1. Who we are (Data Controller)
The Data Controller is Polpetteria Italiana SRLS, registered office: Via Maia 18, 00100 Rome (IT), e-mail: privacy@polpetteria-italiana.com.
External Processor: Diego De Francesco, contractor for digital management and technical processes.
2. Scope of this notice
This notice applies to users of the Fridge web application (dashboard, fridge readings, history, PDF reports).
3. Categories of data processed
- Account/identification data: first/last name, e-mail, role, tenant/restaurant
- Service operational data: fridge (name, location), temperature readings, notes, attached photos, timestamps
- Technical and security logs: IP addresses, user-agent, access events, errors
- Billing/payment data: billing details, transaction ID, payment outcome (never full card data)
4. Purposes and legal bases
- Service provision β Art. 6(1)(b) GDPR, contract performance.
- Security, abuse prevention, business continuity β Art. 6(1)(f) legitimate interest.
- Customer support β Art. 6(1)(b)/(f).
- Legal obligations β Art. 6(1)(c).
- Marketing communications (if enabled) β Art. 6(1)(a) consent.
5. Cookies and similar tools
We use strictly necessary cookies for operation (session, security). Any analytics cookies are loaded only after consent. For details see the Cookie Policy.
6. Recipients (providers and sub-processors)
We use selected providers bound by GDPR DPA agreements, including:
- Hosting β servers and database at Keliweb
- E-mail service β notifications/password reset
- Payment services β checkout and transactions management (only if paid plans are active)
The up-to-date list of sub-processors is available upon request.
7. International data transfers
If transfers outside the EEA occur, they comply with GDPR Chapter V (e.g., Standard Contractual Clauses). More information available on request.
8. Data retention
- Account and tenant data: for the duration of the relationship and up to 12 months after closure
- Fridge readings/registers: 24 months (or different period per HACCP manual)
- Security technical logs: 6 months
- Billing data: as required by law 10 years (Italy)
Upon expiry, data are securely deleted or anonymized.
9. Data subject rights
You can exercise your rights of access, rectification, erasure, restriction, portability and objection by writing to privacy@polpetteria-italiana.com. You also have the right to lodge a complaint with the Italian Data Protection Authority.
10. Security
We adopt appropriate technical and organizational measures: HTTPS, password hashing, access controls, periodic backups, data minimization, file validation.
11. Updates to this notice
We may update this notice to reflect regulatory or service changes. The current version is always published on this page; material updates will be notified.