The document was updated on 16/05/2018 to comply with the new regulatory provisions on the protection of personal data.

INFORMATION pursuant to regulation (EU) 2016/679 (general data protection regulation) in the current version of the OJ L 119 of 04.05.2016.


The owner of the treatment
This policy applies to the website (hereafter “the Site”), is to be understood as information provided pursuant to the Privacy Code, the European Data Protection Regulation GDPR, to users who browse the Site and possibly interact with the services offered. The Data Controller, pursuant to the “Privacy Code” or “Code, is Giuseppe Pagano’s San Salvatore 1988 (hereinafter also referred to as” San Salvatore “) district Zerrilli 84075 Stio (Sa), tel +39 0828 1990900, fax +39 0828 1990901, email p.iva / cf 04111650653.


The purposes of the treatment
As better explained in the sections that allow you to adhere – by releasing your personal data – to the services reserved for users of our site, the data of the users concerned are processed in order to respond to requests expressly made by them. In particular, all data collection and subsequent processing activities are aimed at pursuing the following purposes:
a) registration on the site;
b) subscription to email newsletter;
c) purchase of San Salvatore brand products;
d) sharing of content on the site;
e) customer relationship management (CRM);
f) generic request for information;
g) participation in any promotional initiatives dedicated to new or already registered customers;
h) purposes of statistical research / analysis on aggregate or anonymous data, without therefore the possibility of identifying the user, aimed at measuring the functioning of the site.


What is the object of the treatment
Browsing data: The computer systems and software procedures used to operate this site acquire, in normal operation, some personal data which are then implicitly transmitted in the use of Internet communication protocols. This is information that by its nature could, through associations and processing with data held by third parties, allow users / visitors to be identified (e.g. IP address, domain names of the computers used by users / visitors who connect to the site, etc.). These data are used only for statistical information and to check the correct functioning of the site. The data on web contacts are not kept, however, for more than seven days, except for any investigations of computer crimes against the site. No data deriving from the web service will be communicated or disseminated. Data provided voluntarily by users / visitors: If users / visitors, by connecting to this site, send their personal data to access certain services, or to make requests via e-mail, they are aware that this entails the acquisition by the Data Controller sender’s address and / or any other personal data that will be processed exclusively to respond to the request, or for the provision of the service.


To whom they will be communicated
The personal data provided by users / visitors will be communicated to third parties only if the communication is necessary to comply with the requests of the users / visitors themselves or by law. Third parties, who will act as independent data controllers by providing services instrumental to satisfy the request of the interested user (for example, companies that perform the delivery service of the products purchased) or to whom the communication of data is necessary to comply with regulations by law or regulation. Some controllers have been designated. In particular, Aruba Spa, Località il Palazzetto n. 4, Bibbiena (Ar), Italy. The updated list of managers is available on simple request at the address of the owner Personal data will be made available to persons expressly authorized by the owner – and appointed for this purpose in charge of processing, who carry out processing activities essential for the pursuit of the aforementioned purposes; the categories of persons in charge are those of the employees of the administration, communication, accounting, legal advice, technical maintenance of information systems, marketing, depending on the specific request sent by the user concerned through this site. The Data Controller does not transfer personal data to third countries or to international organizations, however, reserves the possibility of using cloud services; in which case, the service providers will be selected from among those who provide adequate guarantees, as required by art. 46 GDPR 679/16. The data may also be transferred to European Union countries or to other countries that the European Commission declares guarantee an adequate level of protection or with which the Data Controller has signed model clauses provided by the Commission by decision of 5 February 2010, or which in any case have obtained certification according to the provisions of the Privacy Shield for data transfers between the EU and the US. Pursuant to articles 33 and 34 of the Regulation, whenever a security breach is detected that accidentally or unlawfully involves the destruction, loss, modification, unauthorized disclosure, access to personal data and such violation presents a high risk for rights and the freedoms of natural persons, the data controller will inform both the supervisory authority and the interested party (to whom the data refer) without undue delay and, where possible, within 72 hours from the time when he became aware of it .

How we treat the data
All the treatments carried out within this site will be carried out with electronic or telematic tools, but could also be treated with paper / manual tools. Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access in full compliance with the provisions of articles 31 and following of the Privacy Code and the Technical Regulations – Annex B to the Privacy Code – regarding minimum security measures and art. 32 GDPR. The data will be processed with logic related to the purposes for which the data were collected and in compliance with the current safety regulations, for the purposes indicated above or specified from time to time in any further information presented to the user.


Types of data processed and optional data provision
The forms to be filled in on this site include both data that are strictly necessary to comply with the matters of interest and whose failure to indicate does not allow the request to be processed, and optional conferment data that are not strictly necessary to process the request.


How long the data is kept for
The data will be kept until the request for cancellation, without prejudice to the related legal obligations which provide for a longer storage period in compliance with current regulations.


What are the rights of the interested parties
The subjects to whom the personal data refer have the right at any time to obtain confirmation of the existence or otherwise of the same data and to know its content and origin, verify its accuracy or request its integration or updating, or the rectification (articles 15 and following of the GDPR). Interested parties who believe that the processing of personal data relating to them occurs in violation of the provisions of the Regulation have the right to lodge a complaint with the Guarantor (art.77 of the Regulation) or to appeal to the appropriate judicial offices (art.79 of the Regulation ).

Given the current state of evolution of the legislation on the protection of personal data, we inform you that this privacy policy may be subject to updates.