Privacy Policy

Privacy Policy

1. INTRODUCTION

ORAMATA GRANDI EVENTI S.R.L., with registered office at Via dei Mille 74, 80121 – Naples (NA), as the Data Controller (hereinafter the “Controller”), recognizes the importance of personal data protection and is committed to respecting the privacy of users of the pizzavillage.it website (hereinafter the “Site”).

This Privacy Policy describes how we collect, use, share, and protect users’ personal data when they visit our Website or use our services, in accordance with EU Regulation 2016/679 (GDPR) and other applicable data protection laws.

2. DEFINITIONS

  • Personal data: any information relating to an identified or identifiable natural person.
  • Data subject: the individual to whom the personal data relates.
  • Processing: any operation or set of operations performed on personal data.
  • Data controller: the natural or legal person who determines the purposes and means of the processing.
  • Data processor: the natural or legal person that processes personal data on behalf of the data controller.
  • Profiling: any form of automated processing of personal data intended to evaluate certain personal aspects relating to a natural person.
  • Consent: a free, specific, informed, and unambiguous expression of will by the data subject.

3. TYPES OF DATA COLLECTED

3.1 Data voluntarily provided by the user

  • Contact information (first name, last name, email address, phone number, mailing address)
  • Account registration information (username, password)
  • Payment information (if applicable)
  • User-generated content (comments, reviews, messages)
  • Data provided via contact forms or chat

3.2 Automatically Collected Data

  • Browsing data (IP address, browser type, device)
  • Cookies and similar technologies
  • Usage data (pages viewed, time spent on site, clicks made)
  • Geolocation data (if permitted by the user)

4. PURPOSE OF THE PROCESSING

Users’ personal data is collected and processed for the following purposes:

  1. Provision of the requested services:
    • User Account Management
    • Order and Payment Processing
    • Delivery of purchased products
    • Customer Service
  2. Service improvements:
    • Analysis of Website Usage
    • Customizing the user experience
    • Optimization of the Website’s Features
  3. Marketing communications (with prior consent):
    • Newsletter Subscription
    • Communications about promotions and offers
    • Invitations to events or surveys
  4. Compliance with legal obligations:
    • Tax and Accounting Obligations
    • Responses to requests from the authorities
    • Exercise or defense of legal rights

5. LEGAL BASIS FOR PROCESSING

The processing of personal data is based on one of the following legal grounds:

  1. Consent of the data subject (Art. 6.1.a GDPR) for specific purposes, such as sending marketing communications.
  2. Performance of a contract (Art. 6.1.b GDPR) for the provision of the services requested by the user.
  3. Legal obligation (Art. 6.1.c GDPR) to comply with legal requirements.
  4. Legitimate interest (Art. 6(1)(f) of the GDPR) of the Data Controller, provided that the interests or rights of the data subject do not override those interests.

6. COOKIES AND TRACKING TECHNOLOGIES

Our website uses cookies and similar technologies to enhance the user experience.

For detailed information about the cookies we use, how we manage these technologies, and how to change your preferences, please see our Cookie Policy.

7. RECIPIENTS OF THE DATA

The personal data collected may be shared with:

  1. Employees and contractors of the Data Controller, in their capacity as persons authorized to process the data.
  2. Data processors that provide services on behalf of the Data Controller (e.g., hosting, logistics, payments, marketing).
  3. Third parties in cases where there is a legal obligation or with the user’s consent.
  4. Public authorities, when required by law.

The Data Controller guarantees that all recipients process the data in accordance with data protection regulations and in compliance with appropriate security measures.

8. TRANSFER OF DATA ABROAD

Personal data may be transferred to and stored in countries outside the European Union, including countries that may not offer the same level of data protection.

In such cases, the Data Controller guarantees that the transfer will be carried out in accordance with applicable legal provisions and that appropriate security measures will be implemented, such as:

  • European Commission Adequacy Decisions
  • Standard Contract Terms
  • Binding Corporate Rules (BCR)
  • Other legally valid mechanisms

9. DATA RETENTION PERIOD

Personal data will be retained for as long as necessary to fulfill the purposes for which it was collected and, in any case:

  • For the entire duration of the contractual relationship
  • To comply with legal obligations
  • To protect the rights of the data subject
  • For marketing purposes, until consent is withdrawn

At the end of the retention period, the data will be deleted or anonymized.

10. RIGHTS OF DATA SUBJECTS

In accordance with the GDPR, you have the following rights:

  • Right of access (Art. 15): to obtain confirmation as to whether or not personal data is being processed and to receive information regarding such processing.
  • Right to rectification (Art. 16): to have inaccurate personal data corrected or incomplete personal data completed.
  • Right to erasure (Art. 17): to have personal data erased in the cases provided for by law.
  • Right to restriction of processing (Art. 18): to have the processing restricted in the cases provided for by law.
  • Right to data portability (Art. 20): to receive personal data in a structured format and transmit it to another controller.
  • Right to object (Art. 21): to object at any time to the processing of personal data.
  • Right to withdraw consent (Art. 7): to withdraw consent given for specific processing purposes.
  • Right to lodge a complaint with a supervisory authority (Art. 77): to lodge a complaint with the competent supervisory authority (in Italy, the Garante per la Protezione dei Dati Personali).

To exercise these rights, you may contact the Data Controller using the contact information provided in the “Contact Us” section.

11. Automated Decision-Making and Profiling

The Data Controller does not use automated decision-making processes, including profiling, that produce legal effects concerning the user or that significantly affect the user.

12. SAFETY MEASURES

The Data Controller implements appropriate technical and organizational security measures to protect personal data against loss, misuse, unauthorized access, disclosure, alteration, or destruction, including:

  • Data encryption
  • Regular backups
  • Restricted access to personal data
  • Access Control Procedures
  • Staff Training

Despite these measures, transmitting information over the Internet can never be completely secure. Therefore, we cannot guarantee the absolute security of data transmitted to our Site.

13. CHANGES TO THE PRIVACY POLICY

The Data Controller reserves the right to modify, update, or supplement this Privacy Policy at any time by posting the new version on the Website. Users are encouraged to check this page regularly.

The date of the last update will always be indicated at the bottom of the Privacy Policy. By continuing to use the Site after the changes are posted, you implicitly accept those changes.

14. CONTACT US

For any information or requests regarding the processing of personal data, users may contact the Data Controller at the following contact details:

  • Data Controller: ORAMATA GRANDI EVENTI S.R.L.
  • Address: Via dei Mille 74, 80121 – Naples (NA)
  • Email: info@pizzavillage.it

ORAMATA GRANDI EVENTI S.R.L. The Data Protection Officer (DPO) can be contacted at the following email address: info@pizzavillage.it

Last updated: May 12, 2026

Press Kit