Privacy Policy
Home / Privacy Policy
Personal Data Processing Notice pursuant to Articles 13 and 14 of EU Regulation 679/2016
(GDPR)
1. DATA CONTROLLER AND PERSON RESPONSIBLE FOR PROCESSING
Data controller: Società Agricola il Conventino di Monteciccardo sas
di Marcantoni Francesca, VAT number: 02342680416, email: info@cmbio.it, website: https://
conventinomonteciccardo.bio
(hereinafter the “website”).
The data controller reserves the right to appoint data processors pursuant to Art. 28
GDPR.
2. PURPOSE OF PROCESSING
Data is collected and processed exclusively for the following purposes:
A. Managing the contact form on the website;
B. Direct marketing (newsletter);
3. TYPES OF PERSONAL DATA PROCESSED
The data collected and processed to fulfil the purposes referred to in point 2 belong to the
following categories:
• simple personal data (Art. 4 GDPR), such as: email addresses,
telephone numbers, identification, registry and billing data, data relating to the sector of activity, to the
name, the type of activity carried out and the purposes pursued.
4. LEGAL BASIS FOR PROCESSING (Art. 6 GDPR)
The legal basis for data processing, with regard to the purpose listed in point 2 A, is the
contract entered into between the data controller and the data subject and the performance of
pre-contractual measures taken at the data subject’s request. With regard to the purpose in point 2,
letter B, the legal basis for processing is the legitimate interest of the data
controller, consisting of the sale of products and services similar to and/or improved compared to those already
offered by the data controller and used by the data subject. For types of processing not
falling within the aforementioned legitimate interest, the data controller will proceed only on the basis of the
data subject’s consent.
5. RECIPIENTS OF THE PROCESSING
The personal data collected and processed will be disclosed to third parties other than the data
controller and the data processors only where strictly necessary to
pursue the purposes set out in point 2 or where required by law.
Such recipients process Customers’ data as data controllers, data processors, or persons in charge of
processing, depending on the circumstances.
To carry out its work and the tasks assigned to it, the data controller makes use
of collaborators who act as data processors and provide
sufficient guarantees to implement appropriate technical and organisational measures in compliance with the
obligations under the GDPR.
5. a) CATEGORIES OF RECIPIENTS
Recipients within the meaning of point 5 include, by way of example: cloud service providers,
lawyers, employment consultants, accountants, and public authorities.
6. TRANSFER OF DATA ABROAD
Should it prove necessary to transfer data outside Italian territory, the data controller
undertakes to limit such transfer to within the European Union.
6. a) The transfer of data to Third Countries outside the European Union will take place only where
strictly necessary and only to providers offering adequate guarantees for
the protection of personal data.
7. DURATION OF PROCESSING
The data collected will be kept until the purposes indicated in point 2 are achieved and,
in any case, for no longer than 10 years from their achievement, for accounting and legal defence
purposes, pursuant to Articles 2220 and 2946 of the Italian Civil Code.
8. RIGHTS OF THE DATA SUBJECT
The data subject may exercise the following rights by contacting the data controller directly:
• right of access pursuant to Art. 15 GDPR;
• right to rectification pursuant to Art. 16 GDPR;
• right to erasure (right to be forgotten) pursuant to Art. 17 GDPR;
• right to restriction of processing pursuant to Art. 18 GDPR;
• right to data portability pursuant to Art. 20 GDPR;
• right to object pursuant to Art. 21 GDPR;
• right to withdraw consent at any time pursuant to Art. 7 GDPR, without
affecting the lawfulness of processing based on consent given before its withdrawal;
The rights listed may be exercised by sending a communication to the data controller
using the contact details given in point 1.
The rights listed may be subject to limitations in the cases expressly provided for by Art. 2-undecies
of Legislative Decree 196/2003.
9. RIGHT TO OBJECT (Art. 21 GDPR)
The data subject has the right to object at any time, on grounds relating to their particular
situation, to the processing of personal data concerning them pursuant to Article 6(1),
points (e) or (f). The data controller shall refrain from further processing the personal data, unless
it demonstrates compelling legitimate grounds for the processing which
override the interests, rights, and freedoms of the data subject, or for the establishment,
exercise, or defence of a legal claim.
10. OBLIGATION TO NOTIFY IN THE EVENT OF RECTIFICATION OR ERASURE OF
PERSONAL DATA OR RESTRICTION OF PROCESSING (Art. 19 GDPR)
The data controller shall notify each recipient to whom personal
data have been disclosed of any rectification, erasure, or restriction of processing carried out pursuant
to Article 16, Article 17(1), and Article 18 GDPR, unless this proves
impossible or involves disproportionate effort. The data controller shall inform
the data subject of these recipients if requested to do so.
11. COMMUNICATIONS
The Data Controller undertakes to notify any breaches concerning the
data subject’s personal data to the Italian Data Protection Authority and, where the breach is
likely to result in a high risk to the rights and freedoms of individuals, to the
data subject, pursuant to Articles 33 and 34 GDPR.
12. RIGHT TO LODGE A COMPLAINT WITH THE SUPERVISORY AUTHORITY (Art. 77 GDPR)
Without prejudice to any other administrative or judicial remedy, a data subject who believes
that the processing of data concerning them infringes the GDPR has the right to lodge a complaint with the
supervisory authority for the protection of personal data, specifically in the Member State of the
European Union in which they habitually reside, work, or in the place where the alleged
infringement occurred.
13. RIGHT TO AN EFFECTIVE JUDICIAL REMEDY (Art. 19 GDPR)
Without prejudice to any other available administrative or extra-judicial remedy, including the right to
lodge a complaint with a supervisory authority pursuant to Article 77 GDPR, every data subject has the
right to an effective judicial remedy where they believe their rights
have been infringed as a result of processing.
Proceedings against the data controller or the data processor shall be
brought before the courts of the Member State in which the data controller or
the data processor has an establishment. Alternatively, such proceedings may be
brought before the courts of the Member State of the European Union in which
the data subject habitually resides, unless the data controller or the
data processor is a public authority of a Member State acting in the exercise of public powers.
14. TECHNICAL COOKIES
The website uses technical cookies, which are necessary for browsing within it,
as they enable the execution of essential functions. Technical cookies cannot be
disabled, as this would cause the site to malfunction.