Informative pursuant to art. 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27/04/2016 ("GDPR")


Dear Customer,

We wish to Inform you that Reg. UE 2016/679 (' European regulation on the protection of Personal Data ') provides for the protection of persons and other subjects and the processing of personal data.

For the purposes of articles 13 and SS. Of the above-mentioned normative dictate, therefore, we provide you with equal information. This statement is made under the aforementioned art. 13 to those who access and navigate on the internet site below:https://www.biscottini-store.com/en/.

This describes how to manage the website in relation to the processing of personal data that can be referred to users who access it.


Owner and responsible for the treatment


Under the "GDPR":

-The ' data controller ' shall be the natural or legal person, the public authority, the service or other body which, individually or together with others, determines the purpose and means of processing personal data;

-The ' controller ' shall be the natural or legal person, the public authority, the service or other body which treats personal data on behalf of the holder of the treatment.

In the present case:

The data controller is BISCOTTINI INTERNATIONAL ART TRADING S.R.L. unip. (P. I, 01380700508), in person of the legal representative pro tempore Sig. Biscottini Giovanni, with registered office in Via Salaiola N. 19, C.A.P. 56030, Terricciola, loc. The Rose (PI).

The following addresses are offered in communication: Tel. 0587 672000;

fax 0587 672157;

pec biscottiniiatsrl@legalmail.it.


The following persons responsible for the processing of personal data have been appointed

  • The Soc. VendiloS. p.A. (COESM21618), in person of the legal representative pro tempore, with seat in the street of the Angariari N. 25, C.A.P. 47891, Rovereta, Republic of San Marino, of which the following addresses are offered: Tel 05411799985; fax 0541 1799980.


Definition of personal data, purpose of treatment and information related to the treatment activities

As far as it is interested, the "GDPR" provides the following definitions:

-' personal data ' means any information concerning an identified or identifiable natural person (' interested '); The natural person who can be identified, directly or indirectly, with particular reference to an identifier such as the name, an identification number, location data, an online identifier or one or more Elements of physical, physiological, genetic, psychic, economic, cultural or social identity;

-' treatment ' means any transaction or set of operations, carried out with or without the aid of automated processes and applied to personal data or sets of personal data, such as collection, registration, organisation, structuring, The purpose of the application, the adaptation, the extraction, the consultation, the use, the communication by transmission, dissemination or any other form of provision, the comparison or interconnection, the limitation, the cancellation or Destruction.

The "GDPR" also identifies particular categories of personal data, i.e. personal data revealing racial or ethnic origin, political opinions, religious or philosophical convictions, union membership, genetic data, biometric data intended To uniquely identify a natural person, data related to the health or sexual life or sexual orientation of the person. It's about the CDs. Sensitive data for which specific processing procedures are foreseen.

Lastly, the "GDPR" identifies personal data relating to criminal convictions and offences or to related security measures (CD. Judicial data).

When you visit the website, your data is collected either directly, and this when you voluntarily insert your data in order to be contacted or otherwise to have followed to a request from you; is indirectly, and this is because its IP address is traced in order to monitor the use of the Web site.

The owner may also process his data in order to carry out any activity that should be necessary for the administration and management of the website.

In any case, the information collected will be appropriate for the purposes described above, without this resulting in an invasion of its personal sphere or profiling activities.

The data collected, in the number and in the minimum qualities necessary for the above mentioned purpose and without this constituting undue invasion of its personal sphere, will be treated in appropriate ways and stored in digital and paper archives.



Cookies are small text files that the sites visited by users send to their terminals, where they are stored before being re-transmitted to the same sites on the next visit.

In general the Data Controller uses the CDs. technical cookies necessary to guarantee the user the best functionality of the website and to provide the service requested.

If you wish to disable / refuse the use of these cookies, you can at any time change the browser settings on your computer.

If necessary, we inform you that browsing the Website and the use of its contents may be compromised. There are various types of cookies, depending on their characteristics and functions:

- technical cookies, which are used for the sole purpose of transmitting a communication over an electronic communications network, or to the extent strictly necessary to provide an explicitly requested service from the user. In other words, these cookies are indispensable for the functioning of www.biscottini.it or necessary to perform activities you have requested.

- browsing or session cookies, used to allow you to login in the reserved area of ​​www.biscottini.it or to make a purchase on our site.

- analytics cookies, used to collect information, in aggregate form, on the number of users of www.biscottini.it and the pages viewed (for example Google AdWords, Google Analytics and Mailup). Reference is made to the related policies which may change periodically and which it is advisable to consult over time, where more detailed information is available;

- functionality cookies, which allow users to navigate in www.biscottini.it in the best possible way according to selected criteria and options (such as, for example, the preferred language, so as not to have to select this option at each access or the products chosen for the purchase, so as to store them in the virtual cart until the next access to the site).

cookies of third parties, used by partners of www.biscottini.it, in order to present advertising banners of www.biscottini.it when you are in other sites, showing the latest products that you have looked on www.biscottini.it . While browsing on www.biscottini.it, these cookies are also used to show you products that may be of interest to you or similar to those you have looked at previously, based on your browsing history. The use of these cookies does not imply the processing of personal data, but can allow connection to your computer or other devices and track saved data: these cookies connect to the browser installed on your computer or other devices used during navigation on www.biscottini.it.

- profiling cookies, aimed at creating profiles relating to the user and used in order to send advertising messages in line with the preferences shown by the user in the context of inert browsing.

The site contains third-party cookies that access user data exclusively at the aggregate level. All types of cookies can remain on your computer or on the mobile device you use for different periods of time, depending on the function they performed. The cookies stored on your computer or mobile device cannot be used to retrieve any data from your hard disk, transmit computer viruses, identify and use your e-mail address, or for purposes other than those described above. The Owner uses cd. third-party cookies (set by a website other than the one the user is visiting) This type of cookie allows the user to track and monitor the use of the website, however personal information is not stored or saved. Also in this case, you have the right to exercise your right to opt out by refusing the use of third-party cookies.

You can set and manage your cookie preferences at any time, selecting which cookies to authorize, block or delete, in whole or in part, through your browser settings (ie, the navigation program you use). Below the path to follow to manage cookies from the following browsers:

Internet Explorer: http://windows.microsoft.com/it-it/windows7/block-enable-or-allow-cookies Safari: http://support.apple.com/kb/PH19255

Chrome: https://support.google.com/chrome/answer/95647?hl=it-IT&hlrm=fr&hlrm=en Firefox: http://support.mozilla.org/it-IT/kb/enable-and-disable-cookies-website-preferences

For more information and details on the various types of cookies, their operating methods and characteristics, we invite you to visit the sites - open access, independent of www.biscottini.it - www.AllAboutCookies.org and www.youronlinechoices.com. To disable analytical cookies and to prevent GoogleAnalytics from collecting from the Sanaavigation, you can download the Additional Content Browser to disable Google Analytics: tools.google.com/dlpage/gaoptout. We will keep your cookie preferences with a specific technical cookie having the characteristics specified in the previous table. We inform you that block or cancel, in whole or in part:

technical cookies, could make it impossible to use our site, view its contents and take advantage of its services;

- the functionality cookies, could imply that some services or certain functions of the site are not available or do not work properly, forcing you to change or manually enter some information or preferences every time you visit the site;

- of the other cookies present (analytics and profiling) will not affect the operation of the site.

Transfer of your personal data to data controllers located in the European Union or outside the European Union

The server where the website is located is owned by the soc. Vendilo S.p.A. more specifically identified above and located in the server farm of OVH, a company incorporated under French law. The server farm is located in Frankfurt (Germany). Your data is not transferred to other international companies or organizations.

In any case, we inform you that your data may be communicated, by virtue of legal or regulatory obligations, to Public Administrations. 

Period of conservation 

The data relating to you will be processed for the time strictly necessary to achieve the purposes indicated above.

In the event that you provide us with your personal data, they will be permanently deleted 30 days after sending your request.


Your rights as a data subject

During the period of time that the treatment is inadequate, sedentary, de-legalized, you may, as a data controller, at any time exercise your rights.


1)  right of access  (art. 15“GDPR”).

The interested party has the right to obtain from the controller the confirmation that the processing of personal data concerning him is being carried out and in this case, to obtain access to personal data and to the following information:

a) the purposes of the processing;

b) the categories of personal data concerning the situation;

c) the recipients of the recipients of personal data that are reported to be public, particularly if recipients from third countries or international organizations;

d) when possible, the period of storage of the personal data envisaged or, if this is not possible, the criteria used to determine that period;

e) the existence of the right of the data subject to request the data controller to rectify or delete personal data or limit the processing of personal data concerning him or to oppose their processing;

f) the right to lodge a complaint with a supervisory authority;

g) if the data is not collected from the interested party, all available information on their origin;

h)  h) the existence of an automated decision-making process, including profiling and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such treatment for the interested party.If personal data is transferred to a third country or an international organization, the data subject has the right to be informed of the existence of adequate guarantees relating to the transfer.The Data Controller provides a copy of the personal data being processed. In case of further copies requested by the interested party, the data controller may charge a reasonable fee based on administrative costs. If the interested party submits the request by electronic means, and unless otherwise indicated by the interested party, the information is provided in an electronic format in common use. The right to obtain a copy must not affect the rights and freedoms of others.


2) right to rectification (art. 16 "GDPR").The interested party has the right to obtain from the data controller the rectification of inaccurate personal data concerning him without undue delay. Taking into account the purposes of the processing, the data subject has the right to obtain the integration of incomplete personal data, also by providing a supplementary declaration.  

3) right to cancellation (art. 17 "GDPR").The data subject has the right to obtain from the data controller the deletion of personal data concerning him without unjustified delay and the Data Controller has the obligation to delete personal data without unjustified delay, if one of the following reasons exists: 

a) personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed;

b) the interested party revokes the consent on which the treatment is based, if there is no other legal basis for the treatment;

c) the data subject opposes the processing pursuant to Article 21, paragraph 1 "GDPR" and there is no legitimate prevailing reason to proceed with the processing, or he opposes the processing pursuant to Article 21, paragraph 2 "GDPR" ;

d) personal data have been processed without delay;

e) personal data must be deleted in order to fulfill a legal obligation established by the law of the Union or of the Member State to which the owner of the processing is subject;f) personal data has been collected in relation to the offer of information society services referred to in Article 8, paragraph 1 "GDPR".The data controller, if he has made personal data public and is obliged to delete them and, taking into account the available technology and the implementation costs, adopts reasonable measures, also technical, to inform the data controllers who are processing personal data of the data subject's request to cancel any link, copy or reproduction of his personal data. The cancellation cannot be made to the extent that the processing is necessary: 
a) for the exercise of the right to freedom of expression and information;

b) for the fulfillment of a legal obligation that requires the treatment foreseen by the law of the Union or of the Member State to which the holder of the treatment is subject or for the execution of a task carried out in the public interest or in the exercise of public authority of which the owner of the treatment is invested;

c) for reasons of public interest in the field of public health in accordance with Article 9, paragraph 2, letters h) and i) "GDPR", and Article 9, paragraph 3 "GDPR";

d) for archiving purposes in the public interest, for scientific or historical research or for statistical purposes in accordance with Article 89, paragraph 1 "GDPR", to the extent that the cancellation risks making it impossible or seriously prejudicing the achievement of such objectives treatment;

e) for the ascertainment, the exercise or the defense of a right in jail.

 4) right to limit the treatment (art. 18 "GDPR"): The interested party has the right to obtain the treatment limitation from the data controller when one of the following hypotheses occurs:

a) the data subject disputes the accuracy of the personal data, for the period necessary for the data controller to verify the accuracy of such personal data;

b) the processing is unlawful and the data subject opposes the deletion of personal data and asks instead that it be limited to its use;

c) although the data controller no longer needs it for the purposes of processing, the personal data are necessary for the data subject to ascertain, exercise or defend a right to conviction;

d) the data subject has opposed the processing pursuant to Article 21, paragraph 1 "GDPR", pending verification regarding the possible prevalence of the legitimate reasons of the data controller with respect to those of the data subject. If the processing is limited, such personal data is processed, except for storage, only with the consent of the interested party or to ascertain, exercise or defend a right in court or to protect the rights of a another natural or legal person or for reasons of significant public interest of the Union or of a Member State. The interest that has been obtained from the limitation of the processing is informed by the Title and subject of the treatment, even if this limitation is invoked.

5) right to portability (art. 20 "GDPR").

 The interested party has the right to receive in a structured format, commonly used and readable by automatic device, the personal data concerning him provided to a data controller and has the right to transmit such data to another data controller without hindrance by part of the data controller to whom he supplied them if: 

a) the processing is based on consent pursuant to Article 6, paragraph 1, letter a) "GDPR", or Article 9, paragraph 2, letter a) "GDPR", or on a contract pursuant to Article 6, paragraph 1, letter b) "GDPR";

b) the treatment is carried out with semi-automated devices.In exercising their rights with regard to data portability, the data subject has the right to obtain direct transmission of personal data from one data controller to the other, if technically feasible. This right does not apply to the processing necessary for the performance of a task of public interest or connected to the exercise of public authority vested in the data controller. The right to portability must not harm the rights and freedoms of others.

6) right of opposition (art. 21 "GDPR"). The interested party has the right to object at any time, for reasons related to his particular situation, to the processing of personal data concerning him / her pursuant to Article 6, paragraph 1, letters e) of) "GDPR", including profiling based on these provisions. The data controller refrains from further processing personal data unless he demonstrates the existence of legitimate cogent reasons for processing that prevail over the interests, rights and freedoms of the data subject or for verification, exercise or the defense of a right in court. If personal data is processed for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning him for these purposes, including profiling to the extent to which it is connected to such direct marketing. If the interested party objects to the processing for direct marketing purposes, the personal data are no longer processed for these purposes. If personal data are processed for scientific or historical research purposes or for statistical purposes in accordance with article 89, paragraph 1 "GDPR", the data subject, for reasons related to his particular situation, has the right to object to the processing of data personal data concerning him, unless the processing is necessary for the performance of a task of public interest.

7) right not to be subjected to an automated decision-making process (art. 22 "GDPR"). The interested party has the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects that concern him or that significantly affects his person, except in cases where the decision: 

a) is necessary for the conclusion or execution of a contract between the data subject and a data controller; 

b) is authorized by the law of the Union or of the Member State to which the data controller is subject, which also specifies appropriate measures to protect the rights, freedoms and legitimate interests of the data subject; 

c) is based on the explicit consent of the interested party. In the cases referred to in letters a) and c), the Data Controller implements appropriate measures to protect the rights, freedoms and legitimate interests of the data subject and, in particular: - must allow the right to obtain human intervention by the same Data Controller; - must allow the interested party to express his opinion and to contest the decision.


8) right to the communication of a violation of personal data to the interested party (art. 34 "GDPR") When the violation of personal data is likely to present a high risk for the rights and freedoms of natural persons, the Data Controller must communicate the violation to the interested party without undue delay. The communication to the person concerned describes in a simple and clear language the nature of personal data violation and also information and information about the subject in article 33, paragraph 3, letters b), c) and d) "GDPR". Communication to the interested party is not required if one of the following conditions is met: 

a) the data controller has implemented the appropriate technical and organizational protection measures and these measures are applied in the personal data and subject area of ​​the violation, in particular by giving personal data incomprehensible to anyone who is not authorized to access it, such as data recording; 

b) the data controller has subsequently taken measures to prevent the occurrence of a high risk for the rights and freedoms of the data subjects; 

c) this communication would require disproportionate efforts. In this case, a public communication or a similar measure is carried out, through which the interested parties are informed with similar effectiveness. In the event that the Data Controller has not yet disclosed the violation of personal data to the data subject, the Control Authority may request, after assessing the probability that the breach of personal data presents a high risk, whether it provides or can decide that one of the integral exception conditions is met.

Finally, it is specified that Chapter VIII, Articles 77 s.s. "GDPR", identifies the complaints tools to the Control and Judicial Authority in your possession.   It should be noted that you will have the right to revoke the consent given at any time, knowing that this may lead to restrictions on the use of the website. For the exercise of the aforementioned rights, you can send a request to the Data Controller at the aforementioned contact details. Being at your complete disposal for any clarification, I am here to offer


The owner

Product added to wishlist
Product added to compare.