Pursuant to Art. 13 d. lgs. June 30, 2003 No. 196 – “Personal Data Protection Code” and Art. 13 GDPR 679/2016 – “European Regulation on the Protection of Personal Data” laying down provisions for the protection of natural persons with regard to the processing of personal data and the free movement of such data, we wish to inform you that the personal data you provide will be processed in compliance with the above-mentioned legislation and the confidentiality obligations to which the Data Controller is bound.


Processing of personal data means any operation or set of operations, whether or not involving automated processes, applied to personal data or sets of personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, comparison or interconnection, restriction, erasure or destruction.


This notice is given to customers, whether they are individuals or individuals acting on behalf of legal entity customers


  1. Identity and contact details of the data controller

Nome: Azienda Agricola ANDREEV ILIJA

Address: Loc. Borgonuovo, 1 – 12050 SINIO (CN


  1. Legal basis, methods and purposes of processing – mandatory or optional nature of providing data – consequences of not providing data

The legal basis for processing is contractual or arising from the law;

The data are processed, in hard copy or by computer tools, for the fulfillment of contractual obligations, for the performance of pre-contractual activities as well as for the fulfillment of obligations arising from the law, regulations or any other national or EU regulatory source; in this case, the provision of data by the data subject is a necessary requirement for establishing the contractual relationship with the Holder, and its refusal results in the impossibility of reaching such a relationship;

the data may also be processed for commercial and marketing purposes such as promotion of its business activities and the products processed: in this case explicit consent will be requested from the data subject


  1. Data Source.

The personal data processed are those provided by the data subject in connection with:

– visits to the sites;

– Interactions through the website;

– inquiries, including by e-mail;

– previous transactions.


  1. Data dissemination

Personal data processed by the Controller will not be disseminated, i.e., will not be made known to unspecified parties, in any possible form, including making them available or mere consultation. They may, however, be communicated to some external parties who collaborate with them. They may also be disclosed, to the extent strictly necessary, to parties who, for purposes of processing purchases or other requests or performance of services related to the transaction or contractual relationship with the Controller, must provide goods and/or perform services or services. Finally, they may be communicated to the subjects entitled to access them by virtue of provisions of the law, regulations, and EU regulations. Specifically, based on their roles and job duties, some workers have been empowered to process personal data, within the limits of their competencies and in accordance with the instructions given to them by the Data Controller.


  1. Transfer of data to a third country (non-EU) or international organizations

The Data Controller does not transfer personal data to third countries or international organizations. However, it reserves the right to use cloud services; in which case, service providers will be selected from among those who provide adequate guarantees, as stipulated in Art. 46 GDPR 679/16.


  1. Period of retention of personal data

The retention period of your personal data is established for a period of time not exceeding the achievement of the purposes for which they are collected and processed and in compliance with the timeframes prescribed by law, without prejudice to your right to request the deletion of the data from our files at any time.

Thereafter, personal data will be kept, and not further processed, for the time stipulated by current civil and tax regulations

  1. Rights of the data subject

At any time you may exercise, pursuant to Articles 15-22 of the GDPR the right to:

  • Request confirmation of whether or not personal data is being processed concerning you;
  • obtain access to the above data and information about the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be disclosed, and the storage period;
  • Obtain rectification or erasure of data, restriction of processing, or object to processing;
  • The right to file a complaint with the Privacy Guarantor or any other competent supervisory authority;
  • where the data have not been collected from you, the right to obtain any available information about their origin;
  • Obtain portability of data, i.e., receive them from a data controller, in a structured, commonly used, machine-readable format, and transmit them to another data controller without hindrance;
  • where the processing is based on your consent to data processing, you shall have the right at any time to revoke the aforementioned consent, without affecting the lawfulness of the processing of the data processed prior to such revocation;


The exercise of the above rights may be exercised by sending emails to the following address: specifying the subject of your request, the right you wish to exercise, and attaching a photocopy of an identity document attesting to the legitimacy of the request.


  1. Data access

Your data may be made accessible, for the purposes mentioned in point 2:

  • to employees and collaborators of the Owner, in their capacity as data processors;
  • to third-party companies or other entities that perform outsourcing activities on behalf of the Data Controller, in their capacity as Data Processors (e.g., accountant, software management company, bank, etc.); the list of Data Processors is available at the Data Controller’s office;


  1. Consent to treatment

For processing and communication to third parties, Art. 6 GDPR requires a specific manifestation of consent only when:

  • The processing is not necessary for the performance of the contract or the execution of pre-contractual measures taken at the request of the data subject;
  • Processing is not necessary to fulfill a legal obligation;
  • Processing is not necessary to safeguard the vital interests of the data subject or other natural person;
  • Processing is not necessary for the execution of a public interest;

Once consent has been given, it can be revoked at any time.



  1. Withdrawal of consent

With reference to Art. 23 of Leg. 196/2003 and Art. 6 of GDPR 679/16, the data subject may revoke any consent given at any time. However, the processing that is the subject of this notice is lawful and permitted, even in the absence of consent, insofar as it is necessary for the performance of a contract to which the data subject is a party (the supply relationship) or the fulfillment of his or her requests.

  1. Automated decision-making processes

The Owner does not carry out processing that consists of automated decision-making processes on the data of clients who are natural persons, or of natural persons acting on behalf of and for members who are legal persons.


  1. Special data

Special data, also known as sensitive data, are those which, according to Art. 9 GDPR, reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data intended to uniquely identify a natural person, data relating to a person’s health or sex life or sexual orientation.

The processing of such data is prohibited unless arising from legal obligations, the specific cases stipulated in Art. 9 GDPR or if the data subject has not given explicit consent.


After careful analysis and evaluation, this company has decided not to designate the DPO