Privacy Policy en

This information notice is provided in compliance with Art. 13 of Regulation 2016/679 (GDPR), pursuant to Art. 13 of Legislative Decree no. 196/2003 (Personal Data Protection Code) and concerns all personal data processed as outlined below.

Data Controller The Data Controller of the Personal Data collected is: Marco Borghi
Operating Address: VIA VECCHIARELLE, 166, Loc. Varna – 50050 – Gambassi Terme (FI)
Data Controller’s email address: info@poggioaigrilli.it

Types of Data Collected

Complete details on each type of data collected are provided in the dedicated sections of this privacy policy. Personal Data may be freely provided by the User, or, in the case of Usage Data, collected automatically when using the site. Unless otherwise specified, all requested Data is mandatory. If the User refuses to communicate them, it may be impossible to provide the service. In cases where certain Data is optional, Users are free to refrain from communicating such Data without any impact on the availability or operation of the Service. Users who are unsure about which Data is mandatory are encouraged to contact the Data Controller. The use of Cookies or other tracking tools by this site or by the third-party service providers used by this site is intended, unless otherwise specified, to provide the Service requested by the User. The User is responsible for any third-party Personal Data obtained, published, or shared through this site and guarantees they have the right to communicate or disclose it, releasing the Data Controller from any liability toward third parties.

METHOD AND LOCATION OF DATA PROCESSING

Purposes of Collected Data Processing

The User’s data is collected to allow the Data Controller to provide its Services, as well as for the following purposes: Statistics, Newsletter, Personalized Advertising, Accounting, Content and Functionality Performance Testing, Interaction with Social Networks and External Platforms, Display of Content from External Platforms, and Interaction with Data Collection Platforms and other third parties. For further detailed information on the purposes of processing and the Personal Data relevant to each purpose, the User may refer to the relevant sections of this document.

Processing Methods

The Data Controller takes appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of Personal Data. The processing is carried out using IT and/or telecommunication tools, with organizational methods and logic strictly related to the purposes indicated. In addition to the Data Controller, other parties involved in the organization of this site (administrative, commercial, marketing, legal, system administrators) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communication agencies) may also have access to the data and, if necessary, be appointed as Data Processors by the Data Controller. An updated list of these Data Processors may always be requested from the Data Controller.

Legal Basis of Processing

The Data Controller processes Personal Data relating to the User if one of the following conditions applies:

  • The User has given consent for one or more specific purposes;
  • The processing is necessary for the execution of a contract with the User and/or for any pre-contractual obligations thereof;
  • The processing is necessary to comply with a legal obligation to which the Data Controller is subject;
  • The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller;
  • The processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party.

It is always possible to request the Data Controller to clarify the specific legal basis of each processing and, in particular, to specify whether the processing is based on the law, required by a contract, or necessary to conclude a contract.
Location

The Data is processed at the Data Controller’s operational offices and in any other places where the parties involved in the processing are located. For further information, please contact the Data Controller. The User’s Personal Data may be transferred to a country other than their own. To find out more about the place of processing, the User may refer to the section detailing the processing of Personal Data. The User has the right to obtain information on the legal basis of the transfer of Data outside the European Union or to an international organization governed by public international law or set up by two or more countries, such as the UN, as well as on the security measures taken by the Data Controller to protect the Data. If any such transfer occurs, the User may refer to the respective sections of this document or inquire with the Data Controller.

Retention Period

Data is processed and stored for as long as required by the purposes for which it was collected:

  • The Personal Data collected for purposes related to the execution of a contract between the Data Controller and the User will be retained until such contract has been fully performed.
  • The Personal Data collected for purposes related to the legitimate interests of the Data Controller will be retained as long as needed to fulfill such purposes. The User may obtain further information regarding the legitimate interests pursued by the Data Controller within the relevant sections of this document or by contacting the Data Controller.

When processing is based on the User’s consent, the Data Controller may retain the Personal Data for a longer period until such consent is withdrawn. Additionally, the Data Controller may be obliged to retain Personal Data for a longer period in compliance with a legal obligation or by order of an authority. Upon expiry of the retention period, Personal Data shall be deleted. Therefore, the right of access, erasure, rectification, and the right to data portability cannot be enforced after the retention period has expired.
Details on the Processing of Personal Data

Personal Data is collected for the following purposes and using the following services:

  • Mailing List or Newsletter
    By registering for the mailing list or newsletter, the User’s email address is automatically added to a contact list to which email messages containing information, including commercial and promotional information, may be transmitted. The User’s email address may also be added to this list as a result of signing up to this site or after requesting a quote. Personal Data collected: email, first name, and last name.
  • Contact Form

    By filling in the contact form with their Data, the User consents to its use to reply to requests for information, quotes, or any other kind indicated by the form’s header. Personal Data collected: first name and last name, email (required fields), phone, and various types of Data.

  • Registration to Access Reserved Area

    By filling in the registration form with their Data, the User consents to its use to create a unique account for various functions on the site (e.g., responding to requests for information, quotes, or e-commerce). Personal Data collected: first name and last name, email (required fields), phone, and various types of Data.

  • Interaction with Social Networks and External Platforms

    These services allow interaction with social networks or other external platforms directly from this site. Interactions and information acquired are always subject to the User’s privacy settings for each social network. If a social network interaction service is installed, it may collect traffic data for the pages where it is installed, even if Users do not use the service.

    • Facebook Social Widgets (Facebook Inc.)
      Facebook social widgets are services allowing interaction with the Facebook social network, provided by Facebook, Inc. Personal Data collected: Cookies and Usage Data. Data Processing Location: USA – Privacy Policy.
    • YouTube Social Widgets (Google Inc.)

      YouTube social widgets are services allowing interaction with the YouTube platform, provided by Google Inc. Personal Data collected: Cookies and Usage Data. Data Processing Location: USA – Privacy Policy.

  • Remarketing and Behavioral Targeting
    These services allow the site and its partners to inform, optimize, and serve advertising based on past use of this site by the User. This activity is performed by tracking Usage Data and Cookies, information that is transferred to the partners that manage the remarketing and behavioral targeting activity.
    • Remarketing with Google Analytics for Display Advertising (Google Inc.)
      Google Analytics for Display Advertising is a remarketing and behavioral targeting service provided by Google Inc., which links the tracking activity performed by Google Analytics and its Cookies. Personal Data collected: Cookies and Usage Data. Data Processing Location: USA – Privacy Policy.
  • Statistics
    The services contained in this section enable the Data Controller to monitor and analyze traffic data and to track User behavior.
    • Google Analytics (Google Inc.)
      Google Analytics is a web analysis service provided by Google Inc. (“Google”). Google uses the collected Personal Data to track and examine the use of this site, compile reports, and share them with other services developed by Google. Google may use the collected Personal Data to contextualize and personalize the ads of its advertising network. Personal Data collected: Cookies and Usage Data. Data Processing Location: USA – Privacy Policy – Opt Out.

Additional Information about Personal Data
Privacy Policy

By filling in the contact form with their Data, the User consents to its use to respond to requests for information, quotes, or any other purpose indicated by the form’s header.

User Rights

Under Articles 15 – 21 of EU Regulation 2016/679, each interested party is granted several rights.

  • Right of Access: the interested party, under Article 15, has the right to obtain confirmation of the existence of their personal data being processed and, if so, to access it and obtain a copy. They also have the right to access information such as the purpose of processing, categories of recipients, data retention period, and the rights exercisable.
  • Right to Rectification: the interested party, under Article 16, has the right to obtain the rectification of inaccurate personal data concerning them or the integration of incomplete data.
  • Right to Erasure: the interested party has the right to obtain the erasure of their personal data without undue delay if one of the grounds in Article 17 applies.
  • Right to Restriction of Processing: the interested party has the right to restrict processing in the cases provided for in Article 18 of Regulation 2016/679.
  • Right to Data Portability: the interested party has the right to receive in a structured, commonly used, and machine-readable format the personal data concerning them and has the right to transmit such data to another controller without hindrance, as provided in Article 20 of Regulation 2016/679;
  • Right to Object to Processing: the interested party has the right to object to the processing of personal data concerning them as provided in Article 21 of Regulation 2016/679.

The interested party also has the right to lodge a complaint with the competent supervisory authority, the Privacy Guarantor. Requests related to the rights listed above should be made in writing to the Data Controller. The Data Controller will respond promptly to requests to exercise the rights of the interested parties, within the time limits set by current legislation.