Privacy Policy


Data Controller

Eredi Chiarini s.r.l., VAT code 03158320485, in the person of its pro tempore legal representative, current legal offices located in Florence, Via della Mattonaia 17, email:, as Data Controller (hereinafter Controller) gives the highest priority to customers’ rights on the subject of protection of personal data and legal obligations. In compliance with articles 12-14 of the UE Regulation No. 2016679 (hereinafter also “GDPR”, listing regulations relevant to the protection of natural persons on the processing of personal data and the free flow of such data), this Privacy Policy (“Policy”) describes the modalities under which Eredi Chiarini srl shall treat our customers’ personal data gathered through our App EREDI CHIARINI ROYAL (“App”)as well as other media (for instance, social media, cookies, etc.), in compliance with the provisions of which above, and with the principle of disclosure provided for in article 5 of the GDPR. Please read this advisory notice carefully.

The use of the App and some of its features may lead to redirection to the App (the “App”), for which the Customer is invited to carefully read the relative Privacy Policy.

Typologies of Personal Data gathered on Customers

Following are some of the Personal Data gathered through this App, for the purposes described in this Policy, independently or through third parties:

▪ Contact details (such as name, last name, date of birth, nationality, email address, mailing address, phone number and any personal detail) you submitted while filling in the forms on our App, inclusive when you signed up for our newsletter, when you registered and created your account on our App;

▪ Information relevant to any transaction you made;

▪ Personal data that may be included in your communications to us, for instance, to report a problem or submit a request, question or comment relevant to our App or to its contents;

▪ Information originating from questionnaires and/or searches our App may organize for research purposes, if you decide to reply or participate;

▪ Personal data and usage data gathered by third parties, for instance, data shared with us via public social networks (such as Facebook, Instagram, etc.) and/or that we could gather from other database accessible to all;

The insertion of such data is not compulsory. Personal data may be offered freely by customers, or in the event of Usage Data, gathered independently while our App is used.

Communication of your personal data (in particular your personal details, email address, mailing address and phone number) is needed in view of the supply of the services offered by our App upon your request; it is also compulsory under the provision listed by the laws or regulations in force. Your refusal to supply the personal data needed to achieve the purposes of which above may entail our inability to comply with the obligations provided for by the law and other regulations in force. Therefore, in some events failure to provide personal data may entail the legitimate and valid inability to supply the services offered on our App.

Conversely, the communication of further personal data aside from the ones needed to comply with the legal or contractual obligations and with the correct consultation of our services with the data needed to browse our App is optional and has no effect on the use of our App and its services. We shall take care in specifying each time if the supply of your data is mandatory or optional, marking with (*) the data that need to be supplied to obtain the services you require from our App.

Should you have any doubt on which data is compulsory, please feel free to contact the Controller. Unless otherwise stated, the potential use of cookies or other tracking tools by this App has the purpose of offering the service required by the customer, aside from the further purposes described in this file and in the cookie policy, when available.

Users take on full responsibility of the personal details of third parties obtained, published or shared through this App and guarantee its right to communicate or share them, holding the Controller harmless before any responsibility toward third parties.

  1. Legal Basis of the Processing

Treating the personal data supplied finds its legal basis in the following criteria:

  • processing is needed to execute a contract and/or to execute precontractual measures;
  • processing occurs on the basis of a previous explicit assent of the customer, for instance in the event or marketing activities;
  • processing is necessary to comply with a legal obligation the Controller is subject to;
  • processing is necessary to implement a task of public interest or for the implementation of public powers assigned to the Controller;
  • processing is necessary to pursuit the Controller’s legitimate interest or Third Parties’ interest.

The Controller may of course be required to clarify the actual legal basis of each processing, and in particular to specify its validity.

3. Purpose of the Processing

The personal data you supplied are treated as follows:

Without your express consent, in compliance with article 6 letter b) and e) of the GDPR, for the following purposes:

  • Management and execution of the precontractual and contractual obligations;
  • Data entry in the company data base to allow the supervision of the execution of the agreements also for invoicing purposes;
  • Drawing up and execution of the agreement and all the connected and subsequent activities such as, by way of example, correction and modification of the items and services offered;
  • Management of the tax and accountancy obligations and all the connected activities, such as, by way of example, invoicing, refund paperwork in tax-free shopping, credit protection, administration, management, services functional to the execution;
  • Fulfillment of the obligations provided for by the law, regulations, and EU legislation;
  • Implementation of the Controller’s rights, including enforceable rights.

Subject to your express consent, in compliance with article 7 of the GDPR, for the following purposes:

  • Controller’s direct marketing through traditional and/or computerized means, also without operators, to improve the offering of items and services and to receive communications, newsletters, brochures and/or promotional materials, disclosing the degree of satisfaction, or relevant to events and initiatives, market researches or other sample researches and direct sale through computerized modalities (e-mail, sms, mms and/or instant messenger) and traditional modalities (phone calls through operators and/or mail);
  • Third-party direct marketing through traditional and/or computerized means, also without operators, to receive communications, newsletters, brochures and/or promotional materials, disclosing the degree of satisfaction, or relevant to events and initiatives, market researches or other sample researches and direct sale, statistics, interaction with social networks and external platforms, comment on contents, through computerized modalities (e-mail, sms, mms and/or instant messenger) and traditional modalities (phone calls through operators and/or mail) as business partners working in the same product range;
  • Other profiling activities through computerized means, meant to improve the offer of items and services, and to allow the identification of your preferences, attitudes and interests relevant to the items and services used, also through a computerized process of your data, your profile, and the study of your tendencies and consumer choices.
  • Study activities, with non-automated means, of consumption habits in order to make the products and initiatives more responsive to the tastes of the Customers. This study has the sole objective of proposing to customers and users products, services and initiatives more appropriate to their needs, with non-invasive methods of the personal sphere.

At any time and free of charge, you may exercise your right to deny fully or in part the processing of your data for the purposes of which at B).

We also inform you that our Company uses the IP addresses of visitors, in a completely anonymous way, to monitor the traffic on the Site.

4. Modalities and place of the processing of Personal Data gathered

4.1 Processing and safety modalities

The Controller shall implement suitable safety measures aimed at preventing unauthorized access, spreading, modification or destruction of Personal Data. As for the purposes listed above, your data shall be treated through manual and computerized tools, in compliance with the principles of fairness, lawfulness and transparency, and with the existing regulations on the safeguard of personal data and safety measures provided for in article 32 of the GDPR, implemented exclusively by authorized personnel and in compliance with the GDPR. Your personal data shall be processed through gathering, registration, retention, consultation, processing, modification, drawing, comparison, use, communication, elimination and destruction of the data. The Controller may also use cookies (temporary tally identifying natural persons on line) to allow, provide, improve and personalize the items and services offered. The Controller shall use computerized decisional procedures, including profiling. For further protection of your personal data beyond the control we implement, we suggest protecting the devices used to browse the Internet with an updated antivirus system, and to check that the Internet provider used is implementing suitable measures to transmit data, such as firewalls and other antispam filters.

In some instances, besides the Controller, data may be available to other persons involved in the organization of this App (administrative and marketing personnel, legal representatives, system administrators), as well as outside persons (third parties technicians, couriers, hosting providers, IT companies, communication agencies) and if needed, Processors appointed by the Controller. You may ask at any time for the updated list of Processors to the Controller.

4.2 Place of Data Processing and Transfer

The Data shall be processed at the executive offices of the Controller and at any other place where the parties involved in the processing are located. Please contact the Controller for further information.

Personal Data are retained in servers located in Member States of the EU; when needed, and in compliance with articles 44 and following of the GDPR, the Controller reserves the right to transfer said servers also to third countries not part of the EU, in compliance with the applicable laws.

Customers have the right to obtain information on the legal basis of data transferred outside the EU or to an international organization of international law, or made up by two or more countries, as well as information on the safety measures implemented by the Controller to protect the Data.

5. Retention Period

In compliance with the principle of lawfulness, limitation of the purposes and data reduction, under the GDPR, the retention period of your Personal Data is set for a period not exceeding the achievement of the purposes for which they were gathered and processed, in compliance with the terms provided for by the law and the provision of the Data Protection Supervisor.


  • Personal Data gathered for purposes connected to the execution of an agreement between the Controller and the Customer shall be retained until the execution of said agreement is completed.
  • Personal Data gathered for purposes ascribable to the legitimate interest of the Controller shall be retained until such interest has been reached. Customers may obtain further information on the Controller’s legitimate interest in the dedicated sections of this document, or contacting the Controller.

When the data processing is based on Customer authorization, the Controller may keep Personal Data for a longer period, until such authorization is revoked. Moreover, the Controller may be required to keep Personal Data for a longer period, in compliance with the law or due to the order of an authority. At the end of which, Personal Data shall be canceled. Therefore, at the expiry of such term or right to access, cancellation, correction, and the right to data porting shall no longer be available.

6. Details on Personal Data Processing

Personal Data are gathered for the following purposes when using the following services:

Contacting Customers
Mailing List or Newsletter (This Application)

By signing up to a mailing list or newsletter, customers’ e-mail addresses are automatically included in the contact list to which business or promotional emails may be sent relevant to this Application. Customers’ email addresses may be added to this list following registration to this Application or after purchases.

Personal Data gathered: full name, e-mail address.

Interaction with social networks and external platforms
This service allows interaction with social networks or other external platforms directly from the App pages. Interactions and information acquired from this App are in any case subject to the privacy settings of the customer for each social network.

For interaction system with social networks, and even though customers may not use it, the service may gather traffic data for the pages where it has been installed.

Like Button and Facebook social widgets (Facebook, Inc.)

The Like button and Facebook’s social widgets are services that allow interaction with Facebook social network, supplied by Facebook, Inc.

Personal Data gathered: Cookies and Usage Data.

Processing place: the USA – Privacy Policy (

Tweet Button and Twitter social widgets (Twitter, Inc.)

The Tweet button and Twitter’s social widgets are interaction services with the Twitter social network supplied by Twitter, Inc.

Personal Data gathered: Cookies and Usage Data.

Processing place: the USA – Privacy Policy (

+1 button and Google+ social widgets (Google Inc.)

The +1 button and Google+’s social widgets are interaction services with Google+ social network supplied by Google Inc.

Personal Data gathered: Cookies and Usage Data.

Processing place: the USA – Privacy Policy (

“Pin it” Button and Pinterest social widgets (Pinterest)

The “Pin it” button and Pinterest’s social widgets are interaction services on the Pinterest platform, supplied by Pinterest Inc.

Personal Data gathered: Cookies and Usage Data.

Luogo del processing: the USA – Privacy Policy (

LinkedIn Button and social widgets (LinkedIn Corporation)

The LinkedIn button and social widgets are interaction services with the LinkedIn social network, supplied by LinkedIn Corporation.

Personal Data gathered: Cookies and Usage Data.

Luogo del processing: the USA – Privacy Policy (

Supervision of the infrastructure
This service allows this App to supervise the use and behavior of the infrastructure, to allow the improvement of its performance and functions, its maintenance and problem solving.

The Personal Data processed depend on the features and implementation of these services, which filter the activities of this App.

Firebase Crashlytics (Google Inc.)

Firebase Crashlytics is a crash reporting service which allows the check and monitoring of the software procedures implemented in the App.

Personal Data gathered: IP Address.

Processing place: the USA – Privacy Policy (

The services listed in this section allow the Controller to supervise and analyze traffic data and are needed to keep track of customers’ behavior.

Google Analytics (Google Inc.)

Google Analytics is a web analysis service supplied by Google Inc. (“Google”). Google uses the Personal Data gathered to trace and study the use of this application, draft reports and share them with other services developed by Google.

Google may use Personal Data to contextualize and personalize ads in its advertisement network.

Personal Data gathered: Cookies and Usage Data.

Processing place: USA – Privacy Policy (

Visualization of contents from external platforms
This service allows the visualization of contents on external platforms directly on the pages of this App, as well as direct interaction with them.

If this service has been installed, and even though customers do not use it, the service may gather traffic data for the pages where it has been installed

Google Fonts (Google Inc.)

Google Fonts is a service visualizing character styles managed by Google Inc. allowing this application to include such contents within its pages.

Personal Data gathered: Usage Data and various data typologies according to the specifications on this service’s privacy policy.

Processing place: the USA – Privacy Policy (

Widget Google Maps (Google Inc.)

Google Maps is a service of map visualization managed by Google Inc. allowing this application to include such contents within its pages.

Personal Data gathered: Cookies and Usage Data.

Processing place: the USA – Privacy Policy (

7. Rights of the involved persons

As person involved, at any moment you shall be entitled to:

  • Right to withdraw your consent at any time. You may withdraw your previous consent to the processing of your Personal Data contacting us directly at

To cancel your registration to our newsletter, you may proceed directly clicking on the dedicated link found at the bottom of each communication.

  • Right to access your Data. You have the right to obtain information on the Data processed by the Controller on specific aspect of the processing and to receive a copy of the processed data. Please contact us directly writing to
  • Right to correction. You may check the correctness of your Data and require their update and/or correction contacting us directly at
  • Right to limit the processing. In certain cases, you may ask for the limitation of the processing of your Data, in which case the Controller shall not process some data unless for their retention.
  • Right to have Personal Data cancelled or removed. In certain cases, you may ask the Controller to remove your data.
  • Right to data porting. You have the right to receive your data in structured format accessible to automatic devices, and where technically available, obtain their easy porting to another Controller. This is applicable when your data have been processed with computerized tools and the processing is based on your consent in a contract including you or in contractual measure connected.
  • Right to Complain. You may complain to the competent authority controlling the protection of Personal Data, or take legal steps.
  • Right to deny processing for business purposes. You shall have the right to deny at any moment the processing, should your data be used for business purposes or direct marketing.

8. Modalities to exercise rights

At any time you may exercise the above-mentioned rights in writing sending a registered mail to Eredi Chiarini s.r.l., Via F.G. Angelico n. 58, 50121 Firenze (FI) or, alternatively, emailing or the certified email Requests are free of charge and shall be handled as soon as administratively feasible, in any case within a month.

9. Minor Customers Rights

The services offered by the Controller and the App he administers are not destined to customers under 16 (or any other age limit set by your country of residence). The Controller shall not intentionally gather or use information and Personal Data. For the purposes of minor safeguard and privacy, should such information be gathered and/or registered, upon request the Controller shall cancel it promptly. Registering to our App confirms customers are of age in their country of residence.

10. Controller, person in charge and processors

The Controller of the processing is the company Eredi Chiarini s.r.l., VAT code 03158320485, in the person of its pro tempore legal representative, reachable in the modalities of which at article 8. The updated list of persons in charge and processors of the Personal Data retained at the executive office of the Controller of the processing.

11. Amendments to this policy

The Controller of the Processing reserves the right to amend this privacy policy at any time, notifying it on this page. Therefore, please check this page regularly for its most updated version.

Should the amendments be relevant to processing based on the customer’s consent, the Controller shall ask for the consent again, if necessary.

12. Cookie Policy

This App uses Cookies.

To learn more and to read the detailed policy, please check our Cookie Policy here: (//

13. Further information on the Processing

Defense before the Court

The Controller may use the customer’s Personal Data before the court or in the preliminary phase of a possible process in defense against the customer’s violation in using this App or the connected services.

Customers declare they are aware that the Controller may be obliged to disclose personal data before the public authority.

System Log and maintenance

Due to requirements connected to the functioning and maintenance, this App and possible third services it uses may gather system logs, i.e., files registering interactions that may contain also Personal Data, such as User IP address.

Information not listed in this policy

Further information relevant to the processing of Personal Data may be obtained at any time from the Controller of the Processing through the contact details listed above.

Reply to “Do Not Track” requests

This App does not support “Do Not Track” requests.

To learn whether possible third party services support this request, please check their privacy policies.

Legal definitions and references

Personal Data (or Data)

The term refers to any direct or indirect information, also connected to any other information, including personal identification numbers, identifying or making a natural person identifiable.

Usage Data

The term refers to computerized information gathered through this App (or through third party applications connected to this App) such as: IP addresses or domain names of computers used by customers connecting to this App; URI (uniform resource identifier) notation addresses; time of the request; method used to submit the request to the server; size of the files in reply; numeric code marking the state of the reply of the server (successful, failed, etc.); country of origin; features of the browser and operating system used by the customer; details of the itinerary followed within the App with reference to the sequence of the pages browsed, to the parameters of the operating system and the IT environment of the customer.

Person Involved

The natural person the Personal Data is referring to.

Person in charge of the Processing ( or Processor)

The natural or legal person, public administration or any other body processing Personal Data on behalf of the Controller, as per the description in this privacy policy.

Controller of the Processing (or Controller)

The natural or legal person, public authority, service, or any other body that separately or with others, sets the purposes and the processing means of Personal Data and the means used, including the safety measures relevant to the functioning and usage of this App.

European Union (or EU)

Unless otherwise specified, any reference to the European Union in this policy shall refer to the current member states of the European Union and the European Economic Area.


Small amounts of data retained within the customer’s device.

Legal References

This privacy policy was drawn up in compliance with article 13 and 14 of the EU regulation 2016/679.