+39 0434 1750013 - info@toparredi.com

Privacy policy

The personal data provided directly by the user to A&D S.r.l. on the pages of the website accessible at toparredi.com, at the time of registration and subsequently during the use of the services provided from time to time by A&D S.r.l., will be processed in accordance with the provisions of Legislative Decree 196/2003 concerning the protection of personal data ("Privacy Code") and, following the entry into force of EU Regulation No. 679/2016 ("GDPR"), in compliance with Article 13 of the aforementioned European Regulation.


A&D S.r.l. informs the user as follows:

Processing of personal data refers to any operation or set of operations performed, with or without the aid of automated processes, on personal data or sets of personal data, whether or not recorded in a database. This includes collection, recording, organization, structuring, storage, processing, selection, restriction, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of making available, comparison or interconnection, restriction, erasure, or destruction.

Details are as follows:

1. Data controller

The Data Controller is A&D S.r.l., with its registered office at Via Parrilla 7, Conegliano 31015 (TV), Italy, and registered with the Chamber of Commerce of Treviso – Belluno under VAT and Tax Code 04524990266. The company’s certified email (PEC) address is aed@legalmail.it


2. Purpose of data processing

The user's personal data, freely provided and collected in connection with the activities carried out by A&D S.r.l., will be processed lawfully and fairly for the following purposes:

  1. Without the user's explicit consent (Art. 24 letters a, b, c of the Privacy Code and Art. 6 letters b, e of the GDPR): the data will be collected and used solely for purposes directly related and instrumental to the activation and functioning of the services provided by A&D S.r.l. For example, enabling account registration, managing the shopping cart, favorites, customer service, and fulfilling legal, regulatory, or EU obligations, as well as exercising the company’s rights in legal proceedings.
  2. Only with the user’s specific and separate consent, and until such consent is withdrawn (Arts. 23 and 130 of the Privacy Code and Art. 7 of the GDPR): the user’s personal data—particularly email and mailing address—may be used by the Data Controller for order management, fulfillment, invoicing, and delivery of purchased products, commercial communications including newsletters with offers from the website, and for conducting market research, including surveys to measure user satisfaction. The user may withdraw consent to the processing described under Section 2B at any time by:
    • clicking the dedicated link at the bottom of any promotional email sent by A&D S.r.l.;
    • sending an email to info@toparredi.com;
    • accessing the "Contact Us" section on the website and submitting a request to cancel or modify the granted preferences;
    • contacting Customer Service at +39 0434 175 0013.
  3. Soft Spam: The email address provided by the user when purchasing a product or service on the website may be used by the Data Controller to send communications related to the direct sale of similar products or services, provided the user does not object as outlined in Section B above.


3. Account

The user may create a personal account on toparredi.com by entering personal data (such as name, surname, phone number, email, address). The user can update their personal profile at any time, modify or delete their data through the personal area of their account.


4. Data processing methods

Data will be processed with the necessary security and confidentiality, using the following methods: data collection from the data subject, recorded for specific, explicit, and legitimate purposes, and further processed in a manner compatible with those purposes, using electronic and automated tools (data collected electronically directly from the data subject).


5. Legal basis for data processing

The legal basis for processing personal data is the user’s consent, the performance of a contractual obligation, and applicable legal provisions.


6. Legitimate Interests Pursued by the Data Controller in Data Processing

The legitimate interests pursued by the Data Controller in processing data arise from the need to fulfill and honor the contractual obligations agreed upon by the parties. Pursuant to Article 6, the lawfulness of processing is based on the data subject’s explicit consent, documented in written form.


7. Nature of data provision

The provision of data requested at the time of service activation, for the purposes outlined in section 2A above, is mandatory, as it is strictly necessary to provide the services. Failure to provide such data will make it impossible for A&D S.r.l. to complete the user registration process and thus provide the services offered. The provision of data for the purposes set out in section 2B above is optional.


8. Disclosure of data and potential recipients of personal data

The user's personal data may be disclosed to specific parties appointed by the Data Controller to provide instrumental or necessary services related to the registration process on toparredi.com and online purchases, within the limits and in accordance with the instructions provided. In particular, the data may be disclosed to:

  • individuals, companies, or professional firms providing assistance, consulting, or collaboration to the Data Controller in accounting, administrative, legal, tax, or financial matters;
  • parties delegated and/or appointed by A&D S.r.l. to carry out activities related to the provision of sales services, such as customer service (even if outsourced), logistics centers responsible for packaging purchased products, couriers in charge of deliveries, post-sales support service providers, and other external collaborators when communication is necessary for fulfilling obligations under the service contract with A&D S.r.l.;
  • Public Authorities, for the performance of institutional functions within the limits established by law or regulation. The Controller has appointed certain data processors depending on their respective functions. The updated list of all data processors is available at the operational headquarters of toparredi.com and may be requested via the following email address: info@toparredi.com. This list may be supplemented or updated as needed.


9. Data processing methods

Data is collected electronically and processed through operations such as recording, consultation, communication, storage, and deletion, primarily with the use of electronic tools, ensuring the adoption of appropriate measures to safeguard the security and confidentiality of the processed data.

User data, stored electronically, is hosted and archived on a server owned by A&D S.r.l. located in Italy. The Controller confirms that the server-stored data is protected against unauthorized access and intrusion, and that appropriate security measures have been implemented to ensure the integrity and availability of the data, as well as to protect the relevant physical areas and infrastructure.

Personal data will be processed by the Controller’s employees and/or collaborators acting as data processors or persons in charge of processing, according to their respective roles and in compliance with the instructions provided by the Controller.

The Controller guarantees the highest level of security in the management of user data. Credit card information is stored exclusively in encrypted format and in accordance with PCI certification security requirements. The Controller does not have access to confidential credit card details, which are handled by payment intermediaries and card issuers in compliance with the Privacy Code.


10. Data subject rights

The user (hereinafter also referred to as the "data subject") has the right, under Article 7 of the Privacy Code and Article 15 of the GDPR, to:

  • obtain confirmation of the existence or non-existence of personal data concerning them, even if not yet recorded, and to receive such data in an intelligible form;
  • obtain information regarding: a) the origin of the personal data; b) the purposes and methods of processing; c) the logic applied in the case of processing carried out using electronic means; d) the identity of the data controller, data processors, and any designated representative pursuant to Article 5, paragraph 2 of the Privacy Code and Article 3, paragraph 1 of the GDPR; e) the entities or categories of entities to whom the personal data may be disclosed or who may become aware of them in their capacity as designated representatives, data processors, or persons in charge of processing;
  • obtain: a) the updating, rectification, or, where applicable, integration of the data; b) the erasure, anonymization, or blocking of data processed in violation of the law, including data for which retention is not required in relation to the purposes for which they were collected or subsequently processed; c) certification that the operations referred to in points a) and b) have been notified, including their contents, to those to whom the data has been disclosed or disseminated, unless this proves impossible or involves a disproportionate effort;
  • object, in whole or in part: a) on legitimate grounds, to the processing of personal data concerning them, even if relevant to the purpose of collection; b) to the processing of personal data for the purpose of sending advertising materials, direct sales, or carrying out market research or commercial communications, via automated calling systems without human intervention, email, and/or traditional marketing methods such as telephone and/or postal mail. The data subject's right to object to direct marketing using automated methods also extends to traditional methods, without prejudice to the right to object only in part. Therefore, the data subject may choose to receive only traditional communications, only automated communications, or neither;
  • request from the Controller access to their personal data (Art. 15 GDPR), rectification (Art. 16 GDPR), or erasure (Art. 17 GDPR), restriction of processing or to object to processing (Art. 18 GDPR);
  • request data portability of data processed in automated form, where applicable;
  • withdraw consent at any time without affecting the lawfulness of processing based on consent given before its withdrawal;
  • lodge a complaint with the competent Data Protection Authority.

To exercise the above rights or to obtain information about the entities with whom the data is stored or disclosed, or the individuals who, in their capacity as data processors or persons in charge of processing, may become aware of your data, you may contact the Controller by sending a request to the following email address: info@toparredi.com.


11. Duration of processing and data retention period

Personal data processing, for the purposes referred to in section 2.A, will last for the time strictly necessary to perform the requested services, plus any additional period required by applicable civil, fiscal, or tax obligations.


12. Data transfer outside the european union

The management and storage of personal data will be carried out on servers located within the European Union and owned by A&D S.r.l. Currently, the servers are located in Italy. No data will be transferred outside the European Union.


13. Updates to this privacy policy

This Privacy Policy is subject to occasional updates. If changes are made to the processing of personal data, A&D S.r.l. will notify users by publishing the updated version on the website. Where required by applicable laws, users will be asked to consent to the new processing activities. In the absence of consent, the user’s data will not be processed according to the changes introduced in the new policy.