The following information is provided pursuant to:
- art. 13 Code of privacy Legislative Decree 30.6.2003 n. 196,
- art. 13 EU General Regulation n. 679/2016 on the processing of personal data (GDPR);
- of the Recommendation n. 2/2001 that the European authorities for the protection of personal data, gathered in the Group established by art. 29 of the directive n. 95/46 / EC, adopted on 17 May 2001 to identify certain minimum requirements for the collection of personal data online, and, in particular, the methods, timing and nature of the information that the data controllers must provide to the users when they connect to web pages, regardless of the purpose of the link;

and is valid for the site agricolatina.com (from this moment "site") and not also for other websites that may be consulted by the user through links on the site.

This page describes how to manage the site in relation to the processing of personal data of users who consult it, browse it or use it according to the possibilities granted and the services offered by the site itself.

The treatment is always based on principles of lawfulness and fairness in compliance with all current regulations and appropriate security measures are adopted to protect data.

1) CONTROLLER, RESPONSIBLE AND RESPONSIBLE FOR TREATMENT Following consultation, navigation or use of this site, data relating to identified or identifiable natural or legal persons may be processed.

The controller of their treatment is:
Azienda Agricola "Tina"
via N. Sauro, 12 - 84091 - BATTIPAGLIA (SA)
info@agricolatina.com

Persons in charge of data processing are: other subjects or the categories of subjects who, within the scope of the purposes illustrated in this statement, may become aware of the data or to which they may be communicated, as they are involved in the organization of the site and in the management of the activity, appointed by the data controller or by the controller, external parties, also appointed, if necessary, Data Processors by the Data Controller.

The data may also be communicated to Public Authorities, Police Forces or other Public and Private Parties, but only if it is indispensable in order to comply with legal obligations, regulations or Community legislation.

Users are invited to avoid the inclusion of sensitive data (that is to say data suitable to reveal racial and ethnic origin, religious, philosophical or other beliefs, political opinions, membership of parties unions, associations or organizations of a religious, philosophical, political or trade union nature, as well as personal data capable of revealing the state of health and sex life) and superfluous judiciary because this could lead to the destruction of the message.

2) PLACE AND MODALITY OF DATA PROCESSING

The treatments connected to the web service of this site take place at the aforementioned office and are handled by the Data Controller, by the Data Processors and by the Data Processors. authorized to the treatment appointed by them, at their offices. Eventually, a further processing site may also be elected, including the hosting service provider, due to site maintenance needs. The data will be treated in confidence, through automated tools, and will in no way be disseminated to unauthorized third parties, will not be disclosed, disseminated or transferred abroad, or to third countries (non-EU).

3) PURPOSE AND LEGAL BASIS OF TREATMENT, STORES OF STORAGE OF PERSONAL DATA COLLECTED AT THE INTERESTED

The collection of personal data collected from the interested party takes place in an "explicit" manner, ie interested, after reading this information, will have to accept it by voluntarily ticking the check-box relating to the wording that confirms the reading and acceptance of the same, before giving their personal data and allowing its treatment. Failure to check the checkbox implies or may result in the inability to receive and process the data by the Owner, with the consequent possible inability to provide the services requested by the interested party during navigation, registration and any other action on the site may involve the need to process personal data, which remain user identification data necessary for the proper operation of the site and to be able to use the services provided by the platform and as identified and listed below. Personal data, unless explicitly specified, will be processed by the Data Controller, Data Processor and Trustees of the processing, if authorized, unless otherwise specified. Such data may be necessary for the data subject to take advantage of certain features and services made available by the site, for the following purposes:

- Registration to the site and addresses and / or company / corporate data
Purpose and legal basis of processing:
the identification data required to create an account for the take advantage of the opportunity to purchase on the website, ie name, surname, full address, email address, telephone number, possibly company name and VAT number, if the customer is a company. The submission of the request is subject to the specific, free and informed consent (reference Art. 6 GDPR) documented through a special check-box to be checked (reference Art.7 GDPR). After registration you can receive emails regarding information on the activity voluntarily concluded by the interested party (for example, after the purchase of a product, the status of an order can be notified as being processed, shipped, etc.).
Data retention period:
The data are stored until the request for cancellation of the interested party, unless there are special legal and fiscal obligations. The password for the account has the same retention period, but is encrypted.
Communication scope:
The data are processed by the owner, responsible and in charge of processing regularly authorized. The name, surname, addresses, e-mail address and telephone number could be assigned to mail services and / or couriers for the delivery of purchase orders of the interested party. These services may also send communications to interested parties regarding the status of delivery.
Conferment: the provision of data relating to the mandatory fields is necessary to use the services offered by the site.

- Sending messages via contact form
Purpose and legal basis of processing: Identification and contact data are required to be able to respond promptly to requests forwarded by interested, such as email address and possibly order reference. The submission of the request is subject to the specific, free and informed consent (GDPR-Art.6, comma1, lett.a) documented through a special check-box (GDPR-Art.7, comma1).
Data retention period: The data are kept for times compatible with the purpose of the collection and are not stored on the database, but used to provide a response to the request of the interested party.
Conferment: The provision of data related to the mandatory fields is necessary to obtain an answer, while the optional fields are designed to provide useful elements to interpret the request.

- Data provided voluntarily by the user
The optional, explicit and voluntary sending of e-mail and / or ordinary mail to the addresses indicated on this site entails the subsequent acquisition of the sender's address, necessary for respond to requests, as well as any other personal data included in the message. If the sender sends his / her curriculum to submit his / her professional application, he / she remains solely responsible for the relevance and accuracy of the data sent. It should be noted that any curriculum without the authorization to process data will be immediately deleted.

4) PURPOSE AND LEGAL BASIS OF TREATMENT, TIME OF STORAGE OF PERSONAL DATA NOT OBTAINED AT THE INTERESTED PARTY Personal identification data will be processed exclusively by the Data Controller, Data Processor and Trustees authorized if not otherwise specified. Such data may be necessary for the data subject to take advantage of certain features and services made available by the site, for the following purposes:

- Access log
Purpose and legal basis of processing
: Access logs are used to keep track of entries on the site, for control and security operations. The IP addresses and access times are saved. These data are not directly related to an identified or identifiable person, due to the widespread use of dynamic IP.
Data retention period: the logs are kept for 10 years or until cancellation on any request or need, which may occur before the scheduled time frame.
Communication scope: The data are processed by the owner, responsible and in charge of processing regularly authorized. Only in the case of an investigation can they be made available to the competent authorities.
Conferment: The data are not conferred by the interested party but acquired automatically by the technological systems of the site.

- Abandoned Carts
Purpose and legal basis of treatment: Abandoned trolleys are used to monitor the proper functioning of the site (to help understand why a user adds products to the cart but do not purchase).
Data retention period: the data are retained until a request for cancellation of the interested party.
Conferment: The data are not conferred by the interested party but acquired automatically by the site's technological systems.
NOTE: In case of use of abandoned carts for remarketing operations, the interested party will be informed and must give consent to receive notifications about abandoned carts and can unsubscribe at any time through a special link or request cancellation from the reception service of this type of remarketing.

- Browsing data The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of protocols of Internet communication. This is information that is not collected to be associated with identified individuals, but which by their very nature could - through processing and association with data held by third parties - allow users to be identified. This category of data includes IP addresses or domain names of the computers used by users connecting to the site, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters related to the operating system and the user's computer environment. By visiting the site the following information is automatically collected: 1. User's hostname. The hostname or Internet Protocol address of the user requesting access to the site. 2. HTTP header, and the string "user agent" which includes: the type and version of the browser used and the operating system with which the browser works. 3. System date. The date and time of the user's visit. 4. Complete request. The exact request formulated by the user. 5. Content lenght. The consistency, in bytes, of every document sent to the user. 6. Method. The request mode used. 7. Universal Resource Identifier (URI). The location of resources on the server. 8. The Request string of the URI, that is, everything that is after the question mark in the URI. 9. Type of device used for consulting the site. 10. Protocol. The transmission protocol and the version used.
Purpose and legal basis of processing: These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning. The data could also be used to ascertain responsibility in case of hypothetical computer crimes against the site (legitimate interests of the owner).
Data retention period: Data is typically stored for short periods of time, ie from a single session up to 2 years after the visit of the page, with the exception of any extensions related to activities of investigation.
Communication scope: The data are processed by the owner, responsible and in charge of processing regularly authorized. Only in the case of an investigation can they be made available to the competent authorities.
Conferment: The data are not conferred by the interested party but acquired automatically by the site's technological systems.

5) PRIVACY REGARDING COOKIES Cookies are small text strings that the sites visited by the user send to his terminal (usually to the browser), where they are stored before being re-transmitted to the same sites at the next visit of the same user. For more detailed information, please refer to the page of this website dedicated to the extended information on Cookies, also visible via the link at the bottom of all the pages of the Website.


Cookies that do not identify the user

For these cookies, of a technical nature, there is no consent, but only the dedicated information, as they do not identify the user nor make it identifiable, and are necessary for the proper use of the site.

- First-party browsing or session cookies : guarantee the normal navigation and use of the website (allowing, for example, to make a purchase or authenticate to access restricted areas): Our site uses non-persistent technical cookies for the sole purpose of improving your browsing experience and allowing faster access to the site.
- Functionality cookies ,
which allow the user to navigate according to a series of selected criteria (for example, the language, the products selected for purchase) in order to improve the service rendered to the same.
- Analytical cookies,
similar to technical cookies when used directly by the site operator to collect information, in aggregate form, on the number of users and how they visit the site;

Cookies that can identify the user

For these cookies, consent is given by the user, who can choose to disable them with the appropriate "Disable Cookies" button in the brief Cookies or through the configuration of your browser in use (see the extensive information on cookies on this site). They are mostly third-party cookies, created, installed and readable by a site other than the one the user is visiting, and whose data are stored at the third party and for which the cookies and data processing policy of the third. The duration of these cookies goes from the single session to two years from the page visit. Users can check which cookies are used by third parties, and if necessary deactivate them by visiting the link related to the information on Cookies. Please note that the deactivation or blocking of some or all cookies can affect the complete use of the site or, more generally, its consultation.
No cookies on this site identify users.

6) DATA SECURITY MEASURES Specific security measures are observed to prevent data loss (through the use of backups), illicit or incorrect use and unauthorized access (through 'use of password).
The site is also provided with an Https / SSL security certificate.
The physical server, on which the personal data resides, is located in Milan (Italy), protected by a double UPS system, a motor for uninterruptible power supply for prolonged blackouts, temperature and humidity monitoring, distributed extinguishing system, 24/7 surveillance and 365 days a year, registered and controlled accesses. If it has been provided to the interested party or the interested party has chosen a password to access certain parts of our website, the person concerned is directly responsible for keeping this password confidential, forcing not to share it with anyone.

7) NOTIFICATION OF VIOLATIONS OF PERSONAL DATA (Reference Articles 33 and 34 GDPR) Pursuant to art. 33 GDPR The Data Controller or the Data Processor will notify the Supervisory Authority of any violation of personal data of which they become aware and if from such violation risks arise for the rights and freedoms of the data subjects, within 72 hours and in any case without unjustified delay.
Pursuant to art. 34 GDPR if the breach of data security presents a high risk for the rights and freedoms of natural persons, the Data Controller shall inform the data subject of the violation, without justified delay, with the exception of the cases referred to in paragraph 3 of the art. 34 GDPR.

8) RIGHTS OF THE INTERESTED PEOPLE

Right of withdrawal of consent (reference Art. 7 GDPR) The interested party has the right to revoke the consent previously granted, considering that the withdrawal of consent does not affect the lawfulness of the treatment based on consent before the revocation. In the event of a request for revocation, the data of the interested party will be deleted, except for the need to continue the processing (for a different legal basis or for example tax obligations).

Right to access data of the interested party (reference Art. 15 GDPR) The interested party can independently view their personal data from the panel dedicated to him, if registered. Furthermore, the data subject has the right to obtain from the data controller confirmation that the processing of personal data concerning him is underway and, in this case, to obtain access to his / her data. If personal data are transferred to a third country or to an international organization, the data subject has the right to be informed of the existence of adequate guarantees regarding the transfer.

Right of rectification (reference Art. 16 GDPR) The interested party can modify his personal data independently from the panel dedicated to him, if registered. The interested party also has the right to obtain from the data controller the correction of their personal data not accurate without unjustified delay. Taking into account the purposes of the processing, the data subject has the right to obtain the integration of incomplete personal data, also by providing an additional declaration.

Right of cancellation or right to be forgotten (Reference Art. 17 GDPR) The data subject has the right to obtain from the data controller the deletion of their personal data without undue delay. The holder will delete such personal data, upon request, without undue delay. If the data controller has made public personal data is obliged to delete them, taking into account the available technology and implementation costs, taking reasonable steps to inform the other data controllers who are processing the personal data of the data subject, the request for the latter to delete any link, copy or reproduction of his personal data.
It is emphasized that the right of cancellation may not apply if the treatment is necessary for:
- the exercise of the right to freedom of expression and information,
- for fulfillment a legal obligation,
- for reasons of public interest in the public health sector,
- for public archival purposes, for scientific, historical or statistical purposes,
- for assessment, exercise or defense of a right in court.

Right to limit the processing (reference Art. 18 GDPR) With the right to limit the treatment the interested party may request the limitation of use of their data, excluding the storage of the same. This limitation can be exercised not only in case of violation of the conditions of lawfulness of the processing, but also if the person concerned appeals to the right of rectification (pending the latter) or opposes the processing of his data (pending evaluation by the holder of this opposition).

Notification obligation (reference Art. 19 GDPR) The data controller will communicate to each of the recipients to whom the personal data have been transmitted, any corrections, deletions or limitations of the processing requested by the concerned, provided that this does not prove impossible or involves a disproportionate effort. The data controller, if asked to do so, will inform the recipient of the recipients of his personal data to which he / she must transmit his / her wish to exercise his / her right.

Right to data portability (reference Art. 20 GDPR) The data subject has the right to receive data concerning him / her in a structured, commonly used and automatically readable format. he is provided to the data controller, without impediments, provided they do not damage the rights and freedoms of others and if they are processed in an automated format (paper archives are excluded). Portability does not result in data deletion.

Opposition right (reference Art. 21 GDPR) The interested party has the right to oppose at any time, for reasons related to his particular situation, the processing of personal data concerning him / her, including profiling. In this case the holder will refrain from further processing the personal data of the data subject who availed himself of the right of opposition, unless he demonstrates the existence of legitimate and mandatory reasons for proceeding with the processing that prevails over the interests, rights and freedom of the interested party or for the establishment, exercise or defense of a right in court.

Complaints and remedies before competent administrative and judicial authorities. If the interested party considers that the processing of data concerning him / her has not respected, for any reason, the provisions prescribed by Legislative Decree no. n. 196/2003 and by the EU Reg. N. 679/2016, or believes that the rights enjoyed on the basis of the aforementioned provisions of the law have been violated, may promote Complaints before the Supervisory Authority and / or promote Appeals before the competent judicial bodies, pursuant to art. 77, 78 and 79 (GDPR), as well as the right to obtain compensation for any damage as per art. 82 (GDPR).

9) MODES OF EXERCISE OF RIGHTS The interested party who wants to take advantage of the data access rights and the right of rectification can freely and at any time access his own user area to independently view and rectify the data that has been released and processed by the site.

The interested party may also request the exercise of the previous and all other rights by informing the Data Controller of the Azienda Agricola "Tina" at the address info@agricolatina.com

The deadline for replying to the interested party is, for all rights (including the right of access), 1 month, which can be extended up to 3 months in cases of particular complexity (pursuant to Article 12 of the GDPR). The Data Controller or the Data Processor will in any case give feedback to the data subject within 1 month of the request, even in case of refusal.

The exercise of rights is, in principle, free to the data subject, but there may be exceptions. It is up to the owner to evaluate the complexity of the reply to the interested party and to establish the amount of the contribution to be requested from the interested party, but only if the requests are manifestly unfounded or excessive, in particular due to their repetitive nature; if more "copies" of personal data are requested in the case of the right of access, the holder could take into account the administrative costs incurred. The holder has the right to request information necessary to identify the person concerned, and the latter has the duty to provide it, in an appropriate manner. The reply to the interested party, unless otherwise indicated by the interested party, will normally be in writing, in an electronic format in common use. The feedback can be given orally if so requires the interested party.

10) MINORS

The consent of minors is valid from 16 years; before this age, the consent of the parents or of those who take their place must be collected.

Update of the Privacy Policy It should be noted that this information may be subject to periodic review, also in relation to the relevant legislation and jurisprudence, therefore, the interested party is invited to periodically consult the present policy. This page is visible, through the link at the bottom of all the pages of the Site pursuant to art. 122 second paragraph of Legislative Decree no. 196/2003 and following the simplified procedures for the information and the acquisition of consent for the use of cookies published in the Official Gazette no. 126 of 3 June 2014 and the related register of measures n.229 of 8 May 2014. < / p>

Last updated: May 2018