Agriturismo Il Poggione © 2024 - All rights reserved
Loc. Sant'Angelo in Colle - 53024 Montalcino (SI)
tel. +39.0577.844029 - agriturismo@ilpoggione.it
CIN CODE: IT052037B59BJZKE67
Franceschi S.A. VAT No. 00502730526
Privacy Policy
Cookie Policy
Information pursuant to Art. 13 of Regulation (EU) No. 679/2016 (“GDPR”)
Franceschi Leopoldo e Livia s.s. Società Agricola (hereinafter also the "Data Controller") protects the confidentiality of personal data and guarantees them the necessary protection from any event that may put them at risk of violation.
As provided for by European Union Regulation no. 679/2016 (“GDPR”), and in particular by art. 13, the following information required by law regarding the processing of personal data is provided to the user (“Data Subject”).
SECTION I
Who we are and what data we process (art. 13, 1st paragraph lett. a, art. 15, lett. b GDPR)
Franceschi Leopoldo e Livia s.s. Società Agricola, in the person of its legal representative pro tempore, with registered office in Loc. Monteano, 53024 Sant’Angelo in Colle (SI), acts as Data Controller and can be contacted at info@ilpoggione.it and collects and/or receives information concerning the Data Subject, such as:
Personal data
first name, last name, physical address, nationality, province and municipality of residence, landline and/or mobile phone, fax, tax code, email address(es)
Bank details
IBAN and bank/postal details
Telematic data
Log, originating IP address.
Franceschi Leopoldo e Livia s.s. Società Agricola does not require the Data Subject to provide so-called "special" data, that is, according to the GDPR (art. 9), personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data concerning health or a person's sex life or sexual orientation. In the event that the service requested from Franceschi Leopoldo e Livia s.s. Società Agricola requires the processing of such data, the Data Subject will first receive specific information and will be asked to provide specific consent.
The data controller is Franceschi Leopoldo e Livia s.s. Società Agricola and can be contacted for any information and request:
e-mail:info@ilpoggione.it
SECTION II
For what purposes do we need the Data Subject's data (art. 13, 1st paragraph GDPR)
The data is used by the Data Controller to process the request for registration and the contract for the chosen Service and/or the purchased Product, to manage and fulfill contact requests submitted by the Data Subject, to provide assistance, and to comply with legal and regulatory obligations to which the Data Controller is subject in relation to the activity carried out. Under no circumstances does Franceschi Leopoldo e Livia s.s. Società Agricola resell the personal data of the Data Subject to third parties nor use them for undeclared purposes.
In particular, the data of the Data Subject will be processed for:
•a – registration in the registry and requests for contact and/or informational material
The processing of the Data Subject's personal data takes place in order to carry out the preliminary and subsequent activities related to the request for registration, to manage requests for information and contact and/or for sending informational material, as well as to fulfill any other resulting obligations.
The legal basis for such processing is the fulfillment of services related to the request for registration, information and contact and/or the sending of informational material and compliance with legal obligations.
•b – the management of the contractual relationship
The processing of the Data Subject's personal data takes place in order to carry out the preliminary and subsequent activities related to the purchase of a Service and/or a Product, the management of the related order, the provision of the Service itself and/or the production and/or shipment of the purchased Product, the related invoicing and payment management, the handling of complaints and/or reports to the customer service and the provision of the service itself, the prevention of fraud as well as the fulfillment of any other obligation arising from the contract.
The legal basis for such processing is the fulfillment of obligations related to the contractual relationship and compliance with legal requirements.
•c – promotional activities on Services/Products similar to those purchased by the Data Subject (Recital 47 GDPR)
The data controller, even without your explicit consent, may use the contact details provided by the Data Subject for the purpose of direct sale of its own Services/Products, limited to cases where these are Services/Products similar to those subject to the sale, unless the Data Subject explicitly objects.
•d – commercial promotion activities on Services/Products different from those purchased by the Data Subject
The personal data of the Data Subject may also be processed for commercial promotion purposes, for surveys and market research regarding Services/Products offered by the Data Controller only if the Data Subject has authorized the processing and does not object to it.
This processing may take place, in an automated manner, in the following ways:
- e-mail;
- sms;
- telephone contact
and can be carried out:
1.if the Data Subject has not withdrawn their consent for the use of the data;
2. if, in the case where the processing takes place through contact with a telephone operator, the Data Subject is not registered in the opt-out register referred to in D.P.R. no. 178/2010;
The legal basis for such processing is the consent given by the Data Subject prior to the processing itself, which may be freely revoked by the Data Subject at any time.
•and – cybersecurity
The Data Controller, in line with what is provided by Recital 49 of the GDPR, processes, also through its suppliers (third parties and/or recipients), the data subject's personal data relating to traffic to the extent strictly necessary and proportionate to guarantee the security of networks and information, that is, the ability of a network or information system to withstand, at a given level of security, unforeseen events or unlawful or malicious acts that compromise the availability, authenticity, integrity, and confidentiality of the personal data stored or transmitted.
The Data Controller will promptly inform the Data Subjects if there is a particular risk of a breach of their data, without prejudice to the obligations arising from Article 33 of the GDPR regarding notifications of personal data breaches.
The legal basis for such processing is compliance with legal obligations and the legitimate interest of the Data Controller in carrying out processing related to the protection of company assets and the security of systems.
•f – profiling
The personal data of the Data Subject may also be processed for profiling purposes (such as analysis of the data provided and the Services/Products chosen, proposing advertising messages and/or commercial offers in line with the choices made by the users themselves) exclusively in the event that the Data Subject has provided explicit and informed consent. The legal basis for such processing is the consent given by the Data Subject prior to the processing itself, which may be freely revoked by the Data Subject at any time.
•g – fraud prevention (recital 47 and art. 22 GDPR)
the personal data of the data subject, excluding special (Art 9 GDPR) or judicial (Art 10 GDPR) data, will be processed to allow checks for the purpose of monitoring and preventing fraudulent payments, by software systems that carry out an automated verification prior to the negotiation of Services/Products.
the personal data collected solely for anti-fraud purposes, unlike the data necessary for the correct execution of the requested service, will be immediately deleted at the end of the control phases.
•h – the protection of minors
The Services/Products offered by the Owner are reserved for individuals who are legally able, based on the relevant national legislation, to enter into contractual obligations.
The Data Controller, in order to prevent unauthorized access to its services, implements preventive measures to protect its legitimate interest, such as checking the tax code and/or other verifications, when necessary for specific Services/Products, and the accuracy of the identification data of identity documents issued by the competent authorities.
Disclosure to third parties and categories of recipients (art. 13, 1st paragraph GDPR)
The communication of the Data Subject's personal data mainly takes place with third parties and/or recipients whose activity is necessary for carrying out activities related to the established relationship and to comply with certain legal obligations, such as:
Third-party suppliers
Provision of services (assistance, maintenance, provision of additional services, providers of electronic communications networks and services) related to the requested service.
Administrative, accounting, and related obligations connected to the contractual performance.
Credit and digital payment institutions, banking/postal institutions
Management of collections, payments, refunds related to the contractual service
External professionals/consultants and Consulting firms
Fulfillment of legal obligations, exercise of rights, protection of contractual rights, debt collection
Tax administration, Public bodies, Judicial Authorities, Supervisory and control authorities, lists and registers kept by public Authorities or similar bodies
Fulfillment of legal obligations, defense of rights; based on specific regulations, in relation to the contractual performance
Formally delegated subjects or those with recognized legal title
Legal representatives, curators, guardians, etc.
The Controller requires its Third Party suppliers and Data Processors to comply with security measures equal to those adopted for the Data Subject, restricting the scope of the Processor's actions to processing related to the requested service.
The Data Controller does not transfer your personal data to countries where the GDPR is not applied (non-EU countries) unless specifically indicated otherwise, in which case you will be informed in advance and, if necessary, your consent will be requested.
The legal basis for such processing is the fulfillment of the services related to the established relationship, compliance with legal obligations, and the legitimate interest of Franceschi Leopoldo e Livia s.s. Società Agricola in carrying out processing necessary for these purposes.
SECTION III
What happens if the Data Subject does not provide the data identified as necessary for the execution of the requested service? (Art. 13, 2nd paragraph, letter e GDPR)
The collection and processing of personal data is necessary to carry out the requested services as well as the provision of the Service and/or the supply of the requested Product. If the Data Subject does not provide the personal data expressly indicated as necessary within the order form or registration form, the Data Controller will not be able to proceed with the processing related to the management of the requested services and/or the contract and the Services/Products connected to it, nor with the obligations that depend on them.
What happens if the Data Subject does not give consent to the processing of personal data for commercial promotion activities on Services/Products different from those purchased?
In the event that the Data Subject does not give their consent to the processing of personal data for these purposes, such processing will not take place for those purposes, without this having any effect on the provision of the requested services, nor for those for which they have already given their consent, if required.
In the event that the Data Subject has given consent and subsequently revokes it or objects to the processing for commercial promotion activities, their data will no longer be processed for such activities, without this resulting in any consequences or detrimental effects for the Data Subject and the requested services.
How we process the Data Subject's data (art. 32 GDPR)
The Data Controller adopts appropriate security measures in order to preserve the confidentiality, integrity, and availability of the Data Subject's personal data and requires third-party providers and Processors to adopt similar security measures.
Where we process the Data Subject's data
The personal data of the Data Subject are stored in paper, computer, and telematic archives located in countries where the GDPR applies (EU countries).
How long are the Data Subject's data retained? (art. 13, 2nd paragraph, letter a GDPR)
Unless the data subject explicitly expresses their wish to have them removed, the personal data of the data subject will be retained as long as they are necessary for the legitimate purposes for which they were collected.
In particular, they will be retained for the entire duration of your registration and in any case for no longer than a maximum period of 12 (twelve) months of inactivity, that is, if within this period no Services are associated and/or Products are purchased using the same registration.
In the case of data provided to the Data Controller for the purpose of commercial promotion for services other than those already acquired by the Data Subject, for which consent was initially given, such data will be retained for 24 months, unless the consent given is revoked.
In the case of data provided to the Data Controller for profiling purposes, this data will be retained for 12 months, unless consent is withdrawn.
It should also be added that, in the event that a user forwards unsolicited or unnecessary personal data to Franceschi Leopoldo e Livia s.s. Società Agricola for the purpose of carrying out the requested service or for the provision of a service strictly related to it, Franceschi Leopoldo e Livia s.s. Società Agricola cannot be considered the data controller of such data, and will proceed to delete them as soon as possible.
Regardless of the Data Subject's decision to have them removed, personal data will in any case be retained according to the terms provided by current legislation and/or national regulations, solely for the purpose of ensuring the fulfillment of specific requirements related to certain Services (by way of example but not limited to, Certified Electronic Mail, Digital Signature, Substitute Storage - in this regard, see the relevant section).
Furthermore, personal data will in any case be retained for the fulfillment of obligations (e.g. fiscal and accounting) that remain even after the termination of the contract (art. 2220 c.c.); for these purposes, the Data Controller will retain only the data necessary for the relevant pursuit.
Exceptions are made in cases where it is necessary to assert in court the rights arising from the contract and/or from registration in the registry, in which case the personal data of the Data Subject, exclusively those necessary for such purposes, will be processed for the time strictly necessary to achieve them.
What are the rights of the Data Subject? (arts. 15 – 20 GDPR)
The data subject has the right to obtain the following from the data controller:
a) confirmation as to whether or not personal data concerning them is being processed and, if so, to obtain access to the personal data and the following information:
1.the purposes of the processing;
2.the categories of personal data in question;
3. the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if recipients in third countries or international organizations;
4.when possible, the envisaged period for which the personal data will be stored or, if not possible, the criteria used to determine that period;
5. the existence of the right of the data subject to request from the data controller the rectification or erasure of personal data or the restriction of processing of personal data concerning him or her or to object to their processing;
6. the right to lodge a complaint with a supervisory authority;
7. if the data are not collected from the data subject, all available information about their origin;
8. the existence of automated decision-making processes, including profiling, and, at least in such cases, meaningful information about the logic used, as well as the significance and the expected consequences of such processing for the data subject.
9. the adequate safeguards provided by the third country (outside the EU) or an international organization for the protection of any data transferred
b) the right to obtain a copy of the personal data being processed, provided that this right does not adversely affect the rights and freedoms of others; In the case of further copies requested by the data subject, the data controller may charge a reasonable fee based on administrative costs.
c) the right to obtain from the data controller the rectification of inaccurate personal data concerning you without undue delay
d) the right to obtain from the data controller the erasure of personal data concerning you without undue delay, if the reasons provided for by the GDPR in art. 17 exist, including, for example, in cases where they are no longer necessary for the purposes of processing or if the processing is considered unlawful, and always if the conditions provided for by law are met; and in any case if the processing is not justified by another equally legitimate reason;
e) the right to obtain from the data controller the restriction of processing, in the cases provided for by art. 18 of the GDPR, for example where you have contested its accuracy, for the period necessary for the Controller to verify its accuracy. The Data Subject must be informed, within a reasonable time, also when the suspension period has ended or the reason for the restriction of processing no longer applies, and therefore the restriction itself is revoked;
f) the right to obtain communication from the data controller of the recipients to whom requests for any rectifications or erasures or restrictions of processing have been transmitted, unless this proves impossible or involves a disproportionate effort.
g) the right to receive personal data concerning them in a structured, commonly used and machine-readable format and the right to transmit those data to another data controller without hindrance from the controller to whom the data have been provided, in the cases provided for by Article 20 of the GDPR, and the right to have the personal data transmitted directly from one controller to another, where technically feasible.
For any further information and in any case to send your request, you must contact the Data Controller at [MAIL]. In order to ensure that the above-mentioned rights are exercised by the Data Subject and not by unauthorized third parties, the Data Controller may ask the Data Subject to provide any further information necessary for this purpose.
How and when can the Data Subject object to the processing of their personal data? (Art. 21 GDPR)
For reasons related to the particular situation of the Data Subject, the latter may object at any time to the processing of their personal data if it is based on legitimate interest or if it occurs for commercial promotion activities, by sending a request to the Data Controller at info@ilpoggione.it
The Data Subject has the right to have their personal data deleted if there is no overriding legitimate reason on the part of the Controller compared to the reason that gave rise to the request, and in any case if the Data Subject has objected to the processing for commercial promotion activities.
To whom can the Data Subject submit a complaint? (Art. 15 GDPR)
Without prejudice to any other action in administrative or judicial proceedings, the Data Subject may lodge a complaint with the competent supervisory authority in Italy (Data Protection Authority) or with the authority that performs its duties and exercises its powers in the Member State where the GDPR violation occurred.
Any update to this Policy will be communicated promptly and by appropriate means, and it will also be communicated if the Data Controller processes the Data Subject's data for purposes other than those set out in this Policy before doing so and following the Data Subject's consent, if necessary.
SECTION IV
COOKIE
General information, deactivation and management of cookies
Cookies are data that are sent by the website and stored by the internet browser on the user's computer or other device (for example, tablet or mobile phone). Technical cookies and third-party cookies may be installed by our website or its related subdomains.
In any case, the user can manage, that is, request the general deactivation or deletion of cookies by changing the settings of their internet browser. However, such deactivation may slow down or prevent access to certain parts of the site.
The settings to manage or disable cookies may vary depending on the internet browser used, therefore, for more information on how to perform these
for operations, we suggest that the User consult the manual of their device or the “Help” function of their internet browser.
Below are links for Users explaining how to manage or disable cookies for the most popular internet browsers:
Internet Explorer: http://windows.microsoft.com/it-IT/internet-explorer/delete-manage-cookies
Google Chrome: https://support.google.com/chrome/answer/95647
Mozilla Firefox: http://support.mozilla.org/it/kb/Gestione%20dei%20cookie
Opera: http://help.opera.com/Windows/10.00/it/cookies.html
Safari: https://support.apple.com/kb/PH19255
• Technical cookies
The use of technical cookies, that is, cookies necessary for the transmission of communications over an electronic communications network or cookies strictly necessary for the provider to deliver the service requested by the customer, allows for the safe and efficient use of our site.
Session cookies may be installed in order to allow access to and stay in the reserved area of the portal as an authenticated user.
Technical cookies are essential for the proper functioning of our website and are used to allow users to navigate normally and to take advantage of the advanced services available on our website. The technical cookies used are divided into session cookies, which are stored exclusively for the duration of the browsing session until the browser is closed, and persistent cookies, which are saved in the user's device memory until they expire or are deleted by the user. Our website uses the following technical cookies:
• Technical navigation or session cookies, used to manage normal navigation and user authentication;
• Functional technical cookies, used to store customizations chosen by the user, such as, for example, the language;
Technical analytics cookies, used to understand how users use our website so that we can evaluate and improve its functioning.
•Third-party cookies
Third-party cookies may be installed: these are analytical and profiling cookies from Google Analytics, Google Doubleclick, Criteo, Rocket Fuel, Youtube, Yahoo, Bing, and Facebook. These cookies are sent by the websites of the aforementioned third parties external to our site.
Third-party analytical cookies are used to detect information about user behavior on the site. The detection takes place anonymously, in order to monitor performance and improve the site's usability. Third-party profiling cookies are used to create profiles related to users, in order to propose advertising messages in line with the choices made by the users themselves.
The use of these cookies is governed by the rules established by the respective third parties; therefore, Users are invited to review the privacy policies and instructions for managing or disabling cookies published on the following web pages:
For Google Analytics cookies:
- privacy policy: https://www.google.com/intl/it/policies/privacy
- instructions for managing or disabling cookies: https://support.google.com/accounts/answer/61416?hl=it
For Google Doubleclick cookies:
- privacy policy: https://www.google.com/intl/it/policies/privacy/
- instructions to manage or disable cookies: https://www.google.com/settings/ads/plugin
For Criteo cookies:
- privacy policy: http://www.criteo.com/it/privacy/
- instructions for managing or disabling cookies: http://www.criteo.com/it/privacy/
For Facebook cookies:
- privacy policy: https://www.facebook.com/privacy/explanation
- instructions to manage or disable cookies: https://www.facebook.com/help/cookies/
For CrazyEgg cookies:
- privacy policy: https://www.crazyegg.com/privacy/- instructions to manage or disable cookies: https://www.crazyegg.com/cookies/
For Rocket Fuel cookies:
-privacy policy: http://rocketfuel.com/it/privacy/
- instructions for managing or disabling cookies: http://rocketfuel.com/it/cookie-policy/
For Youtube cookies:
-privacy policy: https://www.youtube.com/intl/it/yt/about/policies/#community-guidelines
- instructions for managing or disabling cookies: https://support.google.com/accounts/answer/61416?hl=it
For Yahoo cookies:
-privacy policy and instructions to manage or disable cookies:
https://policies.yahoo.com/ie/it/yahoo/privacy/euoathnoticefaq/
For Bing cookies:
-privacy policy and instructions to manage or disable cookies https://privacy.microsoft.com/it-it/privacystatement
•Profiling cookies
Profiling cookies may be installed by the Data Controller(s), through so-called web analytics software, which are used to prepare detailed and real-time analysis reports regarding information on: website visitors, originating search engines, keywords used, language of use, most visited pages.
They may collect information and data such as IP address, nationality, city, date/time, device, browser, operating system, screen resolution, navigation source, pages visited and number of pages, duration of the visit, number of visits made.
Agriturismo Il Poggione © 2024 - All rights reserved
Loc. Sant'Angelo in Colle - 53024 Montalcino (SI)
tel. +39.0577.844029 - agriturismo@ilpoggione.it
CIN CODE: IT052037B59BJZKE67
Franceschi S.A. VAT No. 00502730526
Privacy Policy
Cookie Policy