Last updated: June 2026
Your privacy is important to us. This Privacy Policy explains how Pappa Fresh OÜ collects, uses and protects your personal data when you visit the pappafresh.it website, place an order or subscribe to our newsletter, in accordance with Regulation (EU) 2016/679 ("GDPR") and applicable law.
The data controller of the personal data is:
For any request regarding the processing of your data, you can write to us at the email address indicated above.
Depending on how you interact with us, we may process the following categories of data:
| Purpose | Legal basis |
|---|---|
| Manage orders, subscriptions, payments and shipments | Performance of the contract (Art. 6.1.b GDPR) |
| Provide customer support and respond to requests | Performance of the contract and legitimate interest (Art. 6.1.b and 6.1.f) |
| Comply with tax, accounting and legal obligations | Legal obligation (Art. 6.1.c GDPR) |
| Send newsletters and promotional communications | Consent (Art. 6.1.a GDPR), revocable at any time |
| Statistical analysis and improvement of the site | Consent for non-essential cookies / legitimate interest (Art. 6.1.a and 6.1.f) |
| Prevent fraud and ensure the security of the service | Legitimate interest (Art. 6.1.f GDPR) |
We retain personal data only for as long as necessary for the purposes for which it was collected:
At the end of the retention periods, the data is irreversibly deleted or anonymised.
As a data subject, under Articles 15-22 of the GDPR you have the right to:
To exercise these rights, write to info@pappafresh.it. You also have the right to lodge a complaint with a supervisory authority, for example the Italian Data Protection Authority (Garante per la protezione dei dati personali) in Italy (garanteprivacy.it) or the Estonian data protection authority (Andmekaitse Inspektsioon).
To provide the service we rely on selected providers who process data on our behalf as data processors, on the basis of dedicated agreements:
Some of these providers may process data outside the European Economic Area. In such cases, the transfer takes place in compliance with the GDPR, for example through adequacy decisions or Standard Contractual Clauses approved by the European Commission. We do not sell your personal data to third parties.
We adopt appropriate technical and organisational measures to protect personal data from unauthorised access, loss or disclosure, including encrypted connections (HTTPS) and entrusting payments to a PCI-DSS certified provider such as Stripe.
The pappafresh.it website uses cookies and similar technologies to function correctly and to improve your experience. Cookies are small text files stored on your device.
Essential to the functioning of the site: they manage, for example, the cart, the session and basic preferences. No consent is required for these cookies and they cannot be disabled without compromising the use of the site.
You can manage or disable cookies through any consent banner present on the site and through your browser settings, where you can block or delete cookies that are already installed. Disabling technical cookies may limit some functionalities of the site.
For any questions regarding this Privacy Policy or the processing of your personal data, you can contact Pappa Fresh OÜ at info@pappafresh.it.
Last updated: June 2026 — template document to be reviewed by a lawyer before publication.