MammaItalia S.r.l. (VAT no. 03644051207), with registered office at Via Bramante 12, 20154, Milan, as data controller, pursuant to art. 13 of the European Union Regulation (EU) no. 2016/679, General Data Protection Regulation (hereinafter also ‘GDPR’), in accordance with the commitment and care that it dedicates to the protection of your personal data, informs you that your personal data will be processed in the following ways and for the following purposes: 

Subject Matter of the Processing 

The Controller will process personal identification data (e.g., name, surname, company name, address, telephone, email, bank and payment references), hereinafter ‘PERSONAL DATA’ or ‘DATA’, which you provide when placing the order. 

Purpose of Processing

Your personal data is processed for the following purposes:

  • completing the requested order: we use your personal data to receive and process orders, provide products and services, process payments, and communicate with you regarding your orders, products, services, and promotional offers;
  • fulfilling obligations arising from site management: in some cases, we have a legal obligation to collect and process your personal data. For example, we process data for identification purposes and for other purposes related to security and prevention and detection of cybercrimes (e.g., Law 48/08);
  • complying with obligations provided for by law, regulation, EU legislation, or by order of public authorities (including, but not limited to, using your payment data for anti-fraud purposes under Directive 2015/2366, as subsequently amended, on payment services in the European single market);
  • exercising the rights of the Controller, including not only the right to prevent and investigate fraud and abuse in order to protect the safety of our customers, but also, for example, the right to defence in court.

Methods of Processing 

Your data is processed by means of the operations indicated in Art. 4 Para. 2 of the GDPR, namely: the collection, recording, organisation, storage, consultation, processing, alteration, selection, retrieval, alignment, use, combination, blocking, disclosure, erasure, and destruction of data. Your personal data may be subject to both paper and electronic and/or automated processing. The Controller will process personal data for the time necessary to fulfill the above purposes and in any case for no longer than 10 years from the date of the conclusion of the order. 

Data Access 

Your data may be made accessible for the above purposes to:

  • the Controller’s employees and partners;
  • third-party companies or other parties (e.g., credit institutions, professional and legal firms, administrative and payroll service companies, consultants, etc.) who carry out outsourcing activities on behalf of the Controller, in their capacity as external data processors. 

Data Disclosure 

For the purposes set out in this policy, the Controller will disclose your data to third-party companies that will process them, as autonomous Controllers (or the Processors of said Controllers), in order to carry out the online transactions necessary for the conclusion of the order. In particular, MammaItalia uses other companies and natural persons who carry out certain activities on our behalf in order to provide the products made available through the services of For example, product sellers may process product orders, or other third parties may deliver packages, send emails, remove recurring information from customer lists, analyse data, provide marketing assistance, provide search results and links (including ads and paid links), process payments (e.g., Paypal or Stripe), transmit content, calculate credit risks, and provide customer support services. These third-party service providers have access only to personal data that is necessary for performing their activities, and they may not process data received for any other purposes. Furthermore, these third parties are required to process received personal data in accordance with this Privacy Policy and applicable data protection regulations (e.g., European Regulation 2016/679 and Legislative Decree 196/03). 

Data Transfer 

Personal data is stored on servers located within the European Union. Regardless, it is understood that the Controller will, if necessary, have the right to move the servers outside the EU. In this eventuality, the Controller ensures that non-EU data will be transferred in accordance with applicable legal provisions, subject to the stipulation of the standard contractual clauses provided by the European Commission. 

Data Subject Rights

As the data subject, you may exercise your rights under Art. 10 (right of access to data) of GDPR.
Where applicable, you also have the rights set out in Articles 16–22 GDPR (right of rectification, right to be forgotten, right to restriction of processing, right to object, right not to be subject to automated decision-making).
If you wish to exercise your rights, we invite you to contact us at and we will be happy to offer you the support you need. 


You have the right to lodge a complaint with the supervisory authority of your country of residence; if you are a resident of Italy, you can contact the Data Protection Supervisor ( 

Main Menu