Privacy & Cookie Policy

This regulation describes the information we process to provide our services or to guarantee the maximum useful service to our customers


As required by the European Union Regulation n. 679/2016 (“GDPR”), the information required by the legislation relating to the processing of personal data is provided below to the user (“Data Subject”)

1. The Data Controller and Data Processing Manager

The owner and manager of personal data processing is Azienda Agricola Montemelino di Sabina Cantarelli, via Fonte Sant’Angelo 15, 06069 Tuoro sul Trasimeno, P.I. 07918410965

2. What data we process

The owner collects and/or receives information concerning the interested party, such as:

Personal data

Name, surname, physical address, nationality, province and municipality of residence, landline and/or mobile phone, tax code, email address(es), social network contacts

Social data of companies, associations, public bodies, freelancers

Company Name or Name of VAT number, VAT number, Fiscal Code, registered and administrative office, Name and Surname of the Contact Persons, Address(es), email address of the contact persons, telephone number(s), social network contacts

Traceable traffic data

Log, source IP address, generic statistical data, social network connection data

The owner does not ask the interested party to provide data c.d. “particular”, i.e., according to the provisions of the GDPR (art. 9), personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, data biometrics intended to uniquely identify a natural person, data relating to the health or sex life or sexual orientation of the person.

3. Why we need your data

The data we request from you are used for these purposes:

— process the registration request and the contract for the supply of the selected Service and/or the purchased Product —

The processing of the personal data of the interested party, in this case, we need to register you in our list of customers and to comply with the legal obligations to which we must comply.
These data will also be used for the sending invoices or other documents necessary for the correct performance of our task as suppliers of services or products.
These data will be entered into our management database and will be used only and exclusively to continue our collaboration relationship with the interested party

— manage and execute contact requests forwarded by the interested party and provide assistance—

The processing of such data takes place at your explicit request and consent to answer your questions. These are data that are processed only following a request from the interested party

The legal basis of these treatments is the fulfillment of the services inherent in the request for registration, information and contact and/or sending of informative material and compliance with legal obligations.

— Provide suggestions on further activities concerning the Services/Products similar or complementary to those purchased by the interested party (art.47 GDPR —

The data controller, even without the explicit consent of the interested party, may use the contact details communicated only for Services/Products similar to those being sold, unless the interested party explicitly objects.

— Provide suggestions on additional activities different from the services/products purchased —

In this case, the data will be processed only and exclusively if the interested party has given consent.
The processing can take place through automatic systems for sending emails, text messages or telephone contact

— !!! Identification data not provided (Art. 13  GDPR) !!! —

If the interested party does not provide the identification data necessary to follow up on the requests received or following the completed form, the Data Controller will not be able to follow up on the processing related to the management of the services requested and/or the contract and the Services/Products connected to it, nor to the obligations that depend on them.

— Consent denied for other uses other than those relating to the management of the contractual relationship —

If the interested party does not give his consent to the use of the data in order to receive information or specifications on promotional activities, the consent remains for the performance of those activities necessary for the management of the contractual relationship

The data provided by the interested party will not be disclosed to third parties

4. How we collect data

The Data Controller collects personal data in several ways:

  • Through automatic data collection systems that track information on the navigation of our website in an aggregated manner. We need this to carry out statistics and analyzes on all those who are interested in our services. This information may also be collected through software or plugins external to our website
    (so-called “Cookies” –> See point 9. of this text)
  • Through forms that the site user can freely decide to leave in order to be contacted or informed
  • Through the modules necessary for our ecommerce to be able to best carry out our online sales activity
  • Through the estimate request collection forms
  • Through one-to-one meetings at fairs, events, initiatives or contacts

Explicit consent is requested in all these methods. In the case of offline data retrieval, the consent will be countersigned, in the case of online data retrieval, the consent takes place when you click on the “Submit” link (or similar words)

5. Where is this data kept

The data being processed is stored in two ways:

  • The data collected through our website will be entered into a database within the website and on servers provided by Aruba Business srl (Read the Aruba Business privacy policy here
  • The data collected offline will be stored in special files on the PCs of the registered or operational headquarters of our company

6. How is this data protected

Data collected from the website

The data collected by us through the Internet site are protected by access passwords of the Internet site administrators only.
The Internet site has two protection systems.
The first is a system of encryption of the Internet site through the https protocol. The protection certificate is provided by Let’s Encript, supplied by the company Aruba Business Spa.
The second is an Internet site protection system supplied by WordFence, which:

  1. Prevents entry to any unauthorized person
  2. Blocks access in case of use of “banned” passwords because they are considered “hacked”

The data is all located on the servers of Aruba Business Spa

7. How long we keep the data

In general, the personal data of the interested party will be kept for as long as they are necessary with respect to the legitimate purposes for which they were collected, except for legitimate and specific requests for cancellation.

In particular, they will be kept for 20 years in the case of personal data collected for the purpose of carrying out activities related or similar to the services or products sold

Instead, in the case of data provided to the Data Controller for the purposes of commercial promotion for services other than those already acquired by the interested party, for which he initially gave consent, these will be kept for 48 months, always subject to withdrawal of consent lent.

Regardless of the interested party’s decision to remove them, personal data will in any case be stored according to the terms established by current legislation and/or national regulations, for the exclusive purpose of guaranteeing the specific fulfillment of certain Services ( by way of example but not limited to, Certified Electronic Mail, Digital Signature, Substitutive storage – in this regard, see the relevant section).

Furthermore, personal data will in any case be kept for the fulfillment of obligations (e.g. tax and accounting) which remain even after the termination of the contract (art. 2220 of the civil code); for these purposes, the Data Controller will only keep the data necessary for its prosecution.

Without prejudice to the cases in which the rights deriving from the contract and/or from the registration in the registry office have to be asserted, in which case the personal data of the interested party, exclusively those necessary for these purposes, will be processed for the time indispensable to their pursuit.

8. Rights of the interested party (articles 15 – 20 GDPR)

The interested party has the right to obtain from the data controller, if requested, the data available to the Data Controller regarding the interested party (so-called right to data “portability”)

Furthermore, the interested party may request to be canceled from any database or other data storage location, or the eventual correction of some of these data, at any time and without having to provide any justification for this request.

For any information or need, however, the interested party can directly contact the Data Controller or Data Processor at the addresses referred to in point 1 of this document.

The maximum time established by law for the Data Controller to fulfill requests in this regard is 1 month

Furthermore, the interested party can lodge a complaint with the competent supervisory authority on Italian territory (Authority for the protection of personal data) or with the one that performs its duties and exercises its powers in the Member State where it is the violation of the GDPR occurred.

9. Cookies and services provided by third parties

The Data Controller uses third parties to carry out certain functions and activities specifically requested by third parties.

This operator was chosen for its particular characteristics of reliability, safety and service.

If the interested party wishes to assert their rights on the information present on these servers, they have the right to do so and can directly contact the contacts indicated in point 1 of this Privacy Policy.

The cookies present on our website are as follows

General information on the management of Cookies

Cookies are data that are sent from the website and stored by the internet browser on the user’s computer or other device (for example, tablet or mobile phone). The interested party can manage and disable the management of cookies directly from the browser he uses.

Below you can see how to manage the cookies of the main most popular browsers on the net:

Technical cookies and third-party cookies may be installed from our website or its subdomains.

In any case, the user can manage, or request the general deactivation or cancellation of cookies, by changing the settings of his internet browser. However, this deactivation may slow down or prevent access to some parts of the site.

Three types of cookies: technical cookies, third-party cookies, profiling cookies.

Technical cookies

These are all those cookies that allow the safe and efficient use of our site.

Technical cookies, in fact, are essential for the correct functioning of our website and are used to allow users to navigate normally and to use the advanced services available on our website.

The technical cookies used are divided into session cookies, which are stored only for the duration of navigation until the browser is closed, and persistent cookies which are saved in the memory of the user’s device until they expire or are canceled by of the same user.

Third-party cookies

  • Preamble: Other types of Cookies or third-party tools that may use them

Some of the services listed below collect statistics in aggregate form and may not require the User’s consent or could be managed directly by the Owner – depending on what is described – without the help of third parties.

If among the tools indicated below there were services managed by third parties, these could – in addition to what is specified and also without the knowledge of the Owner – perform User tracking activities. For detailed information in this regard, it is advisable to consult the privacy policies of the services listed.

  • Interaction with external social networks and platforms

These services allow you to interact with social networks, or with other external platforms, directly from the pages of this Application. The interactions and information acquired by this Application are in any case subject to the User’s privacy settings relating to each social network. In the event that an interaction service with social networks is installed, it is possible that, even if the Users do not use the service, the same collects traffic data relating to the pages in which it is installed.

Like button and social widgets for Facebook (Facebook, Inc.)

The Facebook “Like” button and social widgets are services allowing interaction with the Facebook social network, provided by Facebook, Inc.
Personal data collected: Cookies and usage data.
Place of treatment: USA –

Tweet button and social widgets of Twitter (Twitter, Inc.)

The Tweet button and Twitter social widgets are services allowing interaction with the Twitter social network, provided by Twitter, Inc.
Personal data collected: Cookies and usage data.
Place of processing: USA –

Google Analytics (Google Inc.)

Google Analytics is a web analytics service provided by Google Inc. (“Google”). Google uses the Personal Data collected for the purpose of tracking and examining the use of this Application, compiling reports and sharing them with other services developed by Google.
Google may use the Personal Data to contextualize and personalize the ads on its network advertising.
Personal data collected: Cookies and usage data.
Place of processing: USA – https: //
The user can selectively disable the action of Google Analytics by installing the opt-out component provided by Google on his browser. To disable the action of Google Analytics, please refer to the link below dlpage/gaoptout?hl=en

Google Maps Widget (Google Inc.)

Google Maps is a map visualization service managed by Google Inc. that allows this Application to integrate such contents within its pages.
Personal data collected: Cookies and Usage Data.
Place of processing: USA – =en

YouTube (Google Inc)

YouTube is a map visualization service managed by Google Inc. which allows this Application to integrate such contents within its web pages
Personal data collected: Cookies and Usage data.
Place of processing: USA – /yt/about/policies/#community-guidelines
Indications to manage or disable cookies:

Facebook Pixels (Facebook Ireland Limited)

The Facebook Pixel is a widget that allows the tracking of visits and activities carried out by the user on the Internet site, when access to the Facebook APP is open. This widget allows you to analyze the data in an aggregate way and create targeted advertising campaigns
Personal data collected: Cookies and usage data.
Place of processing: Ireland
To set your privacy on Facebook in a different way just click here

Profiling cookies

They can be installed by the owner/s, using so-called software. web analytics, profiling cookies, which are used to prepare detailed and real-time analysis reports relating to information on: visitors to a website, search engines of origin, keywords used, language used, most visited pages.

They may collect information and data such as IP address, nationality, city, date/time, device, browser, operating system, screen resolution, browsing origin, pages visited and number of pages, duration of visit, number of visits made.

Notwithstanding the foregoing, the Owner informs that the User can use Your Online Choices from this link http: //
Through this service it is possible to manage the tracking preferences of most of the advertising tools. The Owner therefore advises Users to use this resource in addition to the information provided in this document.