Privacy Policy

1) PRIVACY POLICY (GDPR) — CAFFÈ TINTORI

Last update: 05/03/2026

1. Data controller

COMPANY V. TINTORI SAS DI BATTISTA FABRIZIO
VAT 01688751005 – Tax ID 07105740588
Registered office: Viale Giotto, 3/e – 00153 Rome (RM), Italy
Email: amministrazione@caffetintori.it

2. Personal data processed

Depending on the services used, we may process:

  • Identification and contact data (first name, last name, email, phone)

  • Shipping and billing data (address, postal code, city, country, company name, VAT/Tax ID if requested)

  • Order data (purchased products, amounts, history, support requests)

  • Payment data (managed by providers; we do not store full card details)

  • B2B data (company, role, volumes/needs, information entered in the “Become a client” form)

  • Browsing data and tracking tools (cookies, pixels, tags, online identifiers, conversion events)

  • Communication content (email, forms, WhatsApp/TextYess)

3. Purpose of processing and legal basis

We process data for:

A) Online purchases and contract management

Order management, payments, shipping, returns, customer support.
Legal basis: contract execution / pre-contractual measures.

B) Legal obligations

Accounting, tax, administrative compliance, warranty management, and regulatory obligations.
Legal basis: legal obligation.

C) Support and requests

Managing requests via form, email, and contact channels (including WhatsApp).
Legal basis: pre-contractual measures / contract execution / legitimate interest in responding.

D) B2B area and “Become a customer”

Management of commercial contact, proposal, activation, and management of B2B relationship (bars, restaurants, hotels, offices, etc.).
Legal basis: pre-contractual measures / contract execution.

E) Direct marketing

Sending commercial and promotional communications via email marketing (Omnisend) and, where provided, WhatsApp.
Legal basis: consent (revocable at any time).
If applicable, we may send communications about products similar to those purchased (soft spam) with immediate opt-out option.

F) Advertising, measurement, and remarketing (tracking)

We use tools to:

  • measure campaign performance,

  • attribute conversions,

  • create audiences (remarketing/retargeting),

  • improve ad relevance.

Channels/platforms: Meta (Facebook/Instagram), TikTok, Google (Ads and, if active, Analytics/GA4).
These tools may operate via browser-side cookies/pixels and/or server-side event sending via API (e.g. Meta server-side / Conversions API), including events such as PageView, ViewContent, AddToCart, InitiateCheckout, Purchase and other standard/advanced events.
Legal basis: consent for non-technical tools (see Cookie Policy).

G) Security and fraud/abuse prevention

Site protection, prevention of unauthorized access, fraudulent activities, abuses.
Legal basis: legitimate interest.

4. Processing methods and security measures

Data is processed using IT tools and appropriate technical and organizational measures to protect it from unauthorized access, loss, or unlawful use.

5. Data recipients (categories)

Data may be shared with:

  • E-commerce platform and technical providers (Shopify and connected apps)

  • Payment providers (e.g. Shopify Payments, PayPal, Klarna and other methods available on the site)

  • Couriers/logistics: Liccardi Transport

  • Email marketing/CRM: Omnisend

  • WhatsApp and related communication management through TextYess

  • Advertising and measurement platforms: Meta, TikTok, Google

  • Administrative/legal consultants and IT providers

  • Public authorities in cases provided by law

Entities may act as data processors or independent controllers depending on the service.

6. Transfers to non-EEA countries

Some providers (especially marketing, analytics, and advertising platforms) may process data outside the European Economic Area. In such cases, we adopt appropriate measures and safeguards provided by applicable law (e.g., standard contractual clauses).

7. Data retention

We keep data for the time necessary for the purposes:

  • Orders/invoices and accounting: times provided by applicable law

  • Support and requests: for the time necessary to handle the request and for any protection needs

  • B2B: for the duration of the negotiation and, if a client, of the relationship + administrative/legal times

  • Marketing: until consent is withdrawn or deletion is requested

  • Technical data and security: for periods strictly necessary to protect the site and systems

8. Data subject rights

You can exercise the rights provided by the GDPR: access, rectification, deletion, restriction, portability, objection, withdrawal of consent (without affecting the lawfulness of processing already carried out), and complaint to the Data Protection Authority.
For requests: amministrazione@caffetintori.it (subject: “Privacy”).

9. Changes to this privacy notice

This privacy notice may be updated. The version published on the website is the one in effect.