Privacy & Cookies

Privacy Policy pursuant to Article 13 of Regulation (EU) No 679/2016 ("GDPR").


The domain owner safeguards the confidentiality of personal data and guarantees them the necessary protection from any event that may put them at risk of violation.

As provided for in the European Union Regulation No. 679/2016 ("GDPR"), and in particular in art. 13, below we provide the user ("Data Subject") with the information required by the legislation regarding the processing of their personal data.

SECTION I

Who we are and what data we process (art. 13, paragraph 1 letter. a, art. 15, letter. b GDPR)

The owner of the domain indicated at the bottom of the page, in the person of its legal representative and owner, operates as the owner of the processing of personal data and can be contacted at the email address indicated at the bottom of the page and collects and/or receives information concerning the Data Subject, such as:

Personal data: name, surname, physical address, nationality, province and municipality of residence, fixed and/or mobile telephone, fax, fiscal code, VAT number, e-mail address/s

Banking data: IBAN and bank/postal data (except for the credit card number)

Data of telematic traffic: Log, IP address of origin.

-----

The owner of the domain does not require the data subject to provide so-called "special" data, or, in accordance with the GDPR (art. 9), personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data concerning health or sex life or sexual orientation of the person.

In the event that the service required to the owner of the domain required the processing of such data, the person concerned will receive prior information and will be required to give him consent.

At any time you can request information about their data to the contacts indicated.

SECTION II

For what purposes we need the data subject's data (art. 13, 1st paragraph GDPR)

The data are used by the Owner to follow up on the request for registration and the contract for the provision of the chosen Service, manage and execute the contact requests forwarded by the interested party, provide assistance, comply with legal and regulatory obligations to which the Owner is bound by the activity exercised. In no case the owner of the domain resells personal data to third parties or use them for purposes not stated.

In particular, the data will be processed for:

a) the registry and requests for contact and / or information material.

The processing of the personal data of the interested party takes place in order to carry out the preliminary and subsequent activities to the request for registration, the management of requests for information and contact and / or sending information material, and for the fulfillment of any other obligation.

The legal basis of these treatments is the fulfillment of services inherent to the request for registration, information and contact and / or sending information material and compliance with legal obligations.

b) management of the contractual relationship

The processing of the personal data of the interested party takes place in order to carry out the activities preliminary and consequent to the purchase of a Service, the management of the relative order, the provision of the Service itself, the relative invoicing and the management of the payment, the treatment of complaints and/or reports to the assistance service and the provision of the assistance itself, the prevention of fraud as well as the fulfillment of any other obligation arising from the contract.

The legal basis for such processing is the fulfilment of the services inherent to the contractual relationship and the compliance with legal obligations.

c) promotional activities on Services similar to those purchased by the Data Subject (Recital 47 GDPR)

The data controller, even without your explicit consent, may use the contact data communicated by the Data Subject, for the purpose of direct sales of its own Services, limited to the case in which they are Services similar to those subject to the sale, unless the Data Subject explicitly objects.

The legal basis of such processing is the consent given by the interested party prior to the processing itself, which can be revoked by the interested party freely and at any time (see Section III).

d) computer security

The Data Controller, in line with the provisions of Recital 49 of the GDPR, processes, also by means of its suppliers (third parties and/or recipients), the personal data of the Data Subject related to traffic to the extent strictly necessary and proportionate to ensure network and information security, i.e. the ability of a network or an information system to resist, at a given level of security, unforeseen events or unlawful or malicious acts that compromise the availability, authenticity, integrity and confidentiality of the personal data stored or transmitted.

The Data Controller will promptly inform Data Subjects if there is a particular risk of a breach of their data without prejudice to the obligations arising from the provisions of Article 33 of the GDPR relating to personal data breach notifications.

Legal basis for such treatment is the compliance with legal obligations and the legitimate interest of the owner to carry out treatments inherent in the protection of corporate assets and security of the offices and systems of the domain owner and its suppliers.

e) The owner of the domain does not implement any kind of profiling based on data acquired and stored

f) the prevention of fraud (recital 47 and art. 22 GDPR)

the personal data of the data subject, excluding special data (Art 9 GDPR) or judicial data (Art 10 GDPR) will be processed to allow checks for the purpose of monitoring and prevention of fraudulent payments, by software systems that perform a check in an automated manner and prior to the negotiation of Services;

The negative outcome of these checks will make it impossible to carry out the transaction, the person concerned may in any case express their opinion, obtain an explanation or challenge the decision by explaining their reasons directly with the owner of the domain via the email indicated at the bottom of the page


personal data collected for anti-fraud purposes only, unlike the data necessary for the proper execution of the service required, will be immediately deleted at the end of the control phases.

g) protection of minors

The Services/Products offered by the Owner are reserved for subjects legally able, on the basis of national legislation of reference, to conclude contractual obligations.

The owner of the domain, in order to prevent illegitimate access to its services, implements preventive measures to protect its legitimate interest, such as the control of the tax code and / or other checks, when necessary for specific Services / Products, the correctness of the identification data of identity documents issued by the competent authorities.

e)Communication to third parties and categories of recipients (art. 13, 1st paragraph GDPR)

Third party suppliers: Provision of services (assistance, maintenance, delivery/delivery of products, provision of additional services, suppliers of electronic communication networks and services) related to the service requested

Credit and digital payment institutions, banking/postal institutions: Management of collections, payments, reimbursements related to the contractual performance

External professionals/consultants and consulting firms: Fulfilment of legal obligations, exercise of rights, protection of contractual rights, credit recovery

Financial Administration, Public Bodies, Judicial Authorities, Supervisory and Control Authorities: Fulfilment of legal obligations, defence of rights; lists and registers kept by public Authorities or similar bodies on the basis of specific regulations, in relation to contractual performance

Subjects formally delegated or having legal title recognized: Legal representatives, curators, guardians, etc..

The owner of the domain imposes on third party suppliers and data processors compliance with security measures equal to those taken against the person concerned, restricting the scope of action of the Manager to treatments related to the service required.

The owner of the domain does not transfer your personal data in countries where the GDPR is not applied (non-EU countries) unless specifically indicated otherwise for which you will be informed in advance and if necessary we will ask for your consent.

Legal basis for such processing is the performance of services inherent in the relationship established, compliance with legal obligations and the legitimate interest of the domain owner to carry out processing necessary for such purposes.

Translated with www.DeepL.com/Translator (free version)The Data Controller, in line with the provisions of Recital 49 of the GDPR, processes, also by means of its suppliers (third parties and/or recipients), the personal data of the Data Subject related to traffic to the extent strictly necessary and proportionate to ensure network and information security, i.e. the ability of a network or an information system to resist, at a given level of security, unforeseen events or unlawful or malicious acts that compromise the availability, authenticity, integrity and confidentiality of the personal data stored or transmitted.

The Data Controller will promptly inform Data Subjects if there is a particular risk of a breach of their data without prejudice to the obligations arising from the provisions of Article 33 of the GDPR relating to personal data breach notifications.

Legal basis for such treatment is the compliance with legal obligations and the legitimate interest of the owner to carry out treatments inherent in the protection of corporate assets and security of the offices and systems of the domain owner and its suppliers.

e) The owner of the domain does not implement any kind of profiling based on data acquired and stored

f) the prevention of fraud (recital 47 and art. 22 GDPR)

the personal data of the data subject, excluding special data (Art 9 GDPR) or judicial data (Art 10 GDPR) will be processed to allow checks for the purpose of monitoring and prevention of fraudulent payments, by software systems that perform a check in an automated manner and prior to the negotiation of Services;

The negative outcome of these checks will make it impossible to carry out the transaction, the person concerned may in any case express their opinion, obtain an explanation or challenge the decision by explaining their reasons directly with the owner of the domain via the email indicated at the bottom of the page


personal data collected for anti-fraud purposes only, unlike the data necessary for the proper execution of the service required, will be immediately deleted at the end of the control phases.

g) protection of minors

The Services/Products offered by the Owner are reserved for subjects legally able, on the basis of national legislation of reference, to conclude contractual obligations.

The owner of the domain, in order to prevent illegitimate access to its services, implements preventive measures to protect its legitimate interest, such as the control of the tax code and / or other checks, when necessary for specific Services / Products, the correctness of the identification data of identity documents issued by the competent authorities.

e)Communication to third parties and categories of recipients (art. 13, 1st paragraph GDPR)

Third party suppliers: Provision of services (assistance, maintenance, delivery/delivery of products, provision of additional services, suppliers of electronic communication networks and services) related to the service requested

Credit and digital payment institutions, banking/postal institutions: Management of collections, payments, reimbursements related to the contractual performance

External professionals/consultants and consulting firms: Fulfilment of legal obligations, exercise of rights, protection of contractual rights, credit recovery

Financial Administration, Public Bodies, Judicial Authorities, Supervisory and Control Authorities: Fulfilment of legal obligations, defence of rights; lists and registers kept by public Authorities or similar bodies on the basis of specific regulations, in relation to contractual performance

Subjects formally delegated or having legal title recognized: Legal representatives, curators, guardians, etc..

The owner of the domain imposes on third party suppliers and data processors compliance with security measures equal to those taken against the person concerned, restricting the scope of action of the Manager to treatments related to the service required.

The owner of the domain does not transfer your personal data in countries where the GDPR is not applied (non-EU countries) unless specifically indicated otherwise for which you will be informed in advance and if necessary we will ask for your consent.

Legal basis for such processing is the performance of services inherent in the relationship established, compliance with legal obligations and the legitimate interest of the domain owner to carry out processing necessary for such purposes.

SECTION III
What happens if the Data Subject does not provide his/her data identified as necessary for the performance of the requested service? (Art. 13, 2nd paragraph, letter e GDPR)

The collection and processing of personal data is necessary to carry out the services requested as well as the provision of the Service and/or the supply of the Product requested.

If the interested party does not provide personal data expressly provided as necessary in the order form or registration form, the owner of the domain will not be able to follow up on treatments related to the management of the services requested and / or the contract and the Services / Products related to it, nor the obligations that depend on them.

What happens if the person does not provide consent to the processing of personal data for the activities of commercial promotion of Services / Products different from those purchased?

If the interested party does not give his consent to the processing of personal data for such purposes, such processing will not take place for the same purposes, without affecting the provision of services requested, nor for those for which he has already given his consent, if required.

In the event that the interested party has given consent and should subsequently revoke it or oppose the processing for commercial promotion activities, his/her data will no longer be processed for such activities, without this having any negative consequences or effects on the interested party or on the services requested.

How we process the data of the interested party (art. 32 GDPR)

The owner of the domain has the use of appropriate security measures in order to preserve the confidentiality, integrity and availability of personal data of the Data Subject and imposes on third party suppliers and Managers similar security measures.

Where we process your data

The personal data of the Data Subject is stored in paper, computer files located at the headquarters The domain owner indicated subject to the GDPR (EU countries).

How long are the data subject's data stored? (art. 13, paragraph 2, lett. a GDPR)

Unless he/she explicitly expresses his/her wish to remove them, the personal data of the Data Subject will be kept as long as they are necessary in relation to the legitimate purposes for which they were collected.

In particular, with regard to the management and provision of services related to contact requests forwarded by the interested party, such data will be stored for no longer than a maximum period of 12 months, and also, in case of accession to the contract, will be kept for the duration of the contract itself and in any case no longer than a maximum period of 12 (twelve) months from the last active services and related to it, or if, within that period, there are no active services and / or purchased products through the contract.

In the case of data provided by the owner of the domain for the purpose of commercial promotion for services other than those already acquired by the interested party, for which he initially gave his consent, these will be kept for 24 months, unless revocation of consent.

It should also be added that, in the event that a user sends to The owner of the domain personal data not required or not necessary for the performance of the service requested or the provision of a service closely related to it, The owner of the domain can not be considered the owner of these data, and will delete them as soon as possible.

Regardless of the determination of the interested party to their removal, personal data will in any case be stored in accordance with the terms provided by existing legislation and / or national regulations, for the exclusive purpose of ensuring the specific requirements, typical of some services (by way of example but not limited to, Certified E-Mail, Digital Signature - in this regard see the relevant section).

In addition, personal data will in any case be kept for the fulfilment of obligations (e.g. fiscal and accounting) that remain even after the termination of the contract (art. 2220 c.c.); for these purposes the Owner will keep only the data necessary for the relative pursuit.

Except for the cases in which the rights deriving from the contract and/or from the registration are to be asserted in court, in which case the personal data of the interested party, only those necessary for such purposes, will be processed for the time necessary for their pursuit.

What are the rights of the interested party? (art. 15 - 20 GDPR)

The data subject has the right to obtain from the data controller the following:

a) confirmation as to whether or not personal data concerning him/her are being processed and, if so, to obtain access to the personal data and to the following information

1. the purposes of the processing;

2. the categories of personal data concerned;

3. the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if they are recipients in third countries or international organizations

4. where possible, the intended period of retention of personal data or, if this is not possible, the criteria used to determine this period

5. the existence of the right of the data subject to request from the data controller the rectification or erasure of personal data or the restriction of the processing of personal data concerning him or her or to object to the processing of personal data concerning him or her

6. the right to lodge a complaint with a supervisory authority;

7. if the data are not collected from the data subject, all available information on their origin

8. the existence of any automated decision-making process, including profiling, and, at least in such cases, meaningful information about the logic used, as well as the importance and expected consequences of such processing for the data subject

9. the adequate safeguards provided by the third country (non-EU) or international organization to protect any data transferred

b) the right to obtain a copy of the personal data undergoing processing, insofar as this right does not violate the rights and freedoms of others; In the event of further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs.

c) the right to obtain from the data controller the rectification of inaccurate personal data concerning him/her without undue delay

d) the right to obtain from the data controller the erasure of personal data concerning him/her without undue delay, if there are grounds provided for by the GDPR in Art. 17, including, for example, if they are no longer necessary for the purposes of the processing or if the processing is assumed to be unlawful, and provided that the conditions provided for by law are met; and in any case if the processing is not justified by another equally legitimate reason;

e) the right to obtain from the data controller the restriction of processing, in the cases provided for by art. 18 of the GDPR, for example where you have disputed the accuracy, for the period necessary for the domain owner to verify the accuracy. The Data Subject must also be informed, in a reasonable time, of when the period of suspension has expired or the cause of the limitation of processing has ceased to exist, and therefore the limitation itself revoked;

f) the right to obtain communication from the owner of the addressees to whom requests for possible rectification or cancellation or limitation of processing have been transmitted, unless this proves impossible or involves a disproportionate effort

g) the right to receive in a structured, commonly used and machine-readable format the personal data concerning him/her and the right to have such data transmitted to another data controller without hindrance by the data controller to whom he/she has provided them, in the cases provided for by Article 20 of the GDPR, and the right to obtain the direct transmission of personal data from one data controller to another, if technically feasible.

For any further information and in any case to send your request, you must contact the Data Controller at the address indicated at the bottom of the page.

In order to ensure that the above rights are exercised by the interested party and not by unauthorized third parties, the owner of the domain may require the same to provide any additional information necessary for this purpose.

How and when can the Data Subject object to the processing of his/her personal data? (Art. 21 GDPR)

For reasons related to the particular situation of the Data Subject, the same may object at any time to the processing of their personal data if it is based on legitimate interest or if it is for commercial promotion activities, by sending the request to The domain owner at the address indicated at the bottom of the page.

The interested party has the right to the cancellation of their personal data if there is no legitimate reason prevailing on the part of the owner than that which gave rise to the request, and in any case if the interested party has opposed the treatment for commercial promotion activities.

Without prejudice to any other administrative or judicial action, the Data Subject may lodge a complaint with the competent supervisory authority on the Italian territory (Guarantor Authority for the protection of personal data) or with the authority that performs its duties and exercises its powers in the Member State where the breach of the GDPR occurred.

Any update of this Privacy Policy will be communicated promptly and by appropriate means and will also be communicated if the Data Controller processes the data of the Data Subject for purposes other than those referred to in this Privacy Policy before proceeding and following the expression of the relevant consent of the Data Subject, if necessary.



NAVIGATION DATA

During the navigation on this site will be acquired, in normal operation, some navigation data that are transmitted implicitly in the use of internet communication protocols. These data are related to computer traffic that by their nature are not immediately associated with identified interested parties, but through processing or association with data held by third parties could allow identification of users/visitors of the site (such as, for example, IP addresses, type of browser and operating system used by the user, time of request for access to web pages). These data are used for anonymous statistical information relating to visits to the site or to verify the proper functionality of the same, these are kept by the owner of this site interent for the period strictly necessary and in accordance with current regulations.

COOKIE

Cookies are small text strings that the sites visited by the user send to his terminal (usually to the browser), where they are stored and then retransmitted to the same sites the next time the same user visits. While browsing a site, the user may also receive cookies on his terminal which are sent by different sites or web servers (so-called "third parties"), on which some elements (such as, for example, images, maps, sounds, specific links to pages of other domains) present on the site he is visiting may reside. Cookies, which are usually present in a very high number in the users' browsers and sometimes with characteristics of wide temporal persistence, are used for different purposes: execution of computer authentication, session monitoring, memorization of information on specific configurations regarding the users who access the server, etc.. In order to arrive at a correct regulation of these devices, it is necessary to distinguish them since there are technical characteristics that differentiate them from each other precisely on the basis of the purposes pursued by those who use them. In this direction has moved, moreover, the same legislator, which, in implementation of the provisions contained in Directive 2009/136/EC, has brought the obligation to acquire prior consent and informed users to the installation of cookies used for purposes other than those purely technical (see art. 1, paragraph 5, letter. a) of Legislative Decree no. May 28, 2012, n. 69, which amended art. 122 of the Code). In this regard, and for the purposes of the measure indicated, two macro-categories are therefore identified: "technical" cookies and "profiling" cookies.

The user can autonomously manage their own cookie policy through the relative setting on their browser, to the detriment in some cases of a correct and usable navigation on the website. You can consult the manual of your device or the "Help" function of your internet browser in this regard.

We provide links to the most common Internet browsers for managing cookies:

- Internet Explorer: http://windows.microsoft.com/it-IT/internet-explorer/delete-manage-cookies


- Google Chrome: https://support.google.com/chrome/answer/95647


- Mozilla Firefox: http://support.mozilla.org/it/kb/Gestione%20dei%20cookie


- Opera: http://help.opera.com/Windows/10.00/it/cookies.html


- Safari: https://support.apple.com/kb/PH19255


TECHNICAL COOKIES

Technical cookies are those used for the sole purpose of "carrying out the transmission of a communication on an electronic communication network, or to the extent strictly necessary for the provider of an information society service explicitly requested by the subscriber or user to provide such service" (see art. 122, paragraph 1, of the Code). They are not used for further purposes and are normally installed directly by the owner or manager of the website. They can be divided into navigation or session cookies, which ensure the normal navigation and use of the website (allowing, for example, to make a purchase or authenticate to access restricted areas); analytics cookies, assimilated to technical cookies where used directly by the site manager to collect information, in aggregate form, on the number of users and how they visit the site; functionality cookies, which allow the user to navigate according to a series of selected criteria (for example, language, products selected for purchase) in order to improve the service provided to the same. For the installation of these cookies is not required prior consent of users, while it remains the obligation to give the information pursuant to art. 13 of the Code, which the site manager, if it uses only these devices, may provide in the manner it deems most appropriate.

ceid - Session management security code "recaptcha " sending messages and requests from web page.

THIRD PARTY COOKIES
we use only TECHNICAL COOKIES


Email


Sending and receiving email:

Sending email from this email domain:




Subject to different communication, is to be considered for the private use of the recipient; therefore according to the PROTECTION OF PERSONAL DATA (D.L. 196/2003 and 354/2003).
This communication contains confidential information and may also be privileged.
It is for the exclusive use of the default recipient.
If you are not the intended recipient, please be advised that any distribution, copying or use of this communication and/or the information contained therein is strictly prohibited.
If you have received this communication in error, please notify the sender immediately and destroy all copies.




Sending email to this email domain:

Subject to different communication, is to be considered for commercial use, therefore subject to the privacy policy described above.


You can exercise the rights recognized by the privacy legislation, such as cancellation from the lists etc.. turning to the contacts indicated in the website, whose owner is the depositary
Reviews
D.O.P. Siena 2023 Italian Extra Virgin Olive Oil  lt.0,500
D.O.P. Siena 2023 Italian Extra Virgin Olive Oil lt.0,500
17,00€

Conosciuto durante una gita tra le colline senesi, è un olio...