Pursuant to art. 13 of EU Regulation 2016/679 (GDPR), we inform you of the processing of personal data of users of this website.

Data Controller

The Data Controller is ROR BEER SRL, with registered office in via del Lavoro 68, 40033 Casalecchio di Reno (BO), info@rorbeer.com, tax code and VAT number 0510224580. The expressions “we”, “us” or “our” refer to ROR BEER SRL, while “you”, “your” or “yourself” refers to each user of the website.

Personal data collected and purposes of processing

We collect the following categories of personal data for the purposes indicated:

- Name, email address, shipping address: to provide information and to conclude and execute the purchase contract (legal basis: execution of the contract or pre-contractual measures)

- Payment data: to process payments for orders (legal basis: performance of the contract)

- Connection data: for security and abuse prevention purposes (legal basis: legal obligation)

- Age profiling data: to not sell alcohol to minors (legal basis: legal obligation)

- Marketing profiling data: for site/campaign performance analysis, without legal effects (legal basis: consent).

Further information regarding the data collected during navigation on the site is available in the cookie policy.

Data recipients

The data may be shared with:

- E-commerce, newsletter, analytics service providers

- Technical, accounting and legal consultants

- Public authorities in cases provided by law.

Transfers outside the EU

Some data may be transferred abroad. In particular:

- For e-commerce services, data is shared with Shopify, which is based in Canada, an adequate country by decision of the EU Commission.

- For analytics services, data is shared with Google Inc., which is based in the USA, with a guarantee of adequacy given according to the (Data Privacy Framework).

Adherence to the DPF can be verified at https://www.dataprivacyframework.gov/list

Retention period

- Pre-contractual and contractual data: 10 years (except for disputes)

- Marketing data: 2 years

- Security data: 30 days (unless further investigation or communication to the competent authorities is required).

Rights of interested parties

Users may exercise at any time the rights of access, rectification, cancellation, limitation, portability, opposition and all other rights provided by the GDPR, by contacting us at the addresses indicated above and using, if they deem it appropriate, the form available at https://www.garanteprivacy.it/garante/document?ID=9038275. In the event of an unsatisfactory response, they also have the right to lodge a complaint with the competent Guarantor Authority (Personal Data Protection Authority) using, if they deem it appropriate, the form available at https://www.garanteprivacy.it/garante/document?ID=9041366.

Security measures

We adopt adequate security measures to protect data, including: encryption of personal data, access control, firewalls, backups, periodic audits, staff training.

Third Party Resources

Some third-party links on this site may direct you to other parties' websites, such as those that operate social media platforms like Facebook or Instagram. We are not responsible for examining or evaluating the content or accuracy of these and we assume no liability or responsibility for any third-party websites, materials, or products or services, or for any damage or harm.

We encourage you to carefully review the third-party's policies and practices before engaging in any transaction. Complaints, claims, or questions regarding third-party services and materials should be directed to the third-party.

Policy Changes

This information may be subject to change. Any update will be promptly communicated to users and published with the date of last update.

Last updated: October 16, 2024