search
Legal & Compliance

Privacy & Cookie Policy

Last Updated: May 22, 2026

01. Who We Are (Data Controller)

Welcome to Sardinista (accessible via our website, hereinafter "the Service"). We are committed to protecting your privacy and ensuring your personal data is handled securely and transparently in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Data Control Information:

If you have any questions about this Privacy Policy or how we handle your data, please reach out to us at the contact email above.

02. Personal Data We Process

We only collect personal data that is strictly necessary to provide you with the Service, maintain system security, or analyze platform performance with your consent.

A. Data You Provide Voluntarily

When you create an account, log in, or interact with the platform, we collect:

  • Authentication Details: Your email address, unique user identifier (UID), and authentication tokens (managed securely via Google Firebase Auth).
  • Curator Profile: Your display name, profile picture (avatar), and bio (if provided).
  • User-Generated Content: Tins added to your Cellar, organoleptic ratings, review text, tags, uploaded tin photos, and translations requested.

B. Data Collected Automatically

To ensure the stability and security of our system, our servers automatically collect:

  • Technical Logs: IP address, browser type, operating system, landing pages, and timestamps.
  • Cookies & Local Storage: Technical identifiers to keep you logged in and support system mechanics.

03. Legal Grounds & Purposes of Processing

Under GDPR, we process your data under the following legal bases:

  1. Performance of a Contract (Art. 6(1)(b) GDPR): Required to provide our core services (e.g., maintaining your personal Cellar, registering your account, and publishing your reviews on tins).
  2. Consent (Art. 6(1)(a) GDPR): Used for non-essential cookies and tracking (e.g., Google Analytics GA4). You can accept or deny this at any time via the Cookie Consent Banner or your profile settings.
  3. Legitimate Interest (Art. 6(1)(f) GDPR): Processing required for maintaining application security, defending against spam, and improving platform stability.

04. Data Sharing & Third Parties

We do not sell, rent, or trade your personal data. We only share your data with trusted service providers who process it on our behalf under strict data processing agreements:

  • Google Firebase (Google Cloud Platform): For cloud hosting, Firestore database storage, user authentication, and secure Cloud Functions.
  • Google Analytics (GA4): For statistical traffic analysis (only if consent is explicitly granted).

Note: Since Google servers may be located outside the European Economic Area (EEA), standard contractual clauses (SCCs) are in place to ensure a level of data protection equivalent to GDPR.

05. Cookie & Storage Disclosure

We use cookies and browser local storage to operate the website. They are classified as follows:

  • Essential System Storage: Cookies and local storage keys necessary to keep you authenticated, secure your connection, and maintain your session state. These are required for the basic operation of the Platform.
  • Functional Preferences: Storage keys that remember your custom preference settings, such as your choice regarding cookie consent and your preference for sidebar collapsing. These do not track you across other websites.
  • Analytical & Statistical Cookies: Tracking services used to measure traffic, page views, and navigation flows. These help us understand how to improve the platform and are completely disabled by default unless you explicitly choose to consent to them.

06. Your Rights Under GDPR

As an EU-based visitor, you possess extensive rights regarding your data:

  • Right of Access: You can request a copy of the personal data we hold about you.
  • Right to Rectification: You can update or correct inaccurate data in your profile settings.
  • Right to Erasure ("Right to be Forgotten"): You can request the deletion of your account and all associated reviews and cellar records.
  • Right to Restrict Processing: You can ask us to pause processing your data in certain scenarios.
  • Right to Portability: You can request your structured data in a machine-readable format.
  • Right to Withdraw Consent: You can withdraw your consent for statistical cookies at any time.

To exercise any of these rights, please email us at [email protected]. We will respond to your request within 30 days.

You also have the right to lodge a complaint with a supervisory data protection authority in your jurisdiction or EU member state if you believe that our processing of your personal data violates applicable laws.

07. Security of Your Data

We implement appropriate technical and organizational measures (such as SSL encryption, Firestore security rules, and secure Firebase service accounts) to protect your data against unauthorized access, loss, or alteration.

08. Changes to this Policy

We may update this Privacy Policy from time to time. When changes are made, we will update the "Last Updated" date at the top of this page. We encourage you to review this page periodically to stay informed about how we are protecting your information.

⚓ Back to the Catalog