GiaoGiaoPrivacy Policy
VAT (P.IVA): 02487680973
Registered office: Via dei Servi 35R, Firenze (FI), Italy
Store: Via Lippi e Macia 49/A, 50134 Firenze (FI), Italy
Email: giaogiaomarket@gmail.com · WhatsApp: +39 324 261 3984
This Privacy Policy explains how GiaoGiao Market ("we", "us") collects and processes your personal data when you use our website and loyalty programme, in accordance with the EU General Data Protection Regulation 2016/679 ("GDPR") and Italian Legislative Decree 196/2003 as amended.
1. Data we collect
- Identity & contact: name, email address, phone number (optional, required only if you opt in to WhatsApp order updates).
- Account credentials: a password, stored only in encrypted (hashed) form, and one-time email verification codes.
- Orders: items reserved, pickup date/time, order notes, and order history.
- Loyalty data: points balance, membership tier, coupons and rewards (including mystery-bag and task rewards), and votes you cast.
- Marketing preference: whether you have consented to promotional communications.
- Technical data: IP address, browser type, device and approximate location, and pages viewed (collected only with your consent — see Section 4).
We do not knowingly collect special categories of data (e.g. health, religion). Online card payment is not currently offered; orders are paid in store on pickup, so we do not store card numbers.
2. How we use your data and legal basis
| Purpose | Legal basis (Art. 6 GDPR) |
|---|---|
| Create and manage your account and loyalty programme | Performance of a contract — Art. 6(1)(b) |
| Process reservations/orders and pickup; send order updates by email or WhatsApp | Performance of a contract — Art. 6(1)(b) |
| Verify your email address and prevent fraud/abuse of games and coupons | Legitimate interest — Art. 6(1)(f) |
| Marketing emails and promotions | Consent — Art. 6(1)(a) |
| Website analytics (Google Analytics) | Consent — Art. 6(1)(a) |
| Accounting, tax and legal obligations | Legal obligation — Art. 6(1)(c) |
3. Who we share your data with
We do not sell your personal data. We share it only with service providers acting as data processors on our behalf, and only as needed:
- Hosting: our website and database are hosted on servers in the European Union (Frankfurt region).
- Google Analytics: Google Ireland Ltd., for anonymised website statistics (only with your consent).
- Messaging & email: our email and WhatsApp (Meta) providers, used to send verification codes and order updates.
- Authorities: public authorities where required by law.
If you order through Deliveroo or Glovo, those platforms act as independent data controllers under their own privacy policies.
4. Cookies and analytics
4.1 Essential cookies
We use strictly necessary cookies/local storage to run the site (e.g. session, cart, language and consent preferences). These do not require consent (Art. 122(1), Legislative Decree 196/2003).
4.2 Analytics cookies (Google Analytics 4)
With your explicit consent we use Google Analytics 4 (measurement ID G-XKJ5MWBJZ0) with IP anonymisation enabled. Data may be transferred to the United States under the EU–US Data Privacy Framework. Analytics load only after you accept via the cookie banner; choosing "Essential only" collects no analytics. You can withdraw consent at any time by clearing your browser cookies. See Google's privacy policy.
5. International data transfers
Your data is primarily stored within the European Economic Area. Where a provider transfers data outside the EEA (e.g. Google), the transfer is protected by an adequacy decision and/or Standard Contractual Clauses.
6. How long we keep your data
- Account data: until you delete your account.
- Order/transaction records: 10 years (Italian tax law, Art. 2220 Civil Code).
- Marketing data: until you withdraw consent.
- Technical logs: up to 12 months.
- Analytics: up to 14 months.
7. Your rights
Under Articles 15–22 GDPR you have the right to access, rectify, erase ("right to be forgotten"), restrict and object to processing, to data portability, and to withdraw consent at any time without affecting prior lawful processing. To exercise these rights, email giaogiaomarket@gmail.com; we respond within 30 days.
You also have the right to lodge a complaint with the Italian supervisory authority, the Garante per la Protezione dei Dati Personali — Piazza Venezia 11, 00187 Roma — garanteprivacy.it.
8. Children
The service is intended for users aged 14 or over (Art. 8 GDPR; Italian Legislative Decree 101/2018). Users under 14 require the consent of a parent or legal guardian.
9. Security
We apply appropriate technical and organisational measures, including TLS/SSL encryption in transit, hashed passwords and access controls. No method of transmission or storage is 100% secure, but we review our measures regularly.
10. Changes to this policy
We may update this policy to reflect changes in the law or our practices. Material changes will be announced on the site or by email. The "last updated" date above always reflects the current version.
11. Contact
Fortune Nature S.R.L. — P.IVA 02487680973 — Via dei Servi 35R, Firenze — giaogiaomarket@gmail.com