisements to users by tracking user behavior across the web, on sites that have Facebook pixel or Facebook social plugin.
IDE		Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
NID		NID cookie, set by Google, is used for advertising purposes; to limit the number of times the user sees an ad, to mute unwanted ads, and to measure the effectiveness of ads.
test_cookie		The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.

Cookie	Duration	Description
m		No description available.
wooptpmReferrer		No description
wp_woocommerce_session_73fcd9d25caedd064a0740084124f210		No description

Privacy & cookie policy

company data

Quick Links