Information pursuant to art. 13 EU Regulation 2016/679 (GDPR) for data processed through the site -
This information is provided by BIOFAVOLE Società Agricola Semplice , in the person of its pro tempore legal representative , in compliance with the obligations deriving from EU Regulation 2016/679 (hereinafter GDPR) and more generally, from current legislation on the protection of natural persons with regard to personal data.
It aims to describe the management methods of the website www.biofavole.it with reference to the processing of personal data of Users for activities carried out through said site and it will illustrate the purposes and methods with which the company could collect and process personal data, which categories of data are processed, what are the rights of data subjects and how they can be exercised.
Users, by using this site, accept this information and are therefore invited to read it before providing personal information of any kind.
It should be noted that what is indicated below does not concern other sites, pages or online services that can be reached via hypertext links that may be present on the site. In such cases, please consult the related privacy policies.
BIOFAVOLE Società Agricola Semplice
Via S. Antonio, 2 – 63851 Ortezzano (FM)
VAT number: 02272310448
Telephone +39 333 478 1980
What categories of personal data are processed, is the provision of data mandatory or optional?
Among the personal data collected by this site, independently or through third parties, there may be: data necessary for account registration, cookies, navigation data, usage data, data communicated while using the services, name, surname, physical address for shipping, email, billing information, telephone number, etc.
Personal data may be freely provided by the User or, in the case of usage data, collected automatically during navigation.
Unless otherwise specified, all personal data requested by this site are mandatory. If the User refuses to communicate them, it may be impossible to provide the requested services. In cases where the data is indicated as optional, Users are free to provide such data, without this having any consequence on the availability of the services.
What are the methods and the place of processing of the collected data?
The data collected will be processed in compliance with the principles of lawfulness, transparency, correctness, confidentiality, pertinence and non-excess, both using paper and electronic and telematic tools, limited to the realization of the purposes for which they were collected. In order to give effectiveness to the aforementioned principles and, taking into account the state of the art and implementation costs, as well as the nature, object, context and purposes of the processing, the Data Controller has implemented the technical and adequate organizational structures to guarantee a level of security of the treatment appropriate to the risk, yes as required by the art. 32 of the GDPR.
Who are the recipients of the Data?
The processed data may be communicated to third parties to achieve the processing purposes . In addition to the Data Controller, in some cases, other subjects involved in the organization (administrative, commercial, marketing personnel) or external subjects (such as third party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) may have access to the data. ) also appointed, if necessary, as Data Processors by the Data Controller. The updated list of Managers can always be requested from the Data Controller.
What are the legal bases of Data Processing
The Data Controller processes personal data relating to the User in the event that one of the following conditions exists:
- the User has given consent for one or more specific purposes (e.g. consent flag for account registration). In this case, the legal basis is consent (art. 6, letter A GDPR)
- the processing is necessary for the execution of a contract with the User and/or for the execution of pre-contractual measures (e.g. request for information or estimates, product orders). In this case, the legal basis is pre-contractual or contractual (art. 6, letter B GDPR)
- the processing is necessary to fulfill a legal obligation to which the Data Controller is subject (e.g. tax obligations). In this case the legal basis is the legal obligation (Article 6, letter C GDPR)
- the processing is necessary for the pursuit of the legitimate interest of the Data Controller or of third parties. In this case, the legal basis is the legitimate interest (Article 6, letter F GDPR)
However, it is always possible to ask the Data Controller to clarify the concrete legal basis of each treatment and in particular to specify whether the treatment is based on the law, provided for by a contract or necessary to conclude a contract.
For what purposes are the Data processed?
The User's data is collected to allow the Owner to provide its own Services in general and use the following services in detail:
- Account Registration
By registering an account, the User allows the site to identify him and give him access to dedicated services.
The User registers by completing the registration form and providing his/her personal data.
Personal data processed: username; password; user's email address.
- Management of contact requests and sending messages via contact form
The optional and voluntary sending of e-mails to the addresses indicated on this site or the compilation of the dedicated form in the " contact " section involves the subsequent acquisition of the sender's address, necessary to respond to requests, as well as other personal data entered in the form and in the body of the message. No data deriving from the "contact" e-mail or messaging service is disclosed; the data collected through the form or by sending e-mails are managed by the Data Controller. The User is completely free to provide the personal data indicated in "contacts" with our company to request the sending of information or other communications. Failure to provide such data may make it impossible to obtain what has been requested. Personal data is processed with automated tools only for the time strictly necessary to achieve the purposes for which it was collected. Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access.
By registering for the newsletter service, the User's email address can be used to send email messages containing information, including commercial and promotional information, relating to the services offered by this site. You can always unsubscribe from the service.
Personal Data processed: name; user's email address.
- Payment management
Payment management services allow you to process payments by credit card or other payment instruments.
The data used for payment are acquired directly by the manager of the requested payment service without being processed in any way by this site.
Some of these services may also allow the scheduled sending of messages to the User, such as emails containing invoices or payment notifications.
In case of payment by advance bank transfer, the User will receive an email from the Owner with all the details necessary to make the payment; in this case, the management of the payment is the exclusive responsibility of the Owner or his authorized representatives.
- Navigation data
Always with specific reference to personal data collected via the web, Users are informed that the company is the sole owner of the domain www.biofavole.it
The computer systems and software procedures used to operate this site record, during their normal operation, some information of a personal nature, the acquisition of which takes place automatically in the use of internet communication protocols. These categories of data include the IP addresses or domain names of the computers used by users who connect to the site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the User's IT environment.
This information which - regardless of the chosen path - is recorded by the system on the basis of its own standard characteristics and which is not collected to be associated with identified interested parties, by their very nature could, through processing and association with data held by third parties, make it possible to identify users.
In any case, these are elements that are used for the sole purpose of:
- obtain anonymous statistical information on the use of the services (most visited pages, number of visitors per hour or day, geographical areas of origin, etc.);
- to verify the correct functioning of the services offered.
Such data is deleted immediately after processing. The data could be used to ascertain responsibility in the event of any computer crimes perpetrated against the site, always in full compliance with current regulations on the subject.
Where is the data processed and to whom is it transferred?
The data is processed at the Data Controller's operating offices and in any other place where the parties involved in the processing are located. The Owner, if necessary, reserves the right to use cloud services and will have the right to use servers located in other EU and non-EU countries as well. In this case, the service providers will be selected exclusively among those who provide adequate guarantees, as required by art. 46 GDPR.
How long are the Data kept?
The data are processed and stored for the time required by the purposes for which they were collected. In particular:
- personal data will be kept for the periods imposed by specific sector legislation (e.g. administrative data will be kept for 10 years);
- customer/supplier contracts and related documentation (e.g. orders, estimates, etc.) will be kept for 5 years;
- in all other cases they will be kept for a maximum period of 24 months from the end of the relationship.
When the treatment is based on the User's consent, the Data Controller can keep the personal data until said consent is revoked. Furthermore, the Data Controller may be obliged to keep personal data for a longer period in compliance with a legal obligation or by order of an authority.
At the end of the retention period, personal data will be deleted. Therefore, upon expiry of this term, the right of access, cancellation, rectification and the right to data portability can no longer be exercised.
The User concerned always has the right, at any time, to exercise the rights recognized by the art. 15 GDPR:
- Right of access to personal data;
- Right to obtain the rectification or cancellation of the same or the limitation of the treatment that concern him;
- Right to object to processing;
- Right to data portability;
- Right to withdraw consent, where provided (the withdrawal of consent does not affect the lawfulness of the treatment based on the consent given before the revocation);
- Right to lodge a complaint with the supervisory authority ("Guarantor for the Protection of Personal Data" whose contact details are indicated on the website www.garanteprivacy.it).
Where applicable, you also have the rights pursuant to articles 16-21 GDPR (right to be forgotten, right to limitation of treatment, right to data portability, right to object).
If the changes concern treatments whose legal basis is consent, the Data Controller will collect the User's consent again, if necessary.
Last Updated: 1/7/2021