INFORMATION ON THE PROCESSING OF PERSONAL DATA PURSUANT TO ART. 13 OF EU REGULATION 2016/679
The Data Controller informs you regarding the processing of personal data required to register for the newsletter service.
Interested parties
Users who subscribe to the newsletter service.
Data controller
Pompea Spa a Socio Unico, with registered office at Via San Damaso, 10 - 46046 Medole (MN), VAT number 01789800206, contact email: info@pompea.com
Data Protection Officer
Pursuant to Art. 37 of the GDPR, the Data Controller has appointed Progetto Qualità e Ambiente Srl, represented by Armando Iovino, who can be contacted at dpo@pqa.it . Protocol No. 20220004350.
Purpose of the processing
Your data will be processed for the following purposes based on the relevant legal bases:
| n° | Purpose | Legal basis |
| 1 | Access exclusive discounts and opt-in to receive newsletters to keep you updated on new product developments, promotions, services, and/or events we organize. | Processing is carried out with the data subject's consent. Art. 6, paragraph 1, subparagraph a) |
Under no circumstances will your personal data be subject to automated decision-making (profiling).
Nature of the provision of personal data
Providing personal data is mandatory for the purposes set out in points 1), failure to provide it will prevent the user from subscribing to the newsletter.
Categories of personal data processed
For the purposes mentioned above it is necessary to process:
- Common contact details: email address.
Treatment methods
The personal data collected will be processed primarily using company IT systems in compliance with the security measures set forth in Article 32 of the GDPR. Personal data may be collected via email accounts assigned to employees expressly authorized to process data pursuant to Article 29 of the GDPR who operate in the field of Human Resources management.
Communication of personal data
Personal data may be communicated to:
- Companies that handle the assistance and maintenance of the website database;
- Providers that provide CMS and hosting services, in particular Shopify;
- Platforms that provide DEM services for sending newsletters.
Dissemination of personal data
Personal data will not be disclosed in any way.
Transfer of data to third countries
Personal data may also be processed outside the EU. In any case, the Data Controller hereby ensures that the transfer of data to non-EU countries will be in accordance with Article 44 et seq. of the GDPR.
Data retention period
The retention of your personal data is established according to the following logic:
| Purpose | Retention period |
| Sending newsletters | Your data will be kept on our mailing lists until you request deletion using the appropriate function in the body of the email. In any case, after 24 months of inactivity with respect to communications, you will be asked to confirm that we can keep your contacts on our lists. |
Rights of the interested party
Pursuant to Articles 15-22 of the GDPR, the interested party may request from the Data Controller the exercise of the rights of access, rectification, erasure (right to be forgotten), restriction of processing, portability, objection to processing, and withdrawal of consent.
For further information regarding data subject rights, please visit www.garanteprivacy.it. Pursuant to Article 77 of the GDPR, data subjects may submit reports or complaints to the Italian Data Protection Authority, located in Piazza Venezia, 11 – 00186 Rome, Italy. Email: urp@gpdp.it
| POMPEA SpA a Socio Unico Tel. +39.0376 8671 Fax Commercial Office +39.0376 868934 Fax Administrative Office +39.0376 867703 | Registered Office and Administration: Via S. Damaso, 10, 46046 Medole (MN) | CF 04659140489 PI 01789800206 Company Register of Mantua No. 04659140489 Share Capital € 39,000,000 fully paid up |
Amazon Data Processing (Amazon Selling Partner API – SP-API)
In addition to the personal data collected through this website, our organization also processes data from Amazon through the Selling Partner API (SP-API).
- Categories of data collected
Data from Amazon may include:
- Order information (order ID, status, shipping and billing details);
- Product, inventory and pricing data;
- Payment information and financial reports;
- Anonymized Amazon customer data, to the extent permitted by Amazon policies.
- Purpose of the processing
This data is used exclusively for:
- Manage and process orders from Amazon;
- Synchronize inventory and product catalog;
- Issue accounting documents and manage reporting;
- Provide technical and administrative support to sellers
Amazon data is not used for marketing purposes or profiling activities.
- Storage and security methods
Data is stored on secure servers located in the European Union, protected by encryption in transit and at rest.
Access to data is permitted only to authorized personnel and subject to confidentiality agreements.
We take technical and organizational measures in line with the Amazon Data Protection Policy ( https://developer- docs.amazon.com/sp-api/docs/data-protection-policy ) and with European data protection legislation, including:
- Strong authentication and access controls;
- Logging and monitoring of activities;
- Secure backups and disaster recovery procedures;
- Security incident response plans.
- Data sharing
Amazon data is not shared with third parties for commercial purposes.
Sharing occurs exclusively with:
- technical providers (e.g., hosting, cloud infrastructure) strictly necessary for the provision of the service, bound by confidentiality agreements and compliant with the GDPR;
- corporate ERP systems used for administrative, accounting, and operational management purposes, always in compliance with Amazon policies and applicable legislation.
- Retention and deletion
Personally identifiable information (PII) from Amazon is retained only for as long as necessary to provide the requested services and in any case for a maximum period of 30 days from the shipment of the order, unless legal retention obligations apply.
After this period, the data is securely deleted or anonymized.
- International transfers
If it is necessary to transfer data outside the European Economic Area, this will be done exclusively to countries that guarantee an adequate level of personal data protection, or on the basis of Standard Contractual Clauses approved by the European Commission, maintaining data encryption in any case.
- Rights of interested parties
Amazon users whose data is processed can exercise their rights under the GDPR (access, rectification, erasure, restriction, objection, and portability) by writing to dpo@pqa.it.
- Amazon Compliance
We are committed to treating Amazon data in accordance with the Selling Partner API Developer Agreement, the Acceptable Use Policy , and the Amazon Data Protection Policy .