Privacy policy

Privacy Policy

Pursuant to Articles 13 and 14 of EU Regulation 2016/679 ("Regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data")

The company La Provenzale S.r.l., with registered office at Via Garibaldi no. 70, San Marco dei Cavoti (BN), VAT no. 00841850621, represented by its legal representative Mr. Donato Fiorelli, in its capacity as Data Controller (hereinafter, the "Controller"), informs you, pursuant to Art. 13 of Legislative Decree 30.06.2003, no. 196 (hereinafter, the "Privacy Code") and Art. 13 of EU Regulation no. 2016/679 (hereinafter, the "GDPR"), that your personal data will be processed in the following ways and for the following purposes:

Source of Personal Data

Personal data is collected directly from you or from public or private records.

Purpose of the Processing

The Controller ensures the protection of your personal data and complies with applicable data protection laws (Privacy Code and GDPR 2016/679). Your personal data is processed confidentially and shared with third parties only as provided in this Policy or with your consent.
We process the personal data you provide when using the website and/or after registering on the website. In particular, we process:

  • personal, identifying and non-sensitive data (in particular: name, surname, tax code, VAT number, email, phone number – hereinafter "personal data" or simply "data") directly provided by you through registration and/or when requesting the services offered;

  • data not directly provided by you – but collected within the limits set by Art. 14, paragraph 5, GDPR – related to the use of Internet communication protocols (e.g., page access, amount of data transferred, status messages, session ID numbers, IP addresses, URLs, etc.). Such data allows us to reconstruct your navigation path on the site.

Purposes of Processing

Your personal data is processed:
A) Without your express consent (Art. 24 letters a), b), c) of the Privacy Code and Art. 6 letters b), e) of the GDPR) for the following Service Purposes:

  • to process a contractual or pre-contractual request;

  • to perform pre-contractual measures adopted at your request;

  • to generate internal statistics;

  • to comply with tax obligations arising from existing relationships;

  • to fulfill legal, regulatory, EU or Authority requirements;

  • to safeguard vital interests of the data subject or another individual;

  • to perform tasks of public interest or in the exercise of official authority vested in the Controller;

  • to prevent or detect fraudulent activities or abuses harmful to the website;

  • to pursue the legitimate interests of the Controller or third parties within the limits of Art. 6, letter f) GDPR;

  • to exercise the Controller’s rights (e.g., the right of legal defense).

B) Only with your specific and unequivocal consent (Articles 23 and 130 of the Privacy Code and Art. 7 GDPR) for Marketing Purposes, namely:

  • sending newsletters, commercial communications and/or advertising material via email about products and/or services different from or unrelated to those already purchased.

Nature of Data Provision

Providing your data for the purposes listed in section 2, letter A (i and ii) is mandatory. Failure to provide such data prevents us from registering you on the website or fulfilling your requests.
Providing data for the purposes in section 2, letter B (Marketing) is optional. You may choose not to provide data or withdraw consent at any time. In such cases, you will no longer receive newsletters but will still be able to use our services and remain registered on the website.

Processing Methods

Processing of your personal data is carried out through the operations indicated in Art. 4 of the Privacy Code and Art. 4, no. 2 of the GDPR, namely: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, erasure and destruction.
Your data will be processed lawfully, fairly, and transparently, using both manual and automated means suitable to ensure security and confidentiality, preventing data loss, unauthorized access, unlawful use or disclosure.

Data Retention Period

Personal data will be processed for as long as necessary to fulfill the purposes described above and no longer than 2 years from collection for marketing purposes. After this period, the data will be deleted or anonymized.

Data Access

Personal data processed by the Controller will not be disseminated or disclosed to unspecified parties. However, it may be communicated to employees or external collaborators of the Controller. In particular, your data may be made accessible to:

  • employees and collaborators of the Controller, consultants authorized to manage the website and provide related services (e.g., customer service, IT department), as internal data processors or system administrators;

  • third-party companies or individuals (e.g., banks, professional firms, consultants, insurance companies) performing outsourcing activities on behalf of the Controller as external processors or authorized persons.
    Your data may also be communicated to entities entitled to access it by law or regulation.

Data Communication

Without your express consent (Art. 24 letters a), b), d) of the Privacy Code and Art. 6 letters b), c) GDPR), the Controller may communicate your data to supervisory bodies, judicial authorities, or any entities to which disclosure is mandatory by law for the above purposes.

Data Transfer

Management and storage of personal data will take place on servers owned by the Controller and/or third parties duly appointed as Data Processors, located within the European Union and compliant with Articles 45 et seq. of the GDPR.
Currently, servers are located within the EU, and no transfer outside the EU is foreseen. Should it become necessary to move the servers within or outside the EU, such transfer will always comply with Articles 45 et seq. of the GDPR and ensure an adequate level of protection via standard contractual clauses approved by the European Commission.

Browsing Data

The website’s systems and software procedures may acquire certain personal data during normal operation, the transmission of which is implicit in the use of Internet communication protocols. These data are not collected to identify users but could, through processing and association, allow user identification (e.g., information about operating system and IT environment).
They are used solely to obtain anonymous statistical information on website use, verify proper functioning, and are deleted immediately after processing. Such data may be used to ascertain responsibility in case of hypothetical cybercrimes against the website.

Cookies

When you use our website, cookies are stored on your computer. Cookies are small text files that store information and are widely used to make websites work more efficiently and improve the user experience. Our site uses cookies that remain on your computer for varying durations. Some expire at the end of a session, while others remain longer to enhance your future visits.
Web browsers allow you to control cookies through settings. Most browsers allow you to block or delete cookies, but this may result in loss of certain preferences or features. Please refer to your browser’s technical documentation for instructions. Disabling cookies may cause parts of the website to function incorrectly or more slowly.

Data Subject Rights

As a data subject, you have the rights set out in Art. 7 of the Privacy Code and Art. 15 of the GDPR, including:

  • confirmation of the existence of personal data concerning you, and their communication in intelligible form;

  • information on the source of data, processing purposes and methods, logic applied in case of automated processing, identification details of the Controller, and entities to whom the data may be disclosed;

  • updating, rectification, integration, deletion, anonymization, or blocking of unlawfully processed data;

  • objection, in whole or in part, to the processing of data for legitimate reasons or for marketing purposes (including automated or traditional means).

Where applicable, you also have the rights set out in Articles 16–21 of the GDPR (right to rectification, erasure, restriction, data portability, and objection), as well as the right to lodge a complaint with the competent Data Protection Authority.

Exercising Your Rights

You may request access, rectification, deletion, integration, or restriction of processing of your data; receive your data in a structured, commonly used, machine-readable format; withdraw your consent at any time; and object, in whole or in part, to the use of your data.
You also have the right to lodge a complaint with the competent Supervisory Authority (in Italy, the Garante Privacy) if you believe processing violates data protection laws.
To exercise your rights, please email info@laprovenzale.it.

Minors

If the person providing the data is under 16 years of age, processing is lawful only to the extent that consent is given or authorized by the holder of parental responsibility.

Data Controller

The Data Controller is La Provenzale S.r.l., with registered office at Via Garibaldi no. 70, San Marco dei Cavoti (BN), VAT no. 00841850621, represented by Mr. Donato Fiorelli.
An updated list of processors and authorized persons is kept at the Controller’s registered office.

Changes to this Policy

This Privacy Policy may be subject to changes. You are therefore advised to review it regularly and refer to the most updated version.

San Marco dei Cavoti, 28/05/2020