La Compagnia del Gluten Free

This privacy policy describes the methods of processing personal data of users who consult or make purchases on lacompagniadelglutenfree.it, pursuant to EU Regulation 2016/679 (“GDPR”) and Legislative Decree 196/2003 and subsequent amendments.

1. Data Controller

La Compagnia del Glutenfree S.r.l.s. — Mangia con Gusto
Registered office: Via Angelo Giovanni Testasecca 7, 92029 Ravanusa (AG)
VAT ID / Tax Code: 03088660844 · REA AG-226109
Email: info@lacompagniadelglutenfree.it
Phone: +39 327 699 9897

2. Types of Data Processed

  • Navigation data: IP address, browser, operating system, pages visited, duration of visit (automatically collected)
  • Registration data: name, surname, email, password (encrypted) — only if you decide to create an account
  • Purchase data: shipping and billing address, phone, order details, payment method (card data is never stored on our servers; it is managed directly by Stripe/PayPal)
  • Contact data: information you provide by filling out the contact form or writing to us via WhatsApp/email
  • Cookies and similar technologies: see our Cookie Policy

3. Purposes and Legal Bases

  • Performance of the sales contract (Art. 6.1.b GDPR): order management, shipping, invoicing, after-sales support
  • Legal obligations (Art. 6.1.c GDPR): retention of tax data for 10 years as required by law
  • Consent (Art. 6.1.a GDPR): newsletter, promotional communications, non-essential cookies
  • Legitimate interest (Art. 6.1.f GDPR): website security, fraud prevention, service improvement

4. Retention Period

  • Account data: until the account is deleted by the user
  • Order and invoice data: 10 years (tax obligation)
  • Contact form data: 24 months from the last contact
  • Technical and session cookies: maximum 12 months

5. Disclosure and Recipients

Data may be disclosed to:

  • Couriers for shipping (BRT, SDA, GLS or equivalent)
  • Payment providers: Stripe (USA, with EU standard contractual clauses) and PayPal (Luxembourg)
  • Hosting provider: Keliweb S.r.l. (Italy)
  • Email/SMTP services for transactional emails
  • Accountant and consultants for tax obligations
  • Competent authorities, where required by law

Data is not sold to third parties and is not used for automated profiling without your explicit consent.

6. Data Transfer outside the EU

Some services (Stripe, Google Analytics if active) may involve the transfer of data to the United States. Transfers always occur based on the standard contractual clauses approved by the European Commission or through adherence to the EU-US Data Privacy Framework.

7. Data Subject Rights

Pursuant to Arts. 15-22 of the GDPR, you have the right to:

  • Access your personal data
  • Rectify or update inaccurate data
  • Request erasure (“right to be forgotten”)
  • Restrict or object to processing
  • Receive data in a structured format (portability)
  • Withdraw consent at any time
  • Lodge a complaint with the Italian Data Protection Authority (garanteprivacy.it)

To exercise your rights, please write to info@lacompagniadelglutenfree.it. We will respond within 30 days.

8. Security

The website uses HTTPS (SSL/TLS) protocol to encrypt communication. Data is stored on European servers. Passwords are saved using a secure hashing algorithm (bcrypt). Payment data does not pass through and is not stored on our servers.

9. Amendments

This policy may be updated. The date of the last revision is indicated at the bottom of the page. We invite you to consult it periodically.

Last updated: May 2026

Scroll to Top