PRIVACY NOTICE ON THE PROCESSING AND PROTECTION OF PERSONAL DATA

(Notice pursuant to and for the purposes of Legislative Decree no. 196/2003 and Article 13 of Legislative Decree no. 101/2018 implementing Regulation (EU) no. 679/2016 of 27 April 2016, as amended, most recently by Law no. 56 of 29 April 2024)

This notice describes the processing of personal data entered or collected on the websites https://*.armodonna.it and https://*.armodonna.com.

For us, data protection is a very serious matter and we wish to inform You about the manner in which data is processed and the rights that You may exercise. Pursuant to and for the purposes of Article 13, we hereby inform You of the following.

By completing the registration procedure for our services, users voluntarily provide their personal data to the Data Controller.
The personal data submitted shall be processed in compliance with the principles of personal data protection established by Legislative Decree no. 101/2018 and other applicable regulations in force.
The provision of data is optional. However, failure to provide the data deemed mandatory (marked with an *) will prevent proper registration on the websites, as well as access to services reserved for registered users.

To view cookies and any other tracking tools used by the Controller, please refer to the specific Cookie Settings available in the website footer.

1. DATA CONTROLLER

The Data Controller of Your personal data is Armodonna S.r.l. (Tax Code and VAT No. 04690710985), with registered office at Via Trento no. 133, 25020 – Capriano del Colle (BS), Italy, represented by its pro tempore legal representative (hereinafter “Armodonna”, the “Company” or the “Controller”).

Where the Controller makes use of processors or sub-processors pursuant to Article 28 of Legislative Decree no. 101/2018, the updated list of processors and persons authorised to process personal data is kept at the Controller’s registered office.

Operational Office: Via Baraggia, 9, 22100 Como (CO), Italy

email: [email protected]

2. CATEGORIES OF DATA SUBJECT TO PROCESSING

The categories of “personal data” (pursuant to Article 4(1) GDPR) processed by the Controller may include, by way of example and not limitation:

Personal and identification data (such as, for example, first name, surname, gender, date of birth, etc.)
Contact details (such as, for example, address, e-mail address, IP address, telephone number, social network account and similar data)
Usage, browsing, functional, session, statistical and profiling data, including the user’s device identifier or IP address, the time of the website visit, the URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used in submitting the request to the server, the size of the file received in response, the numerical code indicating the status of the server’s response (successful, error, etc.), and other parameters relating to the user’s operating system and IT environment
Within the scope of purchases, all information necessary to process orders is also collected (including, for example, payment method, shipping address and all order details)
When Users request an invoice in relation to purchases made on the Website, their tax code and other invoicing-related information are also collected
Personal data directly provided by You through communications or attachments to communications
Banking and tax identification data
Special categories of personal data (Article 9 GDPR): data relating to Your health condition (so-called health data)
Data relating to services provided, such as responses to questions concerning products offered by the Controller or the exercise of the right of withdrawal

No special or sensitive personal data is required; however, if photographs, health information or other personal information are voluntarily shared, such data will also be processed by authorised personnel of the Controller.

If Users choose to respond to surveys sent by the Controller or questionnaires/tests available on the Website, the Controller shall also process the information included in the responses.

When Users make use of the “gift cards” feature available on the Website, the recipient’s name and e-mail address are also collected.

When Users choose to leave a review, the Controller shall process information relating to the relevant User, as well as the date and content of the review.

3. PURPOSES OF PROCESSING AND LEGAL BASIS

The personal data collected through registration or subscription to our Website are processed for the purpose of allowing access to services and content reserved for registered users.

Where the user has provided all required consents by selecting the relevant checkbox from the moment of activation of the service and until such consent is withdrawn, his/her personal data may be processed by Armodonna:

A) Without Your express consent (Article 6(1)(b)–(f) GDPR), for the following purposes:

to conclude contracts with the Controller;
to fulfil pre-contractual, contractual and tax obligations arising from existing relationships;
to comply with obligations established by law, regulations, EU legislation or orders issued by Authorities, as well as to perform administrative/accounting obligations connected with the management of the Website;
to pursue a legitimate interest of the Controller or third parties, provided that Your interests or fundamental rights and freedoms requiring protection of personal data do not prevail (e.g., the Controller’s right of legal defence).

B) Only subject to Your specific and separate consent (Article 6(1)(a), Article 7 GDPR and Article 9(2) GDPR) for the purchase of products (including, by way of example and not limitation, nutraceutical supplements) on the website https://*.armodonna.it and for the following marketing and profiling purposes:

to send commercial communications via e-mail, mail and/or SMS and/or social networks (for example WhatsApp, Messenger, etc.), newsletters, discounts, news, updates, commercial communications and/or advertising material regarding products or services offered by the Controller, and to assess the degree of satisfaction regarding the quality of products and/or services offered, as well as to invite Users to participate in market research and surveys;
to allow Users to browse the Website, register on the Website, make purchases on the Website and participate in prize competitions;
to allow the Controller, upon User request, to contact Users in order to respond to requests (within customer support and customer care activities or following another contact request by the User);
to allow Users to send gift cards to third parties;
to allow Users to receive discounts upon request (discount code in the first purchase confirmation email);
to allow the Controller to manage reviews left by Users;
to allow the Controller to receive and manage applications for job positions;
to send advertising communications, commercial messages, offers and personalised promotions via e-mail, mail and/or SMS and/or social networks, consistent with Your interests and consumer profile based on purchasing habits shown on the Website (type of purchases made, purchase frequency, behaviour during the purchase process, User-specific characteristics) and other personal information collected from Users, including through the technologies indicated in the cookie policy.

Profiling will enable the Controller to personalise the offer of products and services addressed to You in the best possible manner.

If You deny consent, the activities under section B) above cannot be carried out; if You provide consent to the processing activities under section B), You shall in any case have the right to withdraw such consent at any time.

Furthermore, in the event of corporate transactions (e.g., transfer of the company or business units), due diligence activities or legal defence in judicial proceedings and related preparatory activities, the Controller may carry out additional processing related to corporate operations or disputes of an extrajudicial or judicial nature.

4. METHODS OF PROCESSING AND DATA RETENTION

Personal data shall be processed in paper, electronic and telematic form and entered into relevant databases accessible to expressly designated personnel appointed by the Controller as Data Processors and Authorised Persons for personal data processing, who may carry out consultation, use, processing, comparison and any other appropriate operation, including automated processing, in compliance with the legal provisions necessary to guarantee, among other things, the confidentiality and security of the data as well as the accuracy, updating and relevance of the data in relation to the declared purposes.

The personal data collected shall be retained in compliance with applicable legislation for a period not exceeding that necessary to achieve the purposes for which they are processed.

The criteria used to determine the retention period for personal data take into account the permitted processing period and applicable regulations concerning limitation periods for rights and legitimate interests where these constitute the legal basis for processing.

Your Personal Data shall be processed by the Controller only for the period strictly necessary to achieve the purposes of the processing, after which they shall be retained solely for compliance with applicable legal obligations, administrative purposes and/or for the establishment, exercise or defence of legal claims and, in any case, no longer than the time limits established by law for the limitation of rights.

For example, in order to manage orders, the related personal data shall be processed for the period required by tax legislation (10 years), as well as by consumer protection legislation.

In particular, for marketing and profiling purposes, the User’s Personal Data shall be retained by the Controller for a maximum period of ten years.

Upon expiration of the retention period, personal data shall be deleted, anonymised or aggregated in such a way that identification of Users is no longer possible.

5. DATA SHARING

For the purposes indicated above, Your collected data may be made accessible or disclosed, in full compliance with the GDPR, to the following parties:

employees and collaborators of the Controller, in their capacity as persons authorised to process data, within the scope of their duties and in accordance with the instructions received. Such individuals are in any case subject to confidentiality and secrecy obligations;
third parties (external and/or internal entities and companies) carrying out outsourced activities on behalf of the Controller, entrusted with certain activities, or part thereof, connected, instrumental or functional to the provision and distribution of services offered through the Website (e.g., hosting providers, developers, system administrators and database administrators, technical support centres, internet and telecommunications operators, administrative/accounting management of Website-related activities, marketing analysis, communication delivery to Users, order management, shipping management) or whose activities are connected, instrumental or supportive of those of the Controller (e.g., cloud-based management and/or marketing software, etc.), as well as external consultants;
public and/or private entities, natural persons and/or legal entities (legal, administrative and tax consulting firms, debt collection agencies, public authorities, judicial offices, Chambers of Commerce, labour offices and agencies, etc.) where disclosure is necessary or functional for the proper fulfilment of contractual obligations undertaken or obligations arising from the law or upon their request;
all parties (including Public Authorities) having access to personal data pursuant to legal or administrative provisions.

The Controller shall appoint as data processors pursuant to Article 28 GDPR those third parties processing data on its behalf and for its account.

In any case, Your collected personal data shall not be resold or transferred to third parties for marketing purposes and shall not be disseminated.

6. NOTICE REGARDING MINORS

This Website and the Controller do not intentionally collect Personal Data relating to minors under the age of 18. In compliance with applicable laws, the holder of parental responsibility must provide consent to the collection of the minor’s Personal Data. Should Personal Data relating to minors be unintentionally recorded, the Controller shall promptly delete such data upon request of the person exercising parental responsibility.

7. CONSUMER RIGHTS

Pursuant to Articles 15 et seq. of the GDPR and applicable national legislation concerning privacy and personal data protection, You have the right to obtain from the Controller confirmation as to whether or not personal data concerning You are being processed and, where that is the case, to obtain access to the personal data and the following information:

the purposes of the processing;
the categories of personal data concerned;
the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
where possible, the envisaged period for which the personal data will be stored or, if not possible, the criteria used to determine that period;
the existence of the right to request from the Controller rectification or erasure of personal data or restriction of processing concerning You or to object to such processing;
the right to lodge a complaint with a supervisory authority;
where the data are not collected from the data subject, any available information as to their source;
the existence of automated decision-making, including profiling;
to obtain from the Controller, without undue delay, the rectification of inaccurate personal data concerning You. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement;
to obtain from the Controller the erasure of personal data concerning You without undue delay within the limits and cases provided for by applicable legislation, in the presence of one of the grounds referred to in Article 17 GDPR;
to obtain restriction of processing from the Controller where one of the conditions referred to in Article 18 GDPR applies;
to receive personal data concerning You, provided to the Controller, in a structured, commonly used and machine-readable format and to exercise the right to data portability, thereby transmitting such data to another controller without hindrance from the controller to whom the personal data have been provided, where processing is based on consent or a contract and is carried out by automated means;
to object at any time, on grounds relating to Your particular situation, to the processing of personal data concerning You where processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller or where processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, where applicable, pursuant to Article 21 GDPR.

8. CONSUMER’S RIGHT OF WITHDRAWAL

Please note that the legal basis for the above-mentioned purpose is consent and that, in relation to such purpose, the Data Subject may withdraw consent at any time, with effects taking place from the moment of withdrawal, without prejudice to the terms established by law. In general terms, withdrawal of consent shall only have effect for the future. Therefore, any processing carried out prior to the withdrawal of consent shall remain unaffected and lawful.

Failure to provide consent, or partial consent (or withdrawal thereof), may not guarantee the full provision of services or activities with reference to the specific purposes for which consent is denied and shall not constitute prejudice or impediment to other purposes (and related activities) not expressly affected by the denial of consent or not based on such legal basis.

Please note that, with regard to requests for information, although consent to the processing of personal data remains free and optional, it is necessary in order to process the request. Therefore, submission of the request or equivalent expression of intent shall be considered as granting consent, which may always be withdrawn with the consequences described above.

When data are no longer necessary, they are regularly deleted. Where deletion proves impossible or possible only through disproportionate effort due to particular storage methods, such data shall not be processed and shall be archived in non-accessible areas.

9. RIGHT TO LODGE A COMPLAINT (pursuant to Article 13(2)(d) GDPR)

Should You believe that Your rights have been violated by the Controller, You may lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali – Piazza Venezia 11, 00187 Rome (RM), Italy – www.garanteprivacy.it) and/or with another competent supervisory authority pursuant to the GDPR.

Following the exercise of rights by the data subject, the Controller shall communicate to each recipient to whom personal data have been disclosed any rectification, erasure or restriction of processing, within the limits and in the manner required by applicable law.

To exercise the rights listed above against the Controller, You must submit a written request by registered mail with return receipt to Armodonna S.r.l., Via Trento no. 133, 25020 – Capriano del Colle (BS), Italy, or by sending an e-mail to [email protected].

Pursuant to the GDPR, the Controller is not authorised to charge costs for complying with one or more requests referred to in this section unless such requests are manifestly unfounded or excessive, particularly due to their repetitive nature. In cases where Users request more than one copy of personal data or in the case of excessive or unfounded requests, the Controller may (i) charge a reasonable fee taking into account the administrative costs incurred in fulfilling the request or (ii) refuse to comply with the request. In such cases, the Controller shall inform Users of the costs before processing the request.

The Controller may request additional information before processing requests where verification of the identity of the individual making the request is necessary.

In any case, the Controller invites Users to contact the Controller directly through the channels indicated above before contacting the supervisory authority, in order to resolve any dispute relating to personal data protection amicably and as quickly as possible.

10. POSSIBLE CONSEQUENCES OF FAILURE TO PROVIDE DATA AND NATURE OF DATA PROVISION (pursuant to Article 13(2)(d) GDPR)

In the event of consent by the data subject

In the event of failure to provide consent or partial consent

11. EXISTENCE OF AUTOMATED DECISION-MAKING (INCLUDING PROFILING)

The use of purely automated decision-making processes as detailed in Article 22 GDPR is currently included. Should it be decided in the future to establish such processes for individual cases, the data subject shall receive separate notice where required by law or through an update to this Privacy Notice.

12. PROCESSING OF DATA USEFUL FOR NAVIGATION PURPOSES

The IT systems and software procedures used to operate this Website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols.

This information is not collected in order to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified.

Such information may include IP addresses, browser type or operating system used, URI (Uniform Resource Identifier) addresses, domain names and addresses of websites from which access or exit occurred (referring/exit pages), the time of requests made to the server, the method used, information relating to the response obtained, additional information relating to the User’s navigation on the Website (please also refer to the section concerning cookies), and other parameters relating to the User’s operating system and IT environment.

Such data may also be used to ascertain and establish liability in the event of cybercrimes against the Website.

13. WEBSITE TERMS OF USE

The Website Manager and Data Controller reserve the right to remove content regardless of specific requests (Article 17 GDPR no. 679 of 2016, effective as of 23 May 2018, the so-called right to erasure or “right to be forgotten”) for their own protection, removing phrases or comments deemed offensive, disparaging, defamatory or, in general, inappropriate for the image of the product and the professionalism of the owners, the brand, the product sold, and also against purchasers or users of the Website.

14. AMENDMENTS AND UPDATES

This Privacy Notice may be amended and/or updated at any time.

Where the Controller intends to process Your Personal Data for purposes other than those set out in Article 3 above, the Controller undertakes to provide You, prior to such further processing, with adequate information concerning such different purposes and to carry out such further processing in compliance with applicable law, collecting Your specific consent where required.

This Privacy Policy was published on 01/11/2025. Any updates shall be published on this page.

Last update: 24/05/2026