Skip to content


Your cart is empty

Privacy Policy

Tanfanco (hereinafter "we" or "us") thanks you for visiting our web pages and mobile applications and for your interest in our company and products.

1. Tanfanco respects your privacy

The protection of your privacy in all personal data processing activities and the security of all business data are two key aspects we take into account in our business processes. Personal data collected when visiting our web pages and using our mobile applications are treated confidentially and only in accordance with applicable law. The protection of personal data and information security are fundamental principles of our corporate policies.

2. Data controller

We are the controller of the processing of your personal data, exceptions to which are listed in this policy.

3. Collection, processing and use of personal data

3.1 Categories of data processed

The following categories of data are processed: - Identification and contact data (e.g. name, telephone, e-mail, address, IP address) - Contractual data (e.g. contractual relationships, contractual or product interests) - Customer history - Contractual accounting and payment data - Planning and settlement data - Transaction data - Provision of information (from third parties, e.g. credit institutions or public directories

3.2 Principles

Personal data is information relating to an identified or identifiable natural person, including, for example, names, addresses, telephone numbers, e-mail addresses, contractual data, contractual accounting and payment data, which can be traced back to the identity of a natural person.

We only collect, process and use personal data (including IP addresses) when a legal basis exists or if you have given your consent to the processing or use of personal data in the specific context, e.g. during registration.

3.3 Purpose of processing and legal basis

We, as well as service providers acting on our behalf, process your personal data for the following purposes:

3.3.1 Provision of online services.

Legal basis: our legitimate interest in carrying out direct marketing provided that this is done in accordance with data protection and competition law.

3.3.2 In response to user requests

Legal basis: our legitimate interest in carrying out direct marketing and promotion of our products and services, provided this is done in accordance with data protection and competition law

3.3.3 Resolution of service interruptions, including for security reasons

Legal basis: fulfilment of our legal obligations in order to ensure data security and for the pursuit of our legitimate interest in the resolution of service interruptions, as well as in the protection of our offers.

3.3.4 Self-promotion and promotion by others, market research and analysis carried out to the extent provided for by law or on the basis of consent

Legal basis: consent or pursuit of our legitimate interest in direct marketing in accordance with data protection and competition law.

3.3.5 Conducting prize events or promotions in accordance with the respective terms and conditions of the individual prize events or promotions

Legal basis: fulfilment of contractual obligations.

3.3.6 Safeguarding and defending our rights.

Legal basis: legitimate interest on our part in safeguarding and defending our rights.

3.4 Log files

Whenever you use the Internet, your browser transmits certain information that we store in so-called log files. We store log files to determine service interruptions and for security reasons (e.g. to investigate attempted cyber attacks) for a short time and then delete them. Log files that are to be retained as evidence will not be deleted until the individual incident has been resolved and may, on a case-by-case basis, be passed on to the investigating authorities. The log files are also used for analysis purposes (without the IP address or without the full IP address), see in this respect the form "3.3.4 Self-promotion and promotion by others, market research and analysis carried out within the limits of the law or on the basis of consent)".

In the log files, the following information is saved

- IP address (Internet Protocol address) of the terminal device used to access the online offer;

- Internet address of the website from which the online offer is accessed (so-called source URL or referrer URL);

- Name of the service provider used to access the online offer;

- Name of the files or information displayed;

- Date, time and duration of data retrieval;

- Amount of data transferred;

- Operating system and Internet browser information used, including any installed add-ons (e.g. Flash Player); http status code (e.g. "Request successful" or "Requested file not found").

3.5 Minors

The online offer is not aimed at minors under the age of 16.

3.6 Data transfer

3.6.1 Transfer to third parties

Generally, we only transfer your personal data to other data controllers if it is necessary for the purpose of fulfilling a contractual obligation, or if we ourselves or a third party have a legitimate interest in the transfer of the data, or if you have given your consent. Information on the legal basis and the recipients or categories of recipients can be found in section 3.3 - Purpose of processing and legal basis.

In addition, data may be transferred to other data controllers when we are obliged to do so in fulfilment of legal obligations or orders from administrative or judicial authorities.

3.6.2 Service providers

We use external service providers who perform activities for us such as sales and marketing services, contract management, payment management, scheduling, data hosting and hotline services. We have carefully selected these service providers and monitor them regularly, particularly with regard to the proper handling and protection of the personal data they process. All service providers are obliged to maintain confidentiality and comply with the legal provisions. Service providers may also be other group companies.

3.6.3 Transfer to recipients outside the European Economic Area (EEA)

We may transfer personal data to recipients located outside the EEA, in so-called third countries.

In such cases, before making the transfer, we will ensure that the recipient of the data can guarantee an adequate level of data protection or that you have consented to the transfer.

You have the right to receive a list of recipients in third countries and a copy of agreed security measures which guarantee an adequate level of data protection. For this purpose, please use the text in section 15: Contacts.

3.7 Duration of storage, retention periods

Generally, we retain your data for as long as necessary for the provision of our online and related services, or as long as we have a legitimate interest in retaining the data (e.g. we may still have a legitimate interest in sending marketing communications even after we have fulfilled our contractual obligations). In all other cases we delete your personal data, with the exception of data that we are obliged to retain for the fulfilment of legal obligations (e.g. due to retention periods imposed by tax or commercial law, we are obliged to retain documentation, such as contracts and invoices, for a certain period of time).

4. Use of Cookies

In the context of our online service, cookies and other tracking technologies may be used. Cookies are small text files that can be stored on your device when you visit our online service.

Tracking is possible using various technologies. In particular, we process information using pixel technology and/or by analysing log files.

4.1 Categories

We distinguish between cookies that are necessary for the technical functionality of the online service and cookies or tracking technologies that are not strictly necessary for the operation of the online service.

In general, it is possible to use the online service without cookies that serve non-technical purposes.

4.1.1 Necessary technical session cookies

By technical cookies we mean cookies without which the technical operation of the online service cannot be guaranteed. These include, for example, cookies that store data to enable the smooth playback of videos or audio. Such cookies will be deleted when you leave the site.

4.1.2 Profiling cookies and tracking technologies


By using profiling cookies and tracking technologies, we and our partners are able to show you offers based on your interests, based on an analysis of your online behaviour:

- Statistics: Using statistical tools, we measure e.g. the number of your page views.

- Conversion monitoring: Our conversion monitoring partners place a cookie on your computer ("conversion cookie") if you access our website via an advertisement of the respective partner. These cookies are normally no longer valid after 30 days. If you visit certain pages of our website and the cookie has not yet expired, we and the respective conversion partner can recognise that a certain user clicked on the ad and was therefore redirected to our website. The information obtained via the conversion cookie is used to compile conversion statistics and to record the total number of users who clicked on the respective advertisement and were redirected to a website via a conversion tracking tag.

- Social Plugins: Some pages of our online service include content and services from other providers (e.g. Facebook, Twitter) which may also use cookies and active forms. For more details on social plugins, please refer to the section on social plugins.

- Retargeting: These tools, also known as tools, create user profiles using advertising cookies or third-party advertising cookies, known as 'web beacons' (invisible graphics that are also called pixels or tracking pixels) or comparable technologies. These are used for interest-based advertising and to control the frequency with which the user views certain advertisements. The respective provider is the data controller in relation to the tool. The tool providers may also disclose information to third parties for the above purposes. Please consult the privacy policy of the provider of the individual tool.

Please note that the use of the Tools may include the transfer of data to recipients outside the EEA, where there may not be an adequate level of data protection under the GDPR (e.g. the United States). Please refer to the following description of the individual marketing tools for more details.

Name: Google Analytics
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Function: Analysis of user behaviour (page retrievals, number of visitors and visits, downloads), creation of pseudonymous user profiles based on cross-device information of logged-in Google users (cross-device tracking), enrichment of pseudonymous user data with target group-specific information provided by Google, retargeting, UX testing, conversion monitoring and retargeting in conjunction with Google Ads.
Name: Google Optimize Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland Function: The cookie can analyse how users behaved on a cross-site basis, UX testing
Name: Google Tag Manager
Supplier: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Function: Administration of website tags via a user interface, integration of program codes on our websites
Name: Google Ads
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Function: placement of advertisements, remarketing, conversion tracking. Further information is available at:
4.2 Managing cookies and tracking technologies

You can manage your cookie and tracking technology settings in your browser and/or in our privacy settings.

Note: the settings you choose relate only to the browser used in each case.

4.2.1 Deactivating all cookies

If you wish to deactivate all cookies, please deactivate cookies in your browser settings. Please note, however, that this may affect the functionality of the website.

4.2.2 Managing settings for cookies and unnecessary tracking mechanisms

When you visit our websites, you will be asked in a specific banner to give your consent to the use of convenience cookies, profiling cookies or tracking mechanisms respectively. In our privacy settings, you can revoke your consent for the future or give your consent at a later date.

5. Google

5.1 Google Maps

This page uses the Google Maps service via API. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. For the use of the Google Maps function it is necessary to store your IP address. This information is transmitted and stored on a server of Google LLC in the USA. The provider of this page has no influence on the transmission of this data. The use of Google Maps is done in line with our interest in presenting our online services in a more attractive way and to facilitate the location of the places listed within the site. This processing is done on the basis of our legitimate interest within the meaning of Article 6 paragraph 1 letter f of the GDPR. For more information on the processing of user data, please read Google's privacy policy available here:

5.2 Google reCAPTCHA

In some cases, we use Google LLC's reCAPTCHA service to ensure an adequate level of security for data entered in contact forms. This service makes it possible to discriminate between data entered by a natural person and data entered for fraudulent purposes by a computer/automated system. This processing is carried out on the basis of our legitimate interest within the meaning of Article 6 paragraph 1 letter f of the GDPR. The service includes sending the IP address and other data that may be required for reCAPTCHA to Google. For these purposes, the different data protection regulations of Google LLC apply. Further information on the privacy policy of Google LLC can be found here:

5.3 Google web fonts

This website uses web fonts provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland for the uniform presentation of fonts. When you access a page, your browser loads the web fonts into the cache in order to present the fonts and texts correctly. For this purpose, the browser you are using must necessarily connect to Google's servers. This process ensures that Google is informed that our website has been visited by your IP address. The use of Google web fonts is done in order to provide a uniform and clear presentation of our online offers. This processing is carried out on the basis of our legitimate interest within the meaning of Article 6 paragraph 1 letter f GDPR. Your computer will use the standard fonts in case your browser does not support web fonts.

6. Microsoft Azure content distribution network

In order to optimize website loading times, we use services called Content Delivery Network (CDN), provided by Microsoft's public cloud, Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA.

The use of the CDN services represents an overriding legitimate interest within the meaning of Article 6 section 1 let. f of the GDPR.

As part of this process, personal data is transmitted to the United States of America. The transmission is based on the European standard contractual clauses in which Microsoft guarantees the compliance of the services provided with European data protection law.

More information about Microsoft's privacy policy can be found here:

7. Social plugins

We use so-called social plugins from various social networks in our online services. These are described individually in this section. When using plugins, the Internet browser creates a direct connection to the server of the respective social network. From there, the respective provider receives the information accessed by the Internet browser from the respective site of our online services - even if you do not have a user account with this provider or are not currently logged into your account. Log files (including your IP address) are, in this case, transmitted directly from your Internet browser to a server of the respective provider and may be stored there. The provider or its server may be located outside the EU or the EEA (e.g. in the USA). Plugins are extensions of social network providers. For this reason, we are unable to influence the scope of the data collected and stored by them. The purpose and scope of the collection, processing and ongoing use of data by the social network as well as your rights and settings for protecting your privacy can be found in the social network's relevant data protection notices.

7.1 Social plug-in with double click

By using the so-called "two click solution" (provided by Heise Medien GmbH & Co. KG), we prevent your visit to our web pages from being logged and processed by social network providers by default. When you use one of our Internet pages that contains such plugins, these are initially deactivated. Only by clicking on the respective button are the plugins activated.

7.2 Facebook plugins

Facebook is operated under by Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, and under by Facebook Ireland Limited, Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland ("Facebook"). Further information on Facebook plugins and their function can be found here:; information on data protection on Facebook can be found here:

7.3 Instagram plugins

Instagram is operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA ("Instagram"). "). Further information on Instagram plugins and their operation can be found at:; information on data protection on Instagram can be found at:

7.4 LinkedIn plugins

LinkedIn is operated by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA ('LinkedIn'). Find out more about LinkedIn plugins and how they work here: Information on data protection on LinkedIn can be found here:

8. YouTube

Our online services use the video platform of YouTube, LLC, 901 Cherry Ave. San Bruno, CA 94066, USA ("YouTube"). YouTube is a platform for playing audio and video files. When you access one of our online services that contains a YouTube player, the YouTube player creates a connection with YouTube, so that the video or audio file can be transmitted and played. In this way, the data is transferred to YouTube, which acts as the data controller. We will not be responsible for the processing of such data by YouTube. Further information on the scope and purpose of the processing of the collected data, further processing and treatment of the data by YouTube, your rights and privacy settings can be found in YouTube's data protection policy.

9. External links

Our online services may contain links to third-party websites - from providers who are not connected to us. If you click on the link, we will have no influence on the collection, processing and use of any personal data that you transmit by clicking on the link to third parties (such as the IP address or the URL of the site on which the link is located) as the operations carried out by these third parties are beyond our control. We do not accept responsibility for the processing of personal data by third parties.

10. Security

Our employees and the companies that provide services on our behalf are obliged to maintain confidentiality and comply with the applicable data protection laws. We implement all necessary technical and organisational measures to ensure an adequate level of security and to protect the data we process, in particular against the risks of destruction, manipulation, loss, unintentional or unlawful modification, or unauthorised disclosure or access. Our security measures are, in accordance with technological progress, constantly being improved.

11. Rights of the data subject

To assert your rights, please use the details provided in the Contact section. Please ensure that it is possible to uniquely identify you.

11.1 Right of information and access

You have the right to obtain confirmation from us, regarding the processing of your personal data and to access your personal data.

11.2 Right of rectification and erasure:

The data subject has the right to obtain the rectification or completion of inaccurate personal data or the deletion of their data, in accordance with legal requirements.

This does not apply to data that is required for billing or accounting purposes or that is subject to a statutory retention period. If access to such data is not required, however, processing is restricted (see below).

11.3 Limitation of processing:

The data subject has the right to request - to the extent permitted by law - the restriction of the processing of their data.

11.4 Data portability:

You have the right to receive the data you have provided us with in a structured, commonly used and machine-readable format or - if technically feasible - to request that such data be transferred to another Data Controller.

12. Right to complain to the competent supervisory authority

You have the right to lodge a complaint with the competent supervisory authority for your place of residence or with the supervisory authority responsible for our company. This is: Garante per la Protezione dei Dati Personali Piazza di Monte Citorio n. 121 I - 00186 Roma Telephone: + 39 06 69 677.1 Telefax: + 39 06 69 677.785

E-Mail: Homepage:

13. Changes to the data protection declaration

We reserve the right to change our security measures and policies regarding the processing of personal data. In such cases, we will amend our privacy policy. Therefore, please pay attention to the updated version of the privacy policy.

14. Contact

If you need any communication regarding the processing of your personal data, you may contact the Data Protection Officer (DPO) at the following address:

Specifying the request in the subject line. We thank you for your cooperation.

Effective from 26.04.2022