Privacy and Cookie Policy

Last updated: 12 February 2026

Scope of Application

This unified policy is applicable to the following canine-focused websites:

The policy is also applicable to the following agricultural websites:

The websites listed above are hereafter referred to collectively as "the Site".

Data Controller

The Data Controller is:
Bianca Madalina Crismaru
Business Premises: Località Vassano, 13 – 00060 Sant'Oreste (RM) – Italy
VAT Number: 03329300606

Email for the exercise of privacy rights: privacy@pomerania.it

Types of Data Processed

The Site collects and processes the following categories of data.

1. Data provided voluntarily by the user

This refers to personal data sent spontaneously by the user through direct contact, for example:

  • Email messages;
  • Social media chats on Facebook (including Messenger), Instagram, and TikTok;
  • Messages sent via WhatsApp and Telegram;
  • Telephone communications or SMS.

The processed data may include: name, telephone number, email address, and any other information provided by the user within the message body.

2. Browsing Data

In addition to data provided voluntarily, the computer systems responsible for the Site's operation acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols.

This information is not collected to be associated with identified data subjects, but by its very nature, through processing and association with data held by third parties, it could allow users to be identified (e.g., IP addresses, computer domain names used, request timestamps).

This data is used solely to ensure the correct functioning and security of the Site.

Purposes and Legal Basis for Processing

Personal data collected is processed for the following purposes:

  • Responding to requests and providing services
    To follow up on user requests (e.g., quotes, information) and for the fulfillment of contractual and pre-contractual obligations.
    • Legal Basis: Performance of a contract or pre-contractual measures (Art. 6, para. 1, letter b GDPR).
  • Fulfillment of legal obligations
    For the management of fiscal, accounting, and administrative obligations.
    • Legal Basis: Legal obligation (Art. 6, para. 1, letter c GDPR).
  • Ensuring Site functionality and security
    To protect the websites from cyber incidents (e.g., spam, DDoS attacks, malware distribution). This processing is based on the analysis of browsing data (e.g., IP addresses).
    • Legal Basis: Legitimate interest of the Controller (Art. 6, para. 1, letter f GDPR). A balancing test has been conducted, concluding that the Controller's interest in maintaining secure systems does not override the fundamental rights and freedoms of users, given that processing is limited to what is strictly necessary.
  • Sending commercial communications (Marketing)
    To inform regarding new services, offers, or events.
    • Legal Basis: 1. Explicit consent (Art. 6, para. 1, letter a GDPR) for new contacts or prospects. 2. Legitimate Interest (so-called "Soft Spam", pursuant to Art. 130 para. 4 of Legislative Decree 196/2003) limited to email communications towards clients who have already used a service, concerning services similar to those purchased. The user always maintains the right to object to such mailings.

Methods and Location of Processing

Data is processed using electronic tools and protected within the European Community.

Security measures include:

  • Local clients are constantly updated and equipped with biometric authentication and secure passwords (entropy level exceeding 128 bits).
  • Internet connections are protected by updated firewall, antivirus, anti-malware, and anti-spyware software.
  • Data is never shared with third parties not mentioned in this policy and is used exclusively internally.

Technical Infrastructure

The technical infrastructure providing the hosting is entirely located within the European Community. Primary services are guaranteed by BunnyWay d.o.o. (Ljubljana, Slovenia) at the Frankfurt am Main data centre in Germany. Ancillary services are provided by OVH S.r.l. (Milan, Italy) at the Gravelines data centre in France.

Main electronic mail servers are managed within the European Community by QBoxMail S.r.l. (Prato, Italy), acting as a data processor ensuring data localisation in the EU.

For certain communications or as an ancillary work tool, Google email services (Gmail / Google Workspace) may also be used. In this case, Google acts as an additional data processor. Although Google maintains data centres in Europe, the global nature of the service implies that data may be transferred outside the European Economic Area (EEA), specifically to the United States. Transfers to Google LLC (USA) are legitimized by adherence to the EU-U.S. Data Privacy Framework, which ensures an adequate level of protection.

Third-Party Platforms

  • Google Maps (Widget): The Site integrates interactive maps provided by Google. To protect user privacy, the map is disabled by default and replaced by a static element. No data is sent to Google until the user clicks the activation button ("Load Map"). By performing this action, the user consents to the loading of Google Maps APIs and the transfer of their browsing data (including IP address) to Google Ireland Limited / Google LLC.
  • Telegram: Managed by Telegram FZ-LLC (United Arab Emirates). Data transfer is legitimized by the adoption of Standard Contractual Clauses (SCC).
  • WhatsApp, Facebook, Instagram: Platforms managed by Meta Platforms Ireland Ltd. Data transfer to the parent company in the United States (Meta Platforms Inc.) is legitimized by adherence to the EU-U.S. Data Privacy Framework or Standard Contractual Clauses.
    • Note on Joint Controllership: Limited to statistics services for Facebook Pages and Instagram profiles ("Page Insights"), the Controller and Meta Platforms Ireland Ltd operate under a Joint Controllership regime pursuant to Art. 26 GDPR. The joint controllership agreement is available for consultation in Meta's Controller Addendum.
  • TikTok: Managed in Europe by TikTok Technology Limited. Transfer to non-EU servers is covered by Standard Contractual Clauses (SCC).

Data Breach Management

In the event of a personal data breach posing a risk to the rights and freedoms of individuals, the Controller will notify the Data Protection Authority (Garante Privacy) within 72 hours and, if the risk is high, will also communicate the occurrence to the data subjects.

Retention Periods

Data is stored for the following periods:

  • 12 months for marketing purposes and initial contact management, unless consent is withdrawn earlier or an objection is raised.
  • 10 years for fiscal and administrative purposes (retention of invoices and contractual correspondence), as required by Italian law.

Data Subject Rights

The user may at any time exercise the rights provided by the GDPR (Articles 15-22) by contacting the Controller at the email address privacy@pomerania.it.

In summary, the user has the right to:

  • Access their data and request a copy;
  • Rectify inaccurate or incomplete data;
  • Erase data (right to be forgotten) if no longer necessary or if processed unlawfully;
  • Restrict processing under certain circumstances;
  • Receive data in a structured format (portability);
  • Object to processing based on legitimate interest or for marketing purposes;
  • Withdraw consent at any time.

The user also has the right to lodge a complaint with the Garante per la Protezione dei Dati Personali (www.gpdp.it).

Cookie Usage

The Site does not use proprietary profiling cookies, nor analytical tracking tools (such as Google Analytics or Facebook Pixel) that activate automatically.

Typically, only technical cookies are used, which are necessary for the Site's correct functioning. However, should the user choose to voluntarily activate content embedded from external platforms (e.g., Google Maps), such third parties may install profiling or statistical cookies, for which consent is considered granted through the explicit action of activating the content.

Cookie Management

For technical cookies, prior consent is not required (cookie banner). For third-party content (such as maps), preventive blocking ensures that no cookies are installed without the user's positive action.

The user can nonetheless disable cookies through their browser settings, although this may compromise navigation.

Policy Amendments

The Controller reserves the right to update this document. Changes will be published on this page with the updated date.