Skip to content

Questo articolo è disponibile anche in: Italiano English

Information on the processing of personal data of website users

Articles 13 and 14 of Regulation 2016/679 / EU (hereinafter also “GDPR”)

Why this notice

TOMASSI COFFEE (nel seguito anche “Azienda” o “Titolare”) è impegnata nel rispetto e nella protezione della tua privacy e desidera che ti senta sicuro sia durante la semplice navigazione del sito sia nel caso in cui decida di registrarti fornendoci i tuoi dati personali per usufruire dei servizi resi disponibili ai propri Utenti e/o Clienti. In questa pagina Azienda intende fornire alcune informazioni sul trattamento dei dati personali relativi agli utenti che visitano o consultano il sito web accessibile per via telematica a partire dall’ indirizzo L’informativa è resa solo per il sito web di Azienda e non anche per altri siti web eventualmente consultati dall’utente tramite link (per i quali si rinvia alle rispettive informative/policies in tema privacy). La riproduzione od utilizzo di pagine, materiali ed informazioni contenuti all’interno del Sito, con qualsiasi mezzo e su qualsiasi supporto, non è consentita senza il preventivo consenso scritto di Azienda. E’ consentita la copia e/o la stampa per uso esclusivamente personale e non commerciale (per richieste e chiarimenti contattare Azienda ai recapiti sotto indicati). Altri usi dei contenuti, servizi e delle informazioni presenti su questo sito non sono consentiti.

With regard to the contents offered and the information provided, the Company will make sure to keep the contents of the Site reasonably updated and revised, without offering any guarantee on the adequacy, accuracy or completeness of the information provided, explicitly declining any responsibility for any errors of omission in the information. provided on the Site.

Origin – Navigation data

Company informs that the personal data provided by you and acquired at the same time as the request for information and / or contact, registration on the site and use of services via smartphone or any other tool used to access the Internet, as well as the data necessary for the provision of such services, including the navigation data and the data used for the possible purchase of the products and services offered by the Company but also the only so-called data. of “navigation” of the site by Users, will be treated in compliance with the applicable legislation. The computer systems and software procedures used for the operation of this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of the Internet. This information is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the “IP addresses” or domain names of the computers used by users who connect to the site, the URI (Uniform Resource Identifier) ​​addresses of the requested resources, the time of the request, the method used in the submit the request to the web server, the size of the file obtained in response, the numerical code indicating the status of the response given by the web server (successful, error, etc.) and other parameters relating to the operating system and the IT environment of the user. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check the correct functioning of the Company’s website. It should be noted that the aforementioned data could be used to ascertain responsibility in the event of computer crimes against the Company site or other sites connected or connected to it: except for this possibility, the data on web contacts do not currently persist for more than a few days.

Origin – Data provided by the user

The Company collects, stores and processes your personal data in order to provide the products and services offered on the Site, or for legal obligations. With regard to some specific Services, Products, Promotions, etc. Company may also process your data for commercial purposes. In such cases, a specific, separate, optional and always revocable consent will be requested with the methods and at the addresses indicated below.

The optional, explicit and voluntary sending of e-mails to the addresses indicated in the appropriate section of the Website, as well as the compilation of questionnaires (e.g. forms), communication via chat, push notification via APP, social network, call center, etc. ., involves the subsequent acquisition of some of your personal data, including those collected through the use of the Apps and related services, necessary to respond to requests. We also point out that when using the mobile connection to access digital content and services offered directly by the Company or by our Partners, it may be necessary to transfer your personal data to such third parties. We point out that you could access the Site or connect to areas where you could be enabled to publish information using blogs or message boards, communicate with others, for example coming from the Company page on Facebook®, LinkedIn®, Youtube®, Instagram® and other social sites network, review products and offers and post comments or content. Before interacting with these areas, we invite you to carefully read the General Conditions of Use taking into account that, in certain circumstances, the information published can be viewed by anyone with access to the Internet and all the information you include in your publications can be read. , collected and used by third parties.

Purpose of the processing and legal basis

The data are processed for the purposes:

  • strictly connected and necessary to register on the website, to the services and / or Apps developed or made available by the Company, to use the related information services, to manage contact requests or information, to carry out purchases of products and services offered through the Company website;
  • for ancillary activities related to the management of User / Customer requests and the sending of feedback which may include the transmission of promotional material; for the completion of the purchase order of the products and services offered, including aspects relating to payment by credit card, the management of shipments, the possible exercise of the right of reconsideration provided for remote purchases, the update on availability of products and services temporarily unavailable;
  • related to the fulfillment of obligations under EU and national regulations, the protection of public order, the detection and prosecution of crimes;
  • direct marketing, i.e. sending advertising material, direct sales, carrying out market research or commercial communication of products and / or services offered by the Company; this activity may also concern products and services of companies of the Company Group and be carried out by sending advertising / information / promotional material and / or invitations to participate in initiatives, events and offers aimed at rewarding users / customers, carried out with “traditional” methods (by way of example, paper mail and / or calls from an operator), or through “automated” contact systems (by way of example SMS and / or MMS, telephone calls without operator intervention, e-mail, fax, interactive applications), pursuant to art. 130 c. 1 e 2 del D. lgs. 196/03 e s.m.i.;

The provision of data for the purposes referred to in points 1), 2) and 3), connected to a pre-contractual and / or contractual phase or functional to a user’s request or provided for by a specific regulatory provision, is mandatory and failing that, it will not be possible to receive information and access any services requested; with regard to point 4) of this Notice, the consent to the processing of data by the user / customer is instead free and optional and always revocable without consequences on the usability of the products and services except for the impossibility for the Company to keep updated on new initiatives or on particular promotions or advantages that may be available to users / customers.

The Company may send commercial communications relating to products and / or services similar to those already provided, pursuant to Directive 2002/58 / EU, using the e-mail coordinates, or the paper ones, indicated by you on such occasions to which you can object with the methods and contact details below.

Methods, logic of processing, storage times and security measures

The processing is also carried out with the aid of electronic or automated means and is carried out by the Company and / or by third parties which the Company can use to store, manage and transmit the data. The data processing will be carried out with the logic of organization and processing of your personal data, also relating to the logs originating from the access and use of the services made available via the web, of the products and services used related to the purposes indicated above and, in any case, in a manner to guarantee the security and confidentiality of the data. The personal data processed will be kept for the times provided for by the legislation in the applicable time.

Again with regard to data security, in the sections of the website set up for particular services, where personal data is requested from the navigator user, the data is encrypted using a security technology called Secure Sockets Layer, abbreviated to SSL. SSL technology encodes information before it is exchanged via the Internet between the user’s computer and the company’s central systems, making it incomprehensible to unauthorized persons and thus ensuring the confidentiality of the information transmitted; moreover, transactions carried out using electronic payment instruments are carried out directly using the payment service provider’s platform (PSP) and the Company retains only the minimum set of information necessary to manage any disputes. With reference to the personal data protection aspects, the user / customer is invited, pursuant to art. 33 of the GDPR to report to the Company any circumstances or events from which a potential “breach of personal data (data breach)” may arise in order to allow an immediate assessment and the adoption of any actions aimed at countering this event by sending a communication to or by contacting Customer Service. The measures adopted by the Company do not exempt the Customer from paying the necessary attention to the use, where required, of a password / PIN of adequate complexity, which he will have to update periodically, especially if he is concerned that they have been violated / known by third parties, as well as keep with attention and make it inaccessible to third parties, in order to avoid improper and unauthorized use.


A cookie is a short string of text that is sent to your browser and, possibly, saved on your computer (alternatively on your smartphone / tablet or any other tool used to access the Internet); such sending generally occurs every time you visit a website. The company uses cookies for various purposes, in order to offer you a fast and secure digital experience, for example, allowing you to keep the connection to the protected area active while browsing through the pages of the site.

The cookies stored on your terminal cannot be used to retrieve any data from your hard disk, transmit computer viruses or identify and use your e-mail address. Each cookie is unique in relation to the browser and device you use to access the Website or use the Company App. Generally, the purpose of cookies is to improve the functioning of the website and the user experience in using it, although cookies can be used to send advertising messages (as specified below). For more information on what cookies are and how they work, you can consult the “All about cookies” website

Per informazioni di dettaglio sui Cookies, si legga la pagina dedicata (

Areas of communication and data transfer.

For the pursuit of the aforementioned purposes, the Company may communicate and have the personal data of users / customers processed in Italy and abroad by third parties with whom we have relationships, where these third parties provide services at our request. We will provide these third parties only with the information necessary to perform the requested services, taking all measures to protect your personal data. The data may be transferred outside the European Economic Area if this is necessary for the management of your contractual relationship. In this case, the recipients of the data will be subjected to protection and security obligations equivalent to those guaranteed by the Data Controller. In the case of use of services offered directly by Partners, we will provide only the data strictly necessary for their execution. In any case, only the data necessary for the pursuit of the intended purposes will be disclosed and the guarantees applicable to data transfers to third countries will be applied, where required. We may also disclose personal data to our commercial service providers, for marketing reasons, appointed as external data processors for this purpose. Furthermore, personal data may be communicated to the competent public subjects and authorities for the purposes of compliance with regulatory obligations or to ascertain responsibility in the event of computer crimes against the site as well as communicated to, or allocated to, third parties (as managers or, in the case of suppliers of electronic communication services, autonomous owners), who provide IT and telematic services (eg: hosting, management and development of websites) and which the Company uses for the performance of tasks and activities of a technical and organizational nature instrumental to the functioning of the website. The subjects belonging to the above categories operate as separate Data Controllers or as Managers appointed for this purpose by the Company.

Personal data may also be known by Company employees / consultants who are specially trained and appointed as Data Processors.

The categories of recipients to whom the data may be communicated is available by contacting the Company at the addresses indicated below.

Rights of interested parties

You can exercise at any time the rights that are recognized by the law, including:

  1. to access your personal data, obtaining evidence of the purposes pursued by the Data Controller, the categories of data involved, the recipients to whom they may be communicated, the applicable retention period, the existence of automated decision-making processes;
  2. to obtain without delay the correction of inaccurate personal data concerning you;
  3. to obtain, in the cases provided for, the cancellation of your data;
  4. to obtain the limitation of the treatment or to oppose it, when possible;
  5. to request the portability of the data that you have provided to the Company, that is to say to receive them in a structured format, commonly used and readable by an automatic device, also to transmit such data to another owner, within the limits and with the constraints provided for by ‘art. 20 del GDPR;

Furthermore, you can lodge a complaint with the Guarantor Authority for the Protection of Personal Data pursuant to art. 77 del GDPR.

For the treatments referred to in point 4) of the purposes, the Customer can always revoke the consent and exercise the right to object to direct marketing (in “traditional” and “automated” form). The opposition, in the absence of any indication to the contrary, will refer to both traditional and automated communications.

Data Controller

Data controller, pursuant to art. 4 of the Code and of the GDPR, is Tomassi Coffee

Via Pontina Km 47.01 04011 Aprilia (LT) Italia P.IVA: 07828001003 – CF: 07828001003

The above rights may be exercised at the request of the interested party in the manner disclosed by the Customer Service or on the Company’s website or by using the following references: [responsabile azienda] [indirizzo mail azienda]).

The use of the Website, including those intended for tablets and / or smartphones, by the Customer and / or the User implies full knowledge and acceptance of the content and any information included in this version of the information published by the Company in the when the site is accessed. Company informs that this information can be changed without notice and therefore recommends a periodic reading.

The Data Controller

Tomassi Coffee

This privacy statement was updated on 20/04/2022