Privacy Policy


According to the art. 13 of the European Regulation (EU) 2016/679 (hereinafter GDPR), and in relation to the personal data of which the Company will become available with the conclusion of the contract, we inform you as follows:


Data controller

The data controller is Coffee and Coffee Group s.r.l. in the person of its legal representative, hereinafter referred to as OWNER with registered office in Rome - Via E. Carnevale, 50 - 00173 (Italy) The owner can be contacted at the following address: contatti@coffeecgroup.com


The data collected

The categories of data processed are:

· Personal data (name, surname, physical address, nationality, province and municipality of residence, landline and / or mobile, fax, fiscal code, address / e-mail);

· Banking (IBAN and bank / post office data);

· Telematic traffic data (Log, IP address of origin).


The Data Controller does not require the data subject to provide data c.d. "Special", that is, according to the provisions of the GDPR to art. 9, personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data intended to uniquely identify an individual, health data or to the sexual life or sexual orientation of the person. In the event that the service requested of the Data Controller requires the processing of such data, the Data Subject will receive an advance notice and will be required to give appropriate consent.



The Owner does not process data on minors.

The Owner may publish information using blogs or bulletin boards, communicate with others, for example on social platforms such as, for example and not limited to, Facebook®, Twitter®, LinkedIn®, Youtube®, post comments or content. Before interacting with these social networks, the General Conditions of Use will be evaluated taking into account that, in certain circumstances, the information published may be viewed by anyone with access to the Internet and their compatibility with this information.


Legal basis of the processing

The Owner processes Personal Data relating to the Data Subject in the event of one of the following conditions: · The interested party has given consent for one or more specific purposes; · The treatment is necessary for the execution of a contract with the interested party and / or for the execution of pre-contractual measures; · Processing is necessary to fulfill a legal obligation to which the Owner is subject; · Processing is necessary for the pursuit of the legitimate interest of the Data Controller or third parties. It is in any case always possible to ask the Owner to clarify the concrete legal basis of each treatment.


Purpose of data processing

The Data Controller uses the data to process the registration request and to supply the chosen Service and / or the Product purchased, to manage and execute the requests for contact forwarded by the Data Subject, to provide assistance, to comply with legal and regulatory obligations to which the Data Controller is required to perform the activity performed. The Personal Data are freely provided by the interested party and the data controller processes your personal data lawfully, where the processing is necessary;

· To the execution of the contract of which you are part or to the execution of pre-contractual measures adopted upon request (also to verify the reliability and the economic situation of the Interested Party);

· To fulfill a legal obligation incumbent on the Owner;

· For registration in the registry and requests for contact and / or information material; the management of the contractual relationship; promotional activities on products / services;

· For profiling (used for analysis and processing of the habits and preferences of the Interested party to be able to send, via e-mail, personalized promotional information, as well as any offers;) in the event that the interested party has given explicit consent;

· Fulfill the obligations set forth in the tax and accounting fields; comply with the obligations incumbent on the company and foreseen by current legislation.


Method of processing the collected data

The Data Controller uses appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of Personal Data. The processing is carried out using computer and / or telematic, paper-based instruments, with organizational methods and logic strictly related to the purposes indicated. For the purposes identified in relation to processing, the Data provided may be disclosed to the data controller, data processors and data processors.


Consequences of failure to communicate personal data

The collection and processing of personal data is necessary to process the requested services as well as to provide the Service and / or supply the requested Product. If the interested party does not provide the personal data expressly provided for as necessary, the Owner will not be able to follow up the treatments related to the management of the requested services and / or the contract and the Services / Products connected to it, nor to the obligations that depend on them. therefore it prevents the completion of the contractual relationship itself.


Data retention period

Unless the interested party explicitly expresses his will to remove them, the personal data will be stored until they are necessary with respect to the legitimate purposes for which they were collected or not later than 10 years from the conclusion of the execution of the contract In particular:

· When the treatment is based on the consent of the Data Subject, the Data Controller may keep the Personal Data until the law allows or until such consent is revoked;

· When the processing is necessary for the execution of a contract with the interested party and / or the execution of pre-contractual measures, the Data will be processed until the execution of this contract is completed and until the law allows it;

· When the processing is necessary to fulfill a legal obligation to which the Holder is subject, the data will be kept until the law allows;

· When the processing is necessary for the pursuit of the legitimate interest of the Data Controller, the data will be kept until the law allows.

The interested party can obtain further information regarding the legitimate interest pursued by the Data Controller by contacting the same at the addresses indicated.

The personal data will in any case be kept for the fulfillment of the obligations (eg tax and accounting) which remain even after the termination of the contract (Article 2220 of the Civil Code); for these purposes the Data Controller will only keep the data necessary for the related prosecution.


Data communication

Your personal data may be disclosed to the persons in charge and the data processors and may be communicated for the purposes indicated in front of:

· Collaborators and employees in their capacity as data processors for the management of files relating to the conferred order;

· Freelancers indicated for the keeping of the accounting books and for the correct execution of the fiscal fulfilments of the law;

· External parties (such as third party technical service providers, postal couriers, hosting providers, IT companies) also appointed, if necessary.


Data Controller Responsible.

· Consultants and / or professionals who provide functional services for the purposes indicated above;

· Banking and insurance institutions that provide functional services for the purposes indicated above;

· Subjects who process data in compliance with specific legal obligations;

· Judicial or administrative authorities, for the fulfillment of legal obligations.

In any case, the dissemination of the Data is excluded, as well as the communication to subjects not necessary for the performance of the requested services.


Place of processing of the collected Data

The data is stored in paper, computerized and telematic archives and processed at the Data Controller's operational headquarters and in any other place where the parties involved in the processing are located and in any case in the territory of the European Union, excluding third countries. For more information, you can contact the Data Controller at the addresses indicated. The transfer of data to a third country or to an international organization is not envisaged except for purposes related to the task assigned. In any case, transfers to third countries or international organizations will be carried out only in full compliance with EU Regulation 2016/679 and after verification of the existence of an adequacy decision by the EU Commission or if the Commission has decided that the third country, a territory or one or more specific sectors within the third country, or the international organization in question, guarantee an adequate level of protection. In the absence of the above, and with prior authorization, the Owner will refer to the appropriate or appropriate guarantees and will indicate the means to obtain a copy of such data or of the place where they have been made available.


Rights of the interested party

The rights granted to you by the GDPR include those of:

· Ask the owner access to your personal data and information relating to them; the correction of inaccurate data or the integration of incomplete ones;

· The deletion of personal data concerning you (upon the occurrence of one of the conditions indicated in article 17, paragraph 1 of the GDPR and in compliance with the exceptions provided in paragraph 3 of the same article); the limitation of the processing of your personal data (in the event of one of the hypotheses indicated in article 18, paragraph 1 of the GDPR);

· Request and obtain from the Data Controller - in cases where the legal basis for the processing is the contract or consent, and the same is carried out by automated means - your personal data in a structured and machine-readable format, also for the purpose of communicate such data to another data controller (so-called right to the portability of personal data); · Oppose at any time the processing of your personal data in the event of particular situations that concern you;

· Withdraw consent at any time, limited to cases in which the processing is based on your consent for one or more specific purposes and concerns common personal data (for example, date and place of birth or place of residence), or particular categories of data (e.g. data revealing your racial origin, your political opinions, your religious beliefs, your health or sexual life). The treatment based on the consent and carried out prior to the revocation of the same preserves, however, its lawfulness.


It is possible to lodge a complaint with a supervisory authority (Authority for the Protection of Personal Data - www.garanteprivacy.it). Without prejudice to the complaint to the Control Authority, the interested party may exercise the rights referred to above by sending a request email to contact@coffeecgroup.com or registered letter with return receipt to Coffee and Coffee Group S.r.l. with registered office in Rome - Via E. Carnevale, 50 - 00173 (Italy) attaching a photocopy of your identity document.


Reservation of validity of other specific information

This information does not replace specific information and specific consents, provided ad hoc by current state and regional legislation.