INFORMATION ON THE PROCESSING OF PERSONAL DATA
(PRIVACY POLICY)

This information is provided pursuant to art. 13 of Italian Legislative Decree 196/2003, Code regarding the protection of personal data, and for the purposes of art. 13 of EU 2016/679 Regulation (GDPR), concerning the protection of individuals with regard to the processing of personal data and the free movement of such data, to those who interact with the websites www.ilfilorosso.eu or www.aziendaagricolacordapaolo.it, corresponding to the homepage of the official website of the “Azienda Agricola Paolo Corda” (Farm Company), from now on the Site and the Company respectively. With regard to other websites that may be visited via links, please refer to the specific and proprietary information pages.
The purpose of this information is to provide indications on the methods, timing and nature of the information that the data controllers must provide to users when connecting to the web pages of our Site, regardless of the purposes of the connection, according to Italian legislation and European.
However, with regard to the processing of personal data subject to consent and necessary for sending our newsletters, it is stated that this service is provided by SendInBlue which operates according to GDPR, to which reference is made to the respective Privacy Policy at the link www.sendinblue.com/legal/privacypolicy/.
1. Who is the owner of the processing of personal data and where are they treated?
With regard to the Site, the Responsible for the processing of personal data is Corda Paolo, the owner of the Company and the processing of the related data takes place at Regione San Grato 71, 14018 Villafranca d’Asti, Italy.
2. What personal data are processed by us and for what purposes?
By personal data, we mean any information suitable for identifying, directly or indirectly, a physical person, in this case who benefits from browsing and buying and selling services on the Site. The data processed are those relating to browsing of the Site and those explicitly provided by user (for example, those essential to be able to register on the Site for the purpose of buying and selling a product and/or sending periodic newsletters). The personal data processed through the Site are the following:
a. Browsing data
The data automatically acquired while browsing the site are of two types: the first type is that derived from the operation of computer systems responsible for providing the web services of the Site. These basic systems automatically acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified subjects, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the computers used by users who connect to the Site, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters related to the operating system and the user’s computer environment.
The second type is that derived implicitly from the use of a program for Internet browsing, from now on Browser, which uses so-called cookies. Cookies are small text files that the websites visited by a user send to the browsers used at the time, where they are stored before being re-transmitted to the same sites on the next visit. In general, technical and functional cookies are used, as well as statistical and performance cookies for improvements in navigability and usability of current and future content respectively. It is possible to disable / refuse the use of these cookies by modifying the settings of the browser of the device used. For more details, refer to our specific page Cookie Policy www.ilfilorosso.eu/info/cookies.
b. Data provided explicitly by the user
This Privacy Policy is also intended for the processing of data explicitly entered by you in the various forms contained within our Site, for example for user registration or for the purchase and sale of a product.
c. Third party data provided explicitly by the user
In the use of the Site service related to the sale of the products, personal data processing may be processed by third parties provided by you (for example regarding the shipment of the products / products object of the sale to a person different from the buyer). In this case you are the independent data controller, assuming all the obligations and responsibilities of the law. In this sense, it confers on the point the widest indemnity with respect to any dispute, claim, request for compensation for damage from treatment, etc. that it should reach the Company from third parties whose personal data have been processed through its use of the functions of the Site in violation of the rules on the protection of applicable personal data. In any case, if it provides or otherwise processes personal data of third parties in the use of the Site, it guarantees from now on assuming all related responsibility that this particular hypothesis of treatment is based on an appropriate legal basis pursuant to art. 6 of the Regulation that legitimizes the processing of the information in question
d. Online payments data
With regard to payments data entered by users, our Company will only process the information on the status of the payment (successful / refused / failed) communicated by the Company responsible for the management of payment by credit or digital cards. All other data for the management of the digital payment are managed and processed directly by the GestPay service used by our Company, service provided by EasyNolo Banca Sella Group Company, and regulated by their Privacy Policy available at the link www.gestpay.it/en/privacy-policy/.
3. For what period will we process personal data ?
We will keep your data only for the time necessary to process it for the purposes for which it is processed. Indicatively, your data will be kept for the following periods: – for tax / administrative obligations: 11 years; – where applicable for regulatory obligations regarding product warranty: 28 months; – for direct marketing (newsletters) 3 years from the explicit consent or until an explicit cancellation of the registration; – for other legal obligations: treated and stored as long as the need for treatment persists to fulfill legal obligations.
4. How are protected personal data ?
The web service of our site is hosted by the Aruba Business Company’s cloud systems and through software developed using the best technologies available on the market customized by the specialized company TP Technology. Both companies implement technical and organizational measures that meet the highest internationally recognized IT standards and are subject to constant verification.
5. Where are stored?
They are all resident in the EU, both the Aruba Business Cloud systems hosting the web service of our Site, and those of the Google Company hosting the Google Analytics service (see page Cookie Policy), as well as those of the SendInBlue Company hosting the newsletter service (see page SendInBlue Privacy Policy).
6. With whom will be shared?
Personal data may be shared with third parties, or external suppliers appointed by the Company for the attainment of the purposes previously described and legal requirements, in the context of the following contexts: – shipment and delivery of the products object of the sale; – management of corporate taxation. These suppliers provide a priori according to the law with subjects with Responsibility for the processing of personal data.
7. What rights do you have on ?
– Right of access: you have the right to obtain confirmation about the existence or otherwise of a treatment concerning your data as well as the right to receive any information concerning the same treatment;
– Right to rectification: you have the right to obtain the correction of your data, if they are incomplete or inaccurate;
– Right to cancellation: in certain circumstances, you have the right to obtain the deletion of your data in our archives if not relevant for the purposes of the continuation of the contractual relationship or necessary by law;
– Right to limit the processing: when certain conditions occur, you have the right to obtain the limitation of the treatment, if it is not relevant for the purpose of the continuation of the contractual relationship or necessary by law;
– Right to portability: you have the right to obtain the transfer of your data in favor of a different holder;
– Opposition law: you have the right to object, at any time for reasons connected with your particular situation, to the processing of data concerning you based on the lawfulness of legitimate interest or the performance of a task in the public interest or the exercise of public authority , including profiling;
– Right of withdrawal of consent: you have the right to withdraw your consent to the processing of your data at any time, remaining firm the lawfulness of the treatment based on consent before revocation;
– Right to propose a complaint to the supervisory Authority: at any time, you have the right to promote requests for the exercise of your rights. In any case, if you wish to lodge a complaint about how your data are processed, or about the management of a complaint that you have proposed, you have the right to file an application directly to the supervisory Authority.
The above rights may be exercised against us by writing to the email address info@ilfilorosso.eu or by contacting the personal data Responsible at the address indicated at the beginning of the document.

This document has been revised on 21-05-2018.