Di Costa Caffè, with registered office in Via Napoli 20, Bari, VAT number IT08731720721, as Data Controller, informs users of the website www.dicostashop.com that the personal data provided will be processed in compliance with current legislation on the protection of personal data, pursuant to EU Regulation 2016/679 (“GDPR”).

1. Type of data collected

Di Costa Caffè collects and processes the following categories of personal data:

• Browsing data : IP address, browser type, access time, pages visited.
• Data provided voluntarily : name, surname, email address, telephone number, shipping/billing address, other data provided via contact form or purchase.
• Data for marketing purposes (with prior consent): purchasing preferences, order history, newsletter opening.

2. Purpose of the processing

Personal data are processed for the following purposes:

1. Order fulfillment and customer management
2. Service-related communications (e.g., order confirmation, shipping)
3. Customer Service
4. Accounting and tax obligations management
5. Sending newsletters and promotional communications (only with prior consent)
6. Statistical analysis and site improvement
7. Protection of the owner's rights

3. Legal basis for processing

• Performance of a contract or pre-contractual measures (e.g. online orders)
• Legal obligations (e.g. invoice retention)
• Legitimate interest (e.g. fraud prevention, site improvement)
• Consent of the interested party (e.g. newsletter, marketing)

4. Processing methods

Processing is carried out using electronic and manual tools, with appropriate security measures to protect the data from unauthorized access, loss, or destruction.

5. Data retention

The data will be stored:

• For the duration of the contractual relationship or account
• For tax obligations, up to 10 years
• For marketing purposes, until consent is revoked

6. Data recipients

The data may be communicated to:

• Couriers and shipping service providers
• Tax and accounting consultants
• IT providers and hosting services
• Marketing tool and newsletter providers (e.g. Mailchimp, Sendinblue)
• Public authorities, if required by law

The data will not be sold or distributed in any way.

7. Transfer of data outside the EU

Di Costa Caffè undertakes not to transfer personal data outside the European Economic Area (EEA), unless using suppliers who guarantee an adequate level of protection (e.g., standard contractual clauses approved by the European Commission).

8. Rights of the interested party

The user may, at any time, exercise the rights provided for in Articles 15-22 of the GDPR:

• Access to your data
• Correction or update
• Erasure (“right to be forgotten”)
• Restriction of processing
• Objection to processing
• Data portability
• Withdrawal of consent (without affecting previous processing)

To exercise your rights, you can write to: info.dicosta@libero.it

9. Cookie

The site uses technical cookies and, with your consent, profiling and third-party cookies. For more information, see our Cookie Policy .

10. Changes to the Privacy Policy

Costa Caffè reserves the right to modify this policy. Changes will be communicated to users via updates on the website and, if necessary, via email.

Last updated: May 22, 2025