Privacy Policy



Pentolo is an Aderfia S.r.l. product marketed by Aderfia S.r.l.

This information is provided pursuant to EU Regulation 679/2016 and subsequent national compliance legislation (hereinafter, collectively “GDPR”) and describes how the company Aderfia S.r.l. (“Data Controller”) collects and processes personal data of its customers through its website,

The term “personal data” means any information concerning an identified or identifiable natural person. For example, personal data are name, an identification number, location data, and an online identifier.

The data collected are processed in accordance with the principles of fairness, lawfulness, transparency and protection of your privacy and rights.

Data processing is carried out by manual, online and computerized means; security measures are taken to avoid the risks of unauthorized access, destruction or loss, unauthorized processing or processing not in accordance with the purposes of collection.

The provision of personal data is compulsory limited only to the data strictly necessary to establish the relationship for the supply of products and services provided by Aderfia Srl.

Aderfia Srl may amend, supplement or update this Policy periodically, also in view of any changes in applicable legislation or measures of the Guarantor for the Protection of Personal Data. Substantive changes and updates to the Privacy Policy will be implemented and brought to the attention of affected individuals as soon as they are adopted by updating the link to the Privacy Policy in the footer of the Website and by e-mail communication to registered users. In case of changes that significantly affect the rights of the registered user, communication will be made with reasonable notice.

1. Categories of personal data processed

1.1 Below is a description of the categories of data we process:

  • Data provided directly by the interested party: are all personal data entered on the Website through registration at the appropriate page: (to proceed with online purchases or to register), or which are otherwise provided to Aderfia Srl in order for it to fulfill its obligations.

Examples of data provided directly by potential customers are: name; address and phone number. More generally, all data provided to enable the placing of a purchase order and the sending of newsletters, delivery of products with the provision of contact numbers or addresses (e.g. phone, e-mail, addresses), participation in events, etc.

  • Data provided by third parties: this is any personal data that Aderfia Srl collects from other sources (e.g., postal service companies, couriers,), to carry out its services.
  • Automatically collected data: this is the browsing data and/or collected by means of so-called “cookies”.

2. Purpose and legal basis for processing

2.1 The data provided are processed for the following purposes:

  • commercial, to enter into and execute contracts for buying and selling and shipping goods;
  • for administrative purposes and to fulfill legal obligations such as accounting, tax, or to give effect to requests from judicial authorities;
  • in the presence of specific consent, to receive promotional communications and invitations to events, special promotions or to participate in market analysis and research;
  • in the presence of specific consent, for the periodic sending, by e-mail and SMS, of newsletters and advertising material;
  • in the presence of specific consent, to receive updates on our activities and reports on commercial offers;

The legal basis legitimizing the processing is the performance of a contract the data subject is involved in or the execution of pre-contractual measures taken at the data subject’s request. In the cases and for the purposes expressly stated, the legal basis is the consent freely given by the person concerned. The above information is processed automatically and collected in aggregate form only in order to verify the proper functioning of the site, and for security reasons. For security purposes (spam filters, firewalls, virus detections), automatically recorded data may possibly also include personal data such as IP address, which could be used, in accordance with relevant laws, in order to block attempts to damage the website itself or to harm other users, or otherwise harmful or criminal activities. Data are collected not only for identification but also for user profiling. Where the website allows comments to be posted, or in the case of specific services requested by the user, the website automatically detects and records certain identifying information about the user, including the user’s e-mail address. This data is understood to be voluntarily provided by the user at the time of the request for service delivery. By entering a comment or other information the user is asked to expressly agree to the privacy policy, and in particular agrees that the content entered may also be disseminated to third parties. The data received will be used exclusively for the provision of the requested service and kept only for the time necessary for the provision of the service, except for other special needs. The information that users of the website will deem to be made public through the services and tools made available to them is provided by the user knowingly and voluntarily, releasing this website from any liability for any violations of laws. It is up to the user to verify that he/she has permissions to enter personal data of third parties or content protected by national and international regulations. The data collected by the website during its operation are used exclusively for the above purposes and kept for the time strictly necessary to carry out the specified activities.

2.2 For the execution of the contract and the fulfillment of legal obligations, Aderfia Srl may communicate personal data to the following categories of subjects:

  • individuals who perform services of a technical and organizational nature on behalf of Aderfia;
  • firms, consultants and companies as part of assistance and consulting relationships;
  • public authorities, where the conditions are met.

These individuals will process the data as Joint Data Processors or as External Data Processors on behalf of Aderfia.

3. Duration of processing and retention period

3.1 Pursuant to Article 11(1)(e) of the Privacy Code and Article 5(e) of Regulation 2016/679, processed personal data shall be kept in a form which permits the identification of the data subject for a period of time not exceeding that necessary for the purposes for which they were collected or subsequently processed.

4. Rights of access, deletion, limitation, and portability

4.1 Data subjects are granted the rights set forth in Articles 15 to 20 of the GDPR. By way of example, each interested party may:

  • Obtain confirmation of whether or not personal data concerning him/her is being processed;
  • where a processing operation is in progress, obtain access to personal data and information related to the processing as well as request a copy of the personal data;
  • obtain correction of inaccurate personal data and supplementation of incomplete personal data;
  • Request the updating, rectification, integration, transformation into anonymous form, and blocking of data processed in violation of the law, including data no longer necessary for the furtherance of the purposes for which they were collected;
  • obtain, in the cases provided for in Article 18 of the GDPR, the limitation of processing;
  • Request deletion of your personal information by providing your username and registration e-mail, and within 30 days of sending the e-mail the account will be deleted.
  • receive personal data concerning him/her in a structured, commonly used, machine-readable format and request its transmission to another data controller, if technically feasible.

5. Right to object

5.1 Each data subject has the right to object at any time to the processing of his/her personal data carried out in pursuit of a legitimate interest of the Controller. In the event of an objection, your personal data will no longer be processed, unless there are legitimate grounds for processing that override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of a legal claim.

6. Right to withdraw consent

6.1 Where consent is required for the processing of personal data, each data subject may, likewise, revoke consent already given at any time. Consent can be revoked by emailing the address listed on the website under “Privacy”

6.2 Right to object and withdraw consent in relation to processing carried out for marketing purposes

6.3 With reference to the processing of data for the marketing purposes referred to in the “Purposes and legal basis of processing” section, each data subject may at any time revoke any consent given or object to their processing, through a specific request made by e-mail to:

7. Right to lodge a complaint with the guarantor

7.1 In addition, each data subject may lodge a complaint with the Guarantor for the Protection of Personal Data if he/she believes that his/her rights under GDPR have been violated, in the manner indicated on the Guarantor ‘s website, accessible at: Exercising the rights of the data subject is free of charge.

7.2 Where the person giving the data is under the age of 18, such processing is lawful only if and to the extent that such consent is given or authorized by at least one of the holders of parental responsibility for whom the identifying data and copy of the identification document are acquired.

8. Data controller and data processor

8.1 Pursuant to Art. 4 of EU 679/2016, it is specified that the Data Controller is ADERFIA SRL with office in Via Matteotti no. 6, 73020 Serrano (Lecce), in the person of the pro-tempore legal representative.

The Data Processor, whom you can contact to exercise your rights under Art. 12 GDPR and/or for any clarifications regarding personal data protection, can be reached at:


9. Data transfer to non-EU countries

10.1 This website may share some of the data collected with services located outside the European Union area. In particular with Google, Facebook and Microsoft (LinkedIn) through social Plugins and the Google Analytics service. The transfer is authorized under specific decisions of the European Union and the Data Protection Authority, in particular Decision 1250/2016 (Privacy Shield ), so no further consent is needed. The aforementioned companies guarantee their adherence to the Privacy Shield.


10. Modification

11.1 This policy may be subject to change. If substantial changes are made to the use of data relating to the user by Aderfia Srl, it will notify the user by publishing them as prominently as possible on its pages.