Information on the processing of personal data pursuant to articles 13 and 14 of (EU) Regulation 2016/679 (General Data Protection Regulation- GDPR)

  • Data Controller for the Processing

Pastificio Lucio Garofalo Spa - Via dei Pastai 42, 80054 Gragnano (NA)

Email address of the Data Controller:

  • Data types collected

The Personal Data collected by this Application, independently or through third parties (Xister Reply Srl), are: Cookies, usage data, email, User first and last name (collectively referred to as, the "Data).

The Data may be freely provided by you or, in the case of Usage Data, collected automatically while using the Application. Providing the Data collected by this Application is optional. However, if you refuse to provide such Data, it may be impossible for this Application to provide the Service.

This Application uses Cookies. For more information and to read the detailed information notice, the User can consult the Cookie Policy. The possible use of Cookies - or other tracking tools - by this Application or by the holders of third party services used by this Application, unless otherwise specified, has the purpose of providing the Service requested by you, in addition to the further purposes described in this document and in the Cookie Policy.

  • Purposes for Processing the Collected Data

Data is collected for the following purposes:

3.1 Interaction with external social networks and platforms, including via the "Like" button and Facebook social widgets (Facebook, Inc.)

These services allow you to interact with social networks, or other external platforms, directly from the Application pages. Interactions and information acquired by this Application are in any case subject to the User's privacy settings relating to each social network. If a service is installed that interacts with social networks, it is possible that, even if Users do not use the service, it collects traffic data relating to the pages on which it is installed.

The "Like" button and Facebook social widgets are interaction services with the Facebook social network, provided by Facebook, Inc.

Personal Data collected: Cookies and User data.

Place of processing: USA - Privacy Policy.

3.2 Statistics, also via Google Analytics (Google Inc.)

The services contained in this section allow the Data Controller to monitor and analyse traffic data and are used to keep track of the User's behaviour.

Google Analytics is a web analysis service provided by Google Inc. (“Google”). Google uses the Personal Data collected to track and analyse the use of this Application, creating reports and sharing them with other services developed by Google.

Google may use Personal Data to contextualise and customise the ads on its own advertising network.

Personal Data collected: Cookies and User Data.

Place of processing: USA - Privacy Policy- OptOut.

3.3 Contact with the User via mailing list or newsletter

By registering for the mailing list or newsletter, the User's email address is automatically entered into a list of contacts to which email messages containing information, including commercial and promotional information, relating to this Application may be transmitted. Your email address may also be added to this list as a result of registering for this Application or making a purchase.

Personal Data collected: Last name, email and first name.

3.4 Viewing content from external platforms, including YouTube video widgets (Google Inc.)

This type of service allows you to view content hosted on external platforms directly from the pages of this Application and to interact with them.

If a service of this type is installed, it is possible that, even if Users do not use the service, it will collect traffic data relating to the pages on which it is installed.

YouTube is a video content viewing service operated by Google Inc. that enables this Application to integrate such content onto its pages.

Personal Data collected: Cookies and User Data.

Place of processing: USA - Privacy Policy.

  • Legal basis for processing

The legal basis for the processing is your free and informed consent. Therefore, the processing of Your Data will only take place after provision of the same. Consent will be obtained by means of the appropriate formbefore data collection.

  • Processing methods for collected Data

Processing Methods

The Data Controller shall take appropriate security measures to prevent unauthorised access, disclosure, modification or destruction of the Data. 

The processing is carried out by means of computer and/or telematic instruments, with organisational methods and logics strictly related to the purposes indicated. In addition to the Data Controller, in some cases, other parties involved in the organisation of this Application (administrative, commercial, marketing, legal or system administrators) or external parties (such as third-party technical service providers, couriers, hosting providers, computer companies, communication agencies) appointed for this purpose by the Data Controller pursuant to article 28 of the GDPR may have access to the Data. The updated Manager list may always be requested from the Data Controller.

Retention Period

Personal data will be kept by the Data Controller in full compliance with the principles of necessity, minimisation and limitation of retention, by adopting the technical and organisational measures appropriate to the risk level of the processing and for a period of time not exceeding the achievement of the purposes for which the data is processed.


  • Data collected for purposes relating to the execution of a contract between the Data Controller and the User will be retained until the execution of such contract is completed;
  • Data collected for purposes relating to the legitimate interest of the Data Controller will be retained until such time as this interest is satisfied.

When processing is based on User consent, the Data Controller may retain Personal Data until such consent is revoked. In addition, it may be an obligation to retain Personal Data for a longer period of time by law or by order of an authority.

Personal Data will be deleted at the end of the retention period. Therefore, upon expiry of this term, the rights of access, cancellation, rectification and portability of the Data may no longer be exercised.

  • Data transfer abroad

User data will be transferred to Google and Facebook in the USA. This transfer is based on the European Commission's decision of 12 July, 2016 on the so-called Privacy Shield, the agreement governing the transfer of data between the European Union and the United States.

  • User Rights

Users may exercise. against the Data Controller, all the rights referred to in articles 15 et seq. of the GDPR applicable to them, including the right to ask the Data Controller at any time to access, rectify, delete or limit the processing of the Data, as well as to object to its processing. Furthermore, Users may always lodge a complaint with the Guarantor Authority for the protection of personal data or with any other competent supervisory authority.

How to exercise rights

To exercise User rights, Users may direct a request to the contact details of the Data Controller indicated in this document, also indicating the site of origin. Requests shall be filed free of charge and processed by the Data Controller as soon as possible, in any case within one month.


  • Further information on processing

Legal defence

User Personal Data may be used by the Data Controller in legal proceedings or in the preparatory stages for its possible establishment to defend against misuse of this Application or related Services by the User.
The User declares to be aware that the Data Controller may be obliged to disclose the Data by order of public authorities.

Specific information

Upon request of the User, in addition to the information contained in this privacy policy, this Application may provide Users with additional and contextual information about specific services, or the collection and processing of Personal Data.

System and Maintenance Log

This Application and any third-party services used by it may collect system Logs, which are files that record interactions and may also contain Personal Data, such as the User IP address, for operational and maintenance purposes.

Information not contained in this policy

Further information in relation to the processing of Personal Data may be requested at any time from the Data Controller using the contact details.

Response to "Do Not Track" requests

This Application does not support "Do Not Track" requests.

To find out if any third party services used support privacy, Users are invited to review their privacy policies.

Changes to this information notice

The Data Controller reserves the right to make changes to this policy at any time by informing Users on the page and, if possible, on the Application and, if technically and legally feasible, by sending a notification to Users through one of the contact details available to the Data Controller. Please consult this page regularly, referring to the last change date indicated at the bottom.

If the changes affect processing where the legal basis is consent, the Data Controller will collect the User's consent again, if necessary.