S’Isula – eCommerce

Last updated: [April 13, 2026]

This information is provided pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (“GDPR”) and describes how Pavoncella S.r.l. processes the personal data of users who browse and/or purchase on the S’Isula eCommerce site (hereinafter the “Site”).

 

1) Data Controller

The Data Controller is:

Pavoncella S.r.l.
Registered office: Via Sonnino, 128 – 09127 Cagliari (CA)
Administrative office / showroom: Località Pill’e Matta – 09044 Quartucciu (CA)
VAT No.: 03799890920 – PEC: pavoncella@pec.it
Contact email: sisula@sisula.it

Privacy contacts: for requests regarding personal data, you can write to sisula@sisula.it indicating “Privacy” in the subject line. 

 

2) Types of data processed

Depending on your use of the Site, we may process:

2.1 Data provided directly by the user

Personal and contact details: name, surname, email, telephone, address.
Billing data: company name, VAT number / Tax Code, SDI/PEC (if requested).
Order data: products purchased, amounts, delivery preferences, order notes.
Personalization data: information necessary to create personalized products/baskets (e.g., messages, preferences, compositions).
Data communicated via support: information contained in emails, contact forms, messages.

Providing certain data is necessary to manage orders and deliveries; without this data, we will not be able to complete the purchase.

2.2 Data collected automatically (browsing)

Usage data (e.g., pages visited, browsing times, technical events).
Technical data (e.g., IP address, browser, operating system, device identifiers).
Cookies and tracking tools (see Cookie Policy).

2.3 Payment data

Payments with PayPal and credit/debit cards are managed through external providers: the Site may receive technical and outcome information (e.g., payment successful/failed), but does not store full card details.

2.4 Minors’ data

The Site is not intended for minors. In the case of purchasing products containing alcohol, the user declares that they are of legal age according to current legislation.

 

3) Purposes of processing, legal bases, and nature of provision

We process personal data for the following purposes:

A) Order management and contractual relationship

What it includes: account registration, shopping cart, checkout, orders, shipping, payment management, operational communications (e.g., order confirmation, shipping status), personalization management.
Legal basis: execution of the contract and/or pre-contractual measures (Art. 6.1.b GDPR).
Provision: necessary.

B) Customer support and request management

What it includes: responses via email/form/phone, information requests, complaint management.
Legal basis: execution of the contract or pre-contractual measures (Art. 6.1.b) and/or legitimate interest of the Controller (Art. 6.1.f) to properly manage support.
Provision: necessary to handle the request.

C) Legal and tax compliance

What it includes: accounting, tax, and administrative obligations, document retention, warranty management.
Legal basis: legal obligation (Art. 6.1.c GDPR).
Provision: necessary.

D) Security, fraud prevention, and Site protection

What it includes: security logs, prevention of unauthorized access, anti-fraud checks, legal defense.
Legal basis: legitimate interest (Art. 6.1.f GDPR) and/or legal obligations (Art. 6.1.c).
Provision: necessary for Site security.

E) Marketing (newsletters, promotions, commercial communications)

What it includes: sending newsletters and promotions, communications about products, news, special occasions (Christmas/Easter, etc.).
Legal basis: consent (Art. 6.1.a GDPR).
Provision: optional.
Withdrawal: at any time via the “unsubscribe” link or by contacting sisula@sisula.it.

Soft spam (if applied): in the event of a purchase, we may send communications about products similar to those purchased, in compliance with applicable regulations and with the possibility of immediate objection.

F) Statistical analysis and Site improvement (analytics)

What it includes: statistical analysis (including aggregate) to improve performance, content, user experience, and funnels.
Legal basis: consent (Art. 6.1.a) for non-technical / third-party tools, or legitimate interest for strictly necessary and anonymized analytics (where applicable).
Provision: optional (manageable via the cookie banner).

G) Advertising and retargeting (profiling and personalized ads)

What it includes: advertising on platforms (e.g., social/adv networks), retargeting (e.g., abandoned cart), conversion measurement.
Legal basis: consent (Art. 6.1.a GDPR).
Provision: optional, manageable via the cookie banner.

 

4) Processing methods and security measures

Processing is carried out using IT and electronic tools, with appropriate logic and security measures (e.g., access controls, backups, protection from unauthorized access) to reduce the risks of loss, illicit use, or unauthorized access.

 

5) Data recipients (who can receive it)

Data may be communicated to entities acting as Data Processors (Art. 28 GDPR) or as independent controllers, in particular:

• Hosting providers and IT services (server management, maintenance, security).
• Couriers and logistics operators (for delivery and shipping management).
• Payment providers (PayPal, card circuits, and related gateways).
• Email marketing / automation platforms (for newsletters and flows, if activated).
• Analytics and advertising service providers (only if the user provides consent).
• Consultants and professionals (accountants/lawyers) only for administrative or legal needs.
• Public authorities (where required by legal obligations).

Upon request, it is possible to obtain information on the category of recipients and the appointed processors.

 

6) Data transfer outside the European Economic Area (EEA)

Some providers (e.g., payment services, analysis services, advertising or email platforms) may process data outside the EEA. In such cases, the transfer takes place in compliance with the GDPR, through adequacy decisions or Standard Contractual Clauses (SCC) and supplementary measures where necessary.

7) Retention period

We keep data for the time necessary for the purposes for which it was collected, in compliance with the principles of minimization and storage limitation.

General guidelines:

Order/billing data: kept for the period required by tax and accounting obligations.
Customer account: until a request for deletion or prolonged inactivity (except for legal obligations).
Support and requests: for the time necessary to handle the request and for potential legal protection.
Marketing: until consent is withdrawn or a deletion request is made.
Cookies/analytics/adv: according to the durations indicated in the Cookie Policy and the preferences expressed.

8) Rights of the data subject

The user can exercise the rights provided for by Articles 15–22 of the GDPR, including:

• access to data,
• rectification,
• deletion (in the cases provided for),
• restriction,
• portability,
• objection,
• withdrawal of consent (without affecting the lawfulness of previous processing).

To exercise your rights: write to sisula@sisula.it.
It is also possible to lodge a complaint with the Data Protection Authority.

9) Changes to this policy

The Controller may update this policy. Changes will be published on the Site and will take effect from the date of publication.

10) What are cookies and tracking tools

Cookies are small text files that sites save on the user’s device (computer/smartphone/tablet).
Tracking tools can also include pixels, tags, SDKs, scripts, and similar technologies that help to:

• make the Site work,
• remember preferences,
• analyze traffic and performance,
• show relevant ads (only with consent).

11) Types of cookies used

11.1 Technical/necessary cookies (always active)

These are necessary for the Site to function and do not require consent. Typical examples in eCommerce:

• session and login management,
• maintaining the shopping cart,
• technical preferences,
• security and fraud prevention.

11.2 Preference cookies (optional)

They store choices and preferences (e.g., language, area, settings). Activated only if the user enables them.

11.3 Statistical/analytics cookies (optional)

They help us understand how users use the Site (pages viewed, events, performance) to improve services and content.
They can be:

first-party (managed by the Controller) or third-party (e.g., analysis tools).
They require consent when they are not strictly technical or when they involve third parties.

11.4 Marketing/profiling cookies (optional)

Used to:

• show personalized advertising,
• perform retargeting (e.g., after a visit or abandoned cart),
• measure conversions.

They require explicit consent.

 

12) Third-party cookies and embedded content

The Site may integrate third-party services or content (e.g., maps, videos, fonts, social media). These services may set cookies or similar technologies.
Examples of frequent categories:

• embedded videos (e.g., players),
• maps,
• external fonts,
• social buttons,
• advertising and measurement tools.

The activation of these cookies occurs based on the preferences expressed in the banner/cookie center, where provided.

13) Consent management (banner and preference center)

Upon first access (and subsequently in case of a reset), the Site shows a cookie banner that allows you to:

• accept all optional cookies,
• reject them,
• customize preferences by category (preferences/statistics/marketing).

The user can change or withdraw consent at any time via:

the “Manage cookie preferences” button/link on the Site (if provided), or by deleting cookies from the browser and repeating the choice at the next access.

14) How to disable cookies from your browser

The user can also manage cookies from the browser settings (deletion, blocking, restrictions).
Note: disabling technical cookies may compromise the functioning of the eCommerce site (cart, checkout, login).

15) List of cookies and updates

The updated list of cookies (name, duration, purpose, provider) can be consulted:

in the cookie preference center (if implemented), and/or
through the information features of the cookie banner.

This Cookie Policy may be updated in the event of technical or regulatory changes.