Privacy policy


(art. 13 of EU Regulation no. 679/2016)

This information describes the processing of personal data entered or collected on the site and is provided pursuant to Article 13 of EU Regulation 679/2016 (hereinafter “GDPR”) and national legislation applicable on the subject of privacy and protection of personal data.

The data controller of your personal data is Reefilla S.r.l. (VAT number 12462450011) with registered office in 10132 – Turin (TO), Via Bardassano n. 7, in the person of the legal representative pro tempore, registered with the Turin Chamber of Commerce, at no. REA: TO – 1293114, of the Companies Register, e-mail: (hereinafter “Reefilla” or the “Company” or “Owner”).
In the event that the Data Controller uses data processors or sub-processors pursuant to art. 28 GDPR, the updated list of data controllers and data processors is kept at the registered office of the Data Controller.

The types of personal data we collect depend on the purpose for which it is collected.
In general, we may collect the following types of personal data directly from you (hereinafter “Personal Data”):
common personal data (such as, by way of example and not limited to: name, surname, e-mail address, residential address and telephone number);
data relating to your corporate, entrepreneurial or business organization such as the identified and contact data of members, administrators, employees, collaborators and consultants (such as name, surname, email address, certified email address, address, city , telephone number);
personal data directly provided by you through communications or attachments to communications;
banking and tax identification data;
usage, navigation, functional, session and statistical data, including the device identifier or IP address of the user, the time the user visits the site, addresses in URI (Uniform Resource Identifier) ​​of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc. ) and other parameters relating to the operating system and the user’s IT environment;
The processing also concerns the operations, or the complex of operations concerning data collected also through the use of cookies, the policy of which is referred to in full, which can be viewed below on this same page.

The processing of your Personal Data by the Data Controller takes place:
A) without your express consent (art. 6 letter b) – f) GDPR), for the following purposes:

– conclude contracts with the Owner;
– fulfill pre-contractual, contractual and fiscal obligations deriving from existing relationships;
– fulfill the obligations established by law, by a regulation, by community legislation or by an order from the Authority;
– pursue a legitimate interest of the Data Controller or of third parties, provided that your interests or your fundamental rights and freedoms which require the protection of personal data do not prevail (e.g. the Data Controller’s right of defense in court).
C) Only with your specific and distinct consent (art. 6 letter a) and art. 7 GDPR), for the following marketing purposes:
– send via e-mail, post and/or text message and/or social networks (for example WhatsApp, Messenger etc.), newsletters, commercial communications and/or advertising material on products or services offered by the Data Controller and, possibly, a survey of the degree of satisfaction with the quality of the products and/or services offered;
If you have denied your consent it will not be possible to carry out the aforementioned activities under c) and if you have expressed consent to the processing activities under C) you will in any case have the right to revoke, at any time, the consent given.

Your Personal Data will be processed by the Data Controller for the sole period of time necessary to achieve the purposes of the processing referred to in the previous article 3, after which they will be stored solely in compliance with the legal obligations in force on the matter, for administrative and/or purposes. to assert or defend one’s rights and, in any case, no later than the deadlines established by law for the limitation of rights.
In particular, for marketing purposes, the User’s Personal Data will be retained by the Owner for a maximum of two years.

Personal Data is subjected to electronic and/or automated processing for the time necessary to achieve the purposes for which it is collected by the Data Controller or by subjects duly authorized and/or appointed to carry out such tasks, constantly identified and/or or appointed, appropriately instructed and made aware of the constraints imposed by law, as well as through the use of security measures aimed at guaranteeing the protection of confidentiality and avoiding the risks of loss or destruction, unauthorized access, unauthorized processing or not compliant with the above purposes.

For the purposes indicated above, your collected data may be made accessible or communicated:
– to employees and collaborators of the Data Controller, in their capacity as authorized data controllers, within the scope of their respective duties and in accordance with the instructions received. Such individuals are however subject to confidentiality and confidentiality obligations;
– to third parties who carry out outsourced activities on behalf of the Owner to whom certain activities, or parts of them, functional to the provision and distribution of the services offered through the site are entrusted (e.g. hosting companies, programmers, systems engineers and database administrators, technical assistance centers, Internet and telecommunications operators) or whose activity is connected, instrumental or supportive to that of the Data Controller (e.g. cloud management and/or marketing software, etc.);
– to all those public and/or private entities, natural and/or legal persons (legal, administrative and tax consultancy firms, debt collection companies, Judicial Offices, Chambers of Commerce, Chambers and Labor Offices, etc.), if the communication is necessary or functional for the correct fulfillment of the contractual obligations undertaken, as well as the obligations deriving from the law;
– to all those subjects (including Public Authorities) who have access to personal data pursuant to regulatory or administrative provisions;
In any case, your personal data collected will not be resold or transferred to third parties for marketing purposes and will not be disseminated.

The management and storage of your Personal Data will take place in Europe. In any case, it is understood that the Data Controller, if necessary, will have the right to have your Personal Data processed outside the EU Area (EEA). In this case, the Data Controller ensures from now on that the transfer of non-EU data will take place in compliance with the applicable legal provisions by stipulating, if necessary, agreements that guarantee an adequate level of protection and/or adopting the standard contractual clauses envisaged by the Commission. European.

This site and the Owner do not intentionally collect Personal Data relating to minors under 18 years of age. In accordance with applicable laws, the person exercising parental responsibility must provide consent to the collection of the minor’s Personal Data. In the event that Personal Data on minors are involuntarily recorded, the Data Controller will delete them promptly, upon request of the operator with parental responsibility.

Pursuant to the articles. 15 et seq. of the GDPR and the applicable national legislation on privacy and protection of personal data, you have the right to:
obtain confirmation from the Data Controller as to whether or not personal data concerning you is being processed and, if so, to obtain access to the personal data and the following information:
the purposes of the processing;
the categories of personal data in question;
the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if recipients are from third countries or international organisations;
when possible, the expected retention period of personal data or, if this is not possible, the criteria used to determine this period;
the existence of the interested party’s right to ask the data controller to rectify or delete personal data or to limit the processing of personal data concerning him or her or to oppose their processing;
the right to lodge a complaint with a supervisory authority;
if the data are not collected from the interested party, all available information on their origin;
Obtain from the Data Controller the rectification of inaccurate personal data concerning him without unjustified delay. Taking into account the purposes of the processing, the interested party has the right to obtain the integration of incomplete personal data, including by providing a supplementary declaration.
Obtain from the Data Controller the deletion of personal data concerning him without unjustified delay and the Data Controller has the obligation to delete personal data without unjustified delay within the limits and in the cases provided for by current legislation.
Obtain the limitation of processing from the Data Controller.
Receive the personal data concerning you provided to the Data Controller in a structured, commonly used and machine-readable format and have the right to data portability and therefore to transmit such data to another data controller without impediments on the part of the data controller processing to which you provided them if the processing is based on consent or on a contract and the processing is carried out by automated means.

Object at any time, for reasons related to your particular situation, to the processing of personal data concerning you if the processing is necessary for the execution of a task of public interest or connected to the exercise of public powers vested in the Data Controller or the processing is necessary for the pursuit of the legitimate interests of the Owner or third parties.
If you believe that your rights have been violated by the Data Controller, lodge a complaint with the Guarantor Authority for the protection of personal data (Piazza Venezia 11, 00187 Rome (RM) – and/or with another competent supervisory authority pursuant to the GDPR
Following the exercise of the rights referred to in points 2), 3) and 4), the Data Controller communicates to each of the recipients to whom the personal data have been transmitted any rectifications or cancellations or limitations of processing within the limits and in the forms established by current law. legislation.
To exercise the rights listed above towards the owner, you must submit a written request by sending a registered letter with return receipt to the address Reefilla S.r.l., 10132 – Turin, Via Bardassano n. 7, or by sending an email to

This information may be modified and/or updated at any time. If the Data Controller intends to process your Personal Data for purposes other than those provided for in the previous art. 3, undertakes to provide you, before such further processing, with adequate information regarding these different purposes and to carry out such further processing in compliance with current legislation, obtaining your specific consent where necessary.

This Privacy policy was published in October 2022. Any updates will be published on this page.