Effective date: Oct 28, 2025

This Privacy Policy explains how Nonna Energia (“we”, “us”, “our”) collects, uses, shares, and protects your personal data when you visit nonnaenergia.it, make a purchase, contact us, or subscribe to our updates. We process personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable local laws.

1) Who is the data controller?

Controller: Smartimede di Fabrizio Sciuto
Address: Piazza Scammacca, 95037 Catania
Email: nonnaenergia@gmail.com
Phone: +39 342 84 65 183

2) What data we collect

We may collect the following categories of personal data:

• Identity & contact: name, email, phone, shipping/billing address.
• Order & payment: products purchased, order amount, transaction details (processed by secure payment providers; we do not store full card data).
• Account data: login, password (hashed), order history, preferences.
• Communications: emails, chat/messages you send us, support requests.
• Marketing: newsletter/subscription status, campaign interactions.
• Technical: IP address, device/browser info, pages viewed, cookies/analytics identifiers.

3) Why we use your data (purposes & lawful bases)

We process data only when a lawful basis applies (GDPR Art. 6):

• Order processing & delivery (contract — Art. 6(1)(b))
• Payments & fraud prevention (contract + legitimate interests — Art. 6(1)(b)/(f))
• Customer support (contract/legitimate interests — Art. 6(1)(b)/(f))
• Account management (contract — Art. 6(1)(b))
• Newsletters/marketing with consent (consent — Art. 6(1)(a))
• Service improvement & analytics (legitimate interests — Art. 6(1)(f))
• Legal compliance (legal obligation — Art. 6(1)(c))

4) Cookies & similar technologies

We use cookies and similar tools for:

• Strictly necessary (site/security/core functions)
• Analytics (traffic, performance, improvements)
• Functional (preferences, saved cart)
• Marketing (campaign measurement; only with consent where required)

You can manage preferences via your browser and any cookie banner provided. For more details, see our Cookie Policy (when available).

5) Analytics, emails, and ads tools we may use

To run our business we may use reputable processors (examples):

• Payments: Stripe, PayPal (transaction processing, fraud mitigation).
• Analytics: Google Analytics (aggregated traffic insights).
• Email & CRM: Mailchimp / Klaviyo / SendGrid (newsletters, updates).
• Ads & measurement: Meta/Google Ads pixels (with consent where required).
• Hosting/CDN: Reputable EU/EEA or international providers with safeguards.

The exact list of processors may evolve. We choose partners that commit to appropriate security and data protection standards under GDPR.

6) How we share your data

We share personal data only as needed to operate the Services:

• Service providers (processors): payments, logistics, email/CRM, analytics, hosting.
• Legal reasons: compliance with law, court orders, or to defend legal claims.
• Business transfers: if we undergo a reorganization/merger, data may transfer with safeguards.

We do not sell your personal data.

7) International transfers

If data is transferred outside the EEA/UK, we use lawful mechanisms (e.g., Standard Contractual Clauses, adequacy decisions) and implement appropriate safeguards.

8) Data retention

We keep data only as long as necessary for the purposes above:

• Orders & invoicing: retained per tax/accounting laws.
• Accounts: for the life of the account or until deletion.
• Marketing: until you unsubscribe or withdraw consent.
• Support: for a reasonable period to manage your request.
• Security/logs: short, rotating periods unless needed to investigate issues.

9) Your rights under GDPR

You have the right to:

• Access your data and obtain a copy;
• Rectify inaccurate or incomplete data;
• Erase data (“right to be forgotten”) in applicable cases;
• Restrict processing in certain circumstances;
• Data portability (structured, commonly used, machine-readable format);
• Object to processing based on legitimate interests and to direct marketing;
• Withdraw consent at any time where processing is based on consent.

10) How to exercise your rights

Contact us at nonnaenergia@gmail.com. We may need to verify your identity. We aim to respond within 7 days.

If you believe your rights have been infringed, you can lodge a complaint with your local supervisory authority (e.g., the Italian Garante per la Protezione dei Dati Personali).

11) Children’s data

Our Services are not intended for children under 16. We do not knowingly collect personal data from children. If you believe a child provided data, please contact us to delete it.

12) Security

We implement technical and organizational measures to protect personal data (encryption in transit, access controls, minimization). No method of transmission or storage is 100% secure; we work to continuously improve our safeguards.

13) Links to other sites

Our site may contain links to third-party websites. We are not responsible for their practices. Review their privacy policies before providing personal data.

14) Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version here with a new effective date. If changes are material, we will provide a prominent notice.

15) Contact us

Questions about privacy? We’re here to help.
Email: nonnaenergia@gmail.com
Address: Piazza Scammacca, 95037 Catania · Phone: +39 342 84 65 183

Note: This page is an informational template and does not replace legal counsel. We’ll refine details (entity, processors list, jurisdiction) as operations finalize. See also: Terms of Service · Money-Back Guarantee.