Shopping from for ( Change) but viewing Olbia
Add your address to see when we can deliver your groceries.
Shopping from for ( Change) but viewing Olbia
Add your address to see when we can deliver your groceries.
On sale
Gifts
Gift card and discounts
Fruit and vegetables
Fresh products
Frozen foods
Bread and pasta
Meat
Fish
Wine beer and spirits
Water and drinks
Sweets
Cupboard
Personal care
Home and outdoors
Pets
Technology
Gluten free
Lactose free
Special
Sardinian products
pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (GDPR) and applicable national provisions on artificial intelligence
Last updated:February 11, 2026
The Data Controller is:
Spesati SRL
Registered office: Corso Vittorio Veneto 15/I, 07026 Olbia (SS), Italy
VAT Number / Tax Code: 02772380909
Email: [email protected]
Phone: +39 070 7968318
In the context of providing the online grocery service and virtual assistant, Spesati collects and processes the following categories of personal data:
a) Identification and contact data:first name, last name, phone number, email address, delivery address, city, and postal code.
b) Order-related data:purchased products, quantities, prices, order history, purchase preferences, delivery notes, preferred delivery time slots.
c) Navigation and interaction data:messages exchanged with the virtual assistant, voice recordings sent by the user via messaging (automatically transcribed and not stored as audio files), images sent for product identification.
d) Data derived from service usage:food preferences inferred from purchase history, information about household composition and consumption habits voluntarily provided by the user during conversations, status of any delivery concessions (age, disability) if voluntarily declared by the user.
e) Technical data:messaging account identifier, date and time of interactions, website browsing data (IP address, browser type, pages visited).
Personal data are processed for the following purposes:
a) Performance of a contract(Art. 6(1)(b) GDPR): management of purchase orders, product delivery, shopping cart management, calculation of delivery costs, application of discounts and promotions, handling complaints and support requests, and communications regarding order status.
b) Legitimate interest of the Controller(Art. 6(1)(f) GDPR): service improvement and personalization of the shopping experience, storage of purchase preferences to facilitate future orders, aggregated and anonymized analysis of service usage, fraud prevention, and service security.
c) Compliance with legal obligations(Art. 6(1)(c) GDPR): tax, accounting, and document retention obligations under Italian and European law, including obligations related to e-commerce (Legislative Decree 70/2003) and consumer protection (Legislative Decree 206/2005).
d) Consent(Art. 6(1)(a) GDPR): where applicable, for sending promotional and direct marketing communications. Consent may be withdrawn at any time without affecting the lawfulness of processing based on consent before its withdrawal.
Spesati uses a virtual assistant based on artificial intelligence technologiesto manage customer interactions via the WhatsApp messaging channel.
Nature of the system:the assistant is an automated system that uses generative artificial intelligence models to understand customer requests, manage the shopping cart, provide product and delivery cost information, and assist in completing orders. The user interacts with an automated system and not a human operator, except where the conversation is transferred to customer support.
Data used by the assistant:the assistant accesses the user's order history, stored purchase preferences, and the updated product catalog to provide personalized service.
Human oversight:the system is subject to continuous human supervision. Spesati operators may intervene at any time during the conversation. Users may request to speak with a human operator at any time.
Automated decisions:the assistant does not make decisions producing legal or similarly significant effects on the user.
Zero data retention for training:conversation data are not used to train or improve third-party artificial intelligence models.
Right to contest:users have the right to contest any operation performed by the virtual assistant.
Personal data may be shared with technology service providers, messaging service providers (Meta Platforms Ireland Ltd.), logistics partners, and competent authorities where required by law.
Any transfers outside the EU are carried out in compliance with Articles 45 and 46 GDPR through adequacy decisions or standard contractual clauses.
Right to lodge a complaint:users have the right to lodge a complaint with the Data Protection Authority (www.garanteprivacy.it).
Providing identification and contact data is necessary for contract performance. Failure to provide such data makes it impossible to complete the order.
Providing additional data is optional and intended solely to improve the service experience.
The Spesati service is intended for adult users. Spesati does not knowingly collect personal data from individuals under 18 years of age.
The website spesati.it uses technical cookies and, subject to consent, analytical and profiling cookies. For more information, please refer to the Cookie Policy.
The Controller reserves the right to modify this Privacy Policy at any time. Changes will be published on the website.
Spesati SRL— Corso Vittorio Veneto 15/I, 07026 Olbia (SS), Italy
VAT No. 02772380909 — [email protected] — +39 070 7968318