Privacy Policy

Introduction

Pursuant to and for the purposes of Regulation (EU) 2016/679, the “General Data Protection Regulation” (“Regulation”), Legislative Decree no. 196/2003 as amended by Legislative Decree no. 101/2018 (“Privacy Code”), as well as any other national and/or EU law or regulation concerning the protection of personal data, Cart-One S.r.l. (“Cart-One” or the “Company”) has drawn up this Privacy Policy in order to inform all users of the website https://www.cart-one.com/ (“Website”) of the purposes and methods by which Cart-One, as data controller (“Controller”), collects and processes personal data (“Data”) obtained during navigation of the Website.

This Privacy Policy is addressed to individuals accessing the Website and to those who communicate with Cart-One via the email addresses listed on the Website (“Users”).

This Privacy Policy applies solely to the Website https://www.cart-one.com/ and does not extend to other websites that Users may access through hyperlinks, which may provide their own specific privacy notices based on the services offered.

The use of social media functionalities on this Website (LinkedIn plug-in) does not result in the automatic acquisition by the Company of the User’s personal data. However, if the User is logged into their personal social network account when activating the plug-in, the social network may associate the visit to our web pages with the User’s account. The data exchanges between the User’s system and the social network and any interactions on that platform are governed exclusively by the data protection policies of the respective social network. Therefore, Users are invited to consult the relevant privacy policies prior to using such plug-ins. The social plug-in remains active until the User deactivates it or deletes the relevant cookies.

Data Controller and Processor 

The Data Controller is Cart-One S.r.l., with registered office at Via del Lavoro, no. 2, Torrile (Parma), phone: +39 0521.317011, fax: +39 0521.317003, email: info@cart-one.com, certified email (PEC): amministrazione@pec.cart-one.com, member of the “Gruppo SADA”.

The Website is managed by the parent company Sada Partecipazioni S.r.l., acting as Data Processor pursuant to Article 28 of the GDPR, with registered office at Via Pacinotti snc, 84098 Pontecagnano Faiano (SA), phone: +39 089 38 666 11, fax: +39 089 38 666 74, email: gruppo.sada@sadaspa.it, PEC: sada.partecipazioni@telecompost.it.
Sada Partecipazioni may also be contacted by phone and fax at +39 081.5747282 and by email at privacy.grupposada@sadaspa.it, PEC: privacy.grupposada@pec.it.

Data Voluntarily Provided by the User and Related Purposes

  • Email: The optional, explicit, and voluntary sending of email messages to the addresses provided on the Website entails the acquisition of the sender’s email address, necessary to respond to the requests, as well as any other personal data included in the message. Such data are processed solely for the purpose and for the time strictly necessary to handle the request.
  • Online Data Collection – “Contact Section”: With regard to data collected directly through the Website by filling out the “Contact” form, the information provided (name, surname, email, phone, VAT number, company, number of items, delivery location), as well as any other data voluntarily included in the message body, will be processed solely for the purpose and for the time necessary to fulfill the request.
  • Offline Data Collection: Should Cart-One collect personal data offline (e.g., paper forms), a privacy notice will be provided at the time of collection in accordance with Article 13 of the Regulation, and consent of the data subject will be obtained where required. This also applies to data collected via downloadable forms from the Website.

Regulation, and consent of the data subject will be obtained where required. This also applies to data collected via downloadable forms from the Website.

Data Disclosure and Dissemination

The management and storage of personal data related to the use of this Website take place on servers operated by a third-party hosting provider, located within the European Union and managed by Flamenetworks S.r.l., headquartered in San Giorgio a Cremano (NA) 80046.

The data processing activities are carried out by technically competent personnel duly appointed and instructed, who are constantly identified and/or authorized, and fully informed of the obligations imposed by the Regulation, the Privacy Code, and other applicable EU and national legislation on data protection. Suitable technical and organizational measures are implemented to ensure data protection and to prevent risks of data loss, destruction, unauthorized access, or processing that is unlawful or incompatible with the purposes stated above. Such technical and organizational measures are continually updated in line with technological developments.

No Data arising from the web service is disseminated by the Controller. Nevertheless, Data may be communicated to companies specifically appointed to perform services on behalf of or in favor of the Controller, operating as independent data controllers, joint controllers, or processors, as appropriate. Furthermore, Data may be disclosed to public authorities such as law enforcement agencies, judicial authorities, security and intelligence bodies, or other public institutions for purposes related to national defense or security, or for the prevention, investigation, or prosecution of crimes, in accordance with legal obligations.

Browsing data 

The IT systems and software procedures used to operate the Website acquire, during normal use, certain data whose transmission is implicit in the use of Internet communication protocols. These are not collected to be associated with identified individuals, but by their very nature could, through processing and association with data held by third parties, allow for the identification of Users.

This data category includes IP addresses or domain names of the computers used by Users connecting to the Website, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the response file, the numerical status code of the server response (e.g., success, error), and other parameters related to the User’s operating system and IT environment.

This data is used solely to obtain anonymous statistical information on the use of the Website and to check its proper functioning, and it is deleted immediately after processing. The data may be used to determine liability in the event of cybercrimes against the Website. Except for this possibility, web contact data is not retained for more than 7 days.

Cookies 

For further information on the installation of cookies by this Website, please read the Cookie Policy.

Data Retention Period

User data will be processed by the Controller only for the period necessary to achieve the purposes for which it was collected. Once this period has elapsed, data will be retained solely in compliance with applicable legal obligations, for administrative purposes, or for the establishment, exercise, or defense of legal claims in the event of judicial or pre-litigation proceedings.

Browsing without registration 

Browsing the Website is free, does not require User registration, and is not subject to tracking with regard to either the origin sites or the visited pages.

Data Subjects’ Rights (Articles 15 et seq. of the Regulation)

As a data subject, the User has the right to:

  • obtain confirmation as to whether or not personal data concerning them exists, even if not yet recorded, and to receive communication of such data in an intelligible form and/or access to it;
  • obtain a copy of their personal data ; 
  • obtain rectification or updating of inaccurate personal data ; 
  • obtain erasure of personal data (right to be forgotten); 
  • obtain restriction of processing;
  • have data blocked where processed unlawfully.

The User also has the right to object, in whole or in part, on legitimate grounds, to the processing of their personal data, even where relevant to the purpose of collection.

Finally, where the User has given consent for the processing of personal data for purposes such as marketing, direct sales, market research, or commercial communication, they may withdraw such consent at any time.

Requests should be addressed to the Data Processor at: Email: privacy.grupposada@sadaspa.it, PEC: privacy.grupposada@pec.it  

Should the User consider that the processing of personal data through the Website infringes the Regulation, they have the right to lodge a complaint with the Data Protection Authority pursuant to Article 77 of the Regulation ([link to Garante’s page]), or to seek judicial remedy under Article 79.

Changes to this Privacy Policy

Without prejudice to the fact that Cart-One does not carry out any processing operations other than those expressly authorized and/or requested by each User, this Privacy Policy may be amended in order to comply with new legislative provisions or changes in Cart-One’s data processing policies.

Any updated version of this Privacy Policy will be made available on the Website in the dedicated section.

Users are therefore encouraged to consult the Website regularly to stay informed of the latest version.

Latest update: 15 July 2025