This is the register and privacy policy of the Company in accordance with the EU General Data Protection Regulation (GDPR). Prepared on 15 March 2026. Last updated on 15 March 2026.
1. Data Controller
D & G Mirabella Oy / La Pasteria Italiana
Kielotie 15 A, 01300 Vantaa
info@lapasteria.fi
2. Contact person responsible for the register
Giuliana Mirabella
020 735 4650
info@lapasteria.fi
3. Name of the register
The company’s customer register and the user register of the online service.
4. Legal basis and purpose of processing personal data
The legal basis for the processing of personal data under the EU General Data Protection Regulation is:
- the consent of the individual and the customer relationship.
- newsletter subscription
- messages sent from company's website
- ostot Punto e Pastan verkkokaupasta
The purpose of processing personal data is to maintain contact with customers. The data is not used for automated decision-making or profiling.
5. Contents of the Register
The information stored in the register may include: the person’s name, position, company/organization, contact details (phone number, email address, address), website addresses, IP address of the network connection, usernames/profiles on social media services, information about ordered services and changes to them, billing information, and other information related to the customer relationship and ordered services.
IP addresses of website visitors and cookies necessary for the functioning of the service are processed on the basis of legitimate interest, for example to ensure information security and to collect statistical data about website visitors in cases where they may be considered personal data. Consent for third-party cookies will be requested separately when necessary.
6. Regular Sources of Information
Information stored in the register is obtained from the customer, for example through messages sent via website forms, email, telephone, social media services, contracts, customer meetings, and other situations in which the customer provides their information.
Contact details of representatives of companies and other organizations may also be collected from public sources such as websites, directory services, and other companies.
7. Regular Disclosure of Data and Transfer of Data Outside the EU or EEA
Information is not regularly disclosed to other parties. Information may be published to the extent that it has been agreed upon with the customer.
Data is not transferred by the data controller outside the EU or the EEA. Data will not be transferred to the United States without the explicit consent of the data subject.
8. Principles of Register Protection
Care is taken in processing the register, and information processed through information systems is appropriately protected. When register data is stored on Internet servers, the physical and digital security of the hardware is ensured appropriately. The data controller ensures that stored data, server access rights, and other information critical to the security of personal data are handled confidentially and only by employees whose duties require access to such information.
9. Right of Access and Right to Request Correction of Information
Every person in the register has the right to check the information stored about them and to request the correction of any incorrect information or the completion of incomplete information. If a person wishes to check the information stored about them or request corrections, the request must be sent in writing to the data controller. The data controller may request the person making the request to verify their identity if necessary. The data controller will respond to the customer within the time specified by the EU data protection regulation (generally within one month).
10. Other Rights Related to the Processing of Personal Data
A person in the register has the right to request the deletion of personal data concerning them from the register (“the right to be forgotten”). Data subjects also have other rights under the EU General Data Protection Regulation such as the right to restrict the processing of personal data in certain situations. Requests must be sent in writing to the data controller. The data controller may request the person making the request to verify their identity if necessary. The data controller will respond to the customer within the time specified by the EU data protection regulation (generally within one month).
