Privacy policy

Who we are

The address of our website is

What personal data we collect and why we collect it

Notice provided pursuant to Art. 13 of EU Regulation 2016/679 (hereinafter referred to as “the Regulation”), to users accessing the website

The notice contains:

– The nature of the personal information processed;

– the purposes and legal bases of the processing of personal information (Art. 13.1.c and 13.1.d of the Regulation);

– the identity and contact details of the Data Controller (Art. 13.1a and 13.1.b of the Rules);

– the retention period of the personal information (Art. 13.2.a of the Regulation);

– the nature of the provision of data and the consequences of refusal (Art. 13.2.e of the Regulation);

– the rights of the users (Art. 13.2.b, 13.2.c and 13.2.d of the Regulation).


The Data Controller is Consorzio Operatori Grand’Affi Shopping Center, Località Canove, 37010 Affi (VR), Cod.fisc./P.IVa 02642470237.

Their contact details are


Navigation data

The site collects certain personal data, the transmission of which is implicit in the use of internet communication protocols. This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow the user to be identified.

This category of data includes the IP addresses or domain names of the computers used by the user who connects to the website, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment. This data is used for the sole purpose of obtaining statistical information on the use of the website and to check that it is functioning correctly. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the website.

Data provided voluntarily by the user

The optional, explicit and voluntary sending of messages using the “Contact us” service on the website or by sending email messages to the company’s address entails the subsequent acquisition of the sender’s address, which is necessary to respond to requests, as well as any other personal data included in the request. The legal basis for this processing is Art. 6.1.b of the Regulation, i.e. the execution of measures requested by the user.

Registration on the websiteo

Registering an account involves entering certain personal data, which must be true and accurate. The data which must be entered are clearly indicated; the other data are entered voluntarily and failure to enter them does not entail any consequences. The user is invited to keep this data up to date by logging into his personal account. The legal basis for this processing is Art. 6.1.b of the Regulation, i.e. the execution of measures requested by the user. The user who chooses to activate his account via social media must be aware that the website (or the APP) may collect certain data which the user has already provided to that social network (e.g. email address and public profile). The Data Controller has no control over the social network and does not determine the privacy settings of the social network. The user must therefore refer to the privacy policy of the social network he uses.

Newsletters and commercial communications

The user can voluntarily choose to receive newsletters and commercial communications. The website asks for explicit and free consent before undertaking promotional initiatives of this kind and may ask the user for additional information in order to create his consent, which is the legal basis for this processing (Art. 6.1.a of the Regulation).

Online shopping

When placing an order, the website asks the user to provide personal data for the essential purpose of providing the service or good(s) purchased, including the after-sales phase (e.g. delivery tracking, support services, customer satisfaction) and activities to prevent fraud and misuse of the website. The legal basis for the processing is the fulfilment of contractual obligations (Art. 6.1.b of the Regulation). For payments, the website uses third-party providers and does not store any bank information belonging to the user. The Data Controller has no control over the provider of this type of service and the user must therefore refer to the privacy policy and terms of service of that provider.


The purpose of profiling is to suggest products, services and initiatives which are more suited to users’ preferences, habits and interests. Personal data may also be used for remarketing, retargeting or profiling purposes by third parties (e.g. social networks). As regards the users of the website, it is in the legitimate interest of the website to process personal data in order to offer more interesting and personalised services by improving the performance of the website.


The website invites parents and all those who supervise minors to instruct them on how to handle personal data on the internet safely and responsibly. Minors must not send personal data to the website without the consent of their parents. The website is obligated to not intentionally collect personal data from minors, not to use it in any way and not to communicate it to third parties.


The cookies policy can be found at this link:


The Data Controller may transfer the user’s personal data to third parties qualified as data processors or data controllers in order to carry out technical operations necessary to perform the services connected with the best management of the website (e.g. IT service providers, customer service providers, payment service providers). In such cases, the provision of data is essential to fulfil contractual commitments and to improve the performance of the website. Through data processing agreements, the Data Controller commits to ensuring that those responsible handle the data in an appropriate and secure manner. The user can request a list of the persons responsible using the email address of the Data Controller. In addition, the Controller may be required to share your personal data when required to do so by law or by order of a public authority or to protect his own rights or the rights of third parties. The Data Controller does not transfer data outside the European Union.

Third-party websites

This notice does not apply to other websites or platforms to which the website may link (e.g. banners, advertisements and other links to third-party websites or platforms), which you should refer to by reading the relevant privacy policy.


Specific security measures are observed to prevent loss of, unlawful or incorrect use of and unauthorised access to data.


The Data Controller stores personal data for the time necessary to provide the user with the requested services or to fulfil legal or tax obligations or for the minimum period required by law. In order to determine the appropriate retention period for personal data stored by the website upon the user’s consent, the Data Controller also takes the following criteria into consideration: the specific purposes for which the website stores personal information as set out in the notice; the type of relationship with the user (how often the user accesses his account, whether the user makes requests through contact forms, whether the user continues to receive newsletters or commercial communications, how regularly the user browses the website, etc.); any specific request by the user to delete his data or to withdraw his consent; the legitimate commercial interest of the Data Controller. The site shall promptly delete or anonymise personal data whose storage is no longer required by law.


Apart from what has been specified for navigation data, the user can freely give his data through the contact form or to receive promotional communications or to purchase goods or services, and failure to do so may make it impossible to obtain what has been requested. Within the various forms, it is always specified which data are mandatory in order to be able to respond to the user’s request.


The user has the right to receive confirmation as to whether or not his personal data are being processed by the Data Controller.

In this case, pursuant to the Rules, the user has the right to:

-be informed about the collection and use of his personal information;

-access his personal information at no cost;

-obtain the rectification or completion of inaccurate or incomplete personal information;

-obtain the deletion of personal information;

-under specific conditions, obtain the restriction or deletion of his personal information;

-obtain and re-use his personal information for his own purposes among different services when the processing is based on a contract or on consent and is carried out automatically (‘the right to data portability’);

-under specific conditions, object to the processing of his personal information;

-lodge complaints about the collection and processing of personal information with the competent supervisory authority;

-withdraw consent to the processing of personal data at any time, without prejudice to the lawfulness of the processing carried out to date on the basis of the consent withdrawn.

For any information, we invite you to consult the website of the Italian Data Protection Authority – – where you will find a section dedicated to these rights.


© 2021 Consorzio Operatori Grand’Affi Shopping Center Loc. Canove 37010 – AFFI (Verona) IT 02642470237

Start typing and press Enter to search

Shopping Cart