Privacy Policy – Eng

Privacy Policy of Villadiloro.it

INFORMATION ON THE PROCESSING OF PERSONAL DATA
for users browsing the Villadiloro.it website regarding personal data protection

in accordance with Article 13 of Regulation (EU) 2016/679

At Villadiloro.it, user privacy is of utmost importance. This Privacy Policy outlines the types of data collected and how it is used, disclosed, transferred, and/or stored by the Website.

This site collects certain personal data from its users. Users may be subject to different levels of protection; some users, therefore, enjoy higher protection. Further information on protection criteria can be found in the section on applicability.

Data Controller

If you have any questions regarding this privacy policy, you can contact us using the details below.

FATTORIA DI LORO di Claudio Fabbrizzi
Via Jacopo della Quercia, 105
Empoli – 50053 (FI)
VAT: 03475880484
Phone: 335 650 8199

Our users may submit requests concerning personal data protection, privacy, and security to Villadiloro.it at fattoriadiloro@gmail.com.

Types of Data Collected

You may visit our site anonymously.

Among the types of personal data collected by Villadiloro.it, either independently or through third parties, are: Cookies, Usage Data, Email, Name, and various types of Data.

Complete details on each type of data collected are provided in the dedicated sections of this privacy policy or through specific information texts displayed prior to the data collection. Personal Data may be freely provided by the User or, in the case of Usage Data, collected automatically while using the site.
When Villadiloro.it indicates that some Data is optional, Users are free to refrain from communicating such Data without this affecting the availability or operation of the Service.
Users who are uncertain about which Data is mandatory are encouraged to contact the Data Controller. The use of Cookies – or other tracking tools – by Villadiloro.it or by third-party service providers used by Villadiloro.it, unless otherwise specified, is intended to provide the User with the requested Service, as well as for additional purposes described in this document and, if available, in the Cookie Policy.

The User assumes responsibility for any third-party Personal Data obtained, published, or shared through Villadiloro.it and warrants that they have the right to communicate or share it, thereby freeing the Data Controller from any liability towards third parties.

Methods and Location of Data Processing

Methods of Processing

The Data Controller processes the Users’ Personal Data by adopting appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of Personal Data.

The processing is carried out using IT and/or telematic tools, with organizational methods and logics strictly related to the purposes indicated.

In addition to the Data Controller, in some cases, other categories of people involved in the operation of the site (administrative, commercial, marketing, legal, system administrators) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communication agencies) may have access to the Data. They may also be appointed, if necessary, as Data Processors by the Data Controller. The updated list of Data Processors can always be requested from the Data Controller.

Legal Basis for Processing

The Data Controller processes Personal Data relating to the User if one of the following conditions applies:

• The User has given consent for one or more specific purposes; Note: In some jurisdictions, the Data Controller may be allowed to process Personal Data without requiring the User’s consent or another legal basis specified below, until the User objects (“opt-out”) to such processing. However, this is not applicable where the processing of Personal Data is subject to European legislation on the protection of Personal Data.
• Processing is necessary for the performance of a contract with the User and/or for any pre-contractual obligations.
• Processing is necessary to comply with a legal obligation to which the Data Controller is subject.
• Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller.
• Processing is necessary for the legitimate interests pursued by the Data Controller or by a third party.

It is always possible to request that the Data Controller clarify the specific legal basis of each processing activity, particularly if processing is based on the law, provided for by a contract, or necessary to conclude a contract.

Location

Data is processed at the operational offices of the Data Controller and in any other location where the parties involved in the processing are located. For more information, please contact the Data Controller. The User’s Personal Data may be transferred to a country other than the one where the User is located. To obtain further information about the location of processing, Users may refer to the section detailing Personal Data processing.

The User is entitled to obtain information regarding the legal basis for Data transfers outside the European Union or to an international organization of public international law or formed by two or more countries, such as the UN, and the security measures adopted by the Data Controller to protect the Data.

If such a transfer takes place, the User can refer to the respective sections of this document or inquire with the Data Controller using the contact details provided in the opening.

Retention Period

Data is processed and retained for the time required for the purposes for which it was collected.

Thus:

• Personal Data collected for purposes related to the performance of a contract between the Data Controller and the User shall be retained until the contract has been fully performed.
• Personal Data collected for purposes attributable to the legitimate interests of the Data Controller shall be retained until such interest is satisfied. Users may obtain further information regarding the legitimate interest pursued by the Data Controller in the relevant sections of this document or by contacting the Data Controller.

When processing is based on the User’s consent, the Data Controller may retain Personal Data longer until such consent is withdrawn. Furthermore, the Data Controller may be obligated to retain Personal Data for a longer period in compliance with a legal obligation or by order of an authority.

At the end of the retention period, Personal Data will be deleted. Therefore, at the end of this period, the rights of access, deletion, rectification, and the right to data portability can no longer be exercised.

Purpose of the Collected Data Processing

User Data is collected to allow the Data Controller to provide its Services, as well as for the following purposes: Analytics, managing contacts and sending emails, payment handling, interacting with social networks and external platforms, contacting the User, SPAM protection, affiliate marketing, landing page and invitation page management, performance testing of content and functionality (A/B testing), user database management, session recording, interacting with online survey platforms.

For further detailed information on the purposes of processing and the specific Personal Data relevant to each purpose, Users may refer to the relevant sections of this document.

Details on Personal Data Processing

Personal Data is collected for the following purposes and through the following services:

Contact Form (This Site)

By filling in the contact form with their Data, the User authorizes its use to respond to requests for information, quotes, or any other kind indicated by the form header.

Personal data collected: Email and Name.

Mailing List or Newsletter Management

These services allow managing a database of email contacts, phone contacts, or any other type of contact, used to communicate with the User. These services might also enable data collection regarding the date and time the User views messages, as well as the User’s interaction with them, such as click information on links embedded in messages.

Contact Form 7

Contact Form 7 is a form creation and management service provided by Rock Lobster, LLC, enabling this site to integrate such content into its pages.

Personal data collected: Email and Name. Various types of Data as specified in the privacy policy of the service.

Place of processing: Japan – Privacy Policy

SPAM Protection

These services analyze the traffic of this Site, potentially containing Users’ Personal Data, in order to filter it from parts of traffic, messages, and content recognized as SPAM.

Akismet (Automattic Inc.)

Akismet is an anti-SPAM service provided by Automattic Inc.

Personal data collected: Various types of Data as specified in the privacy policy of the service.

Place of processing: USA – Privacy Policy

Wordfence Security – Firewall & Malware Scan

Cerber is an anti-SPAM and malware scan service provided by Cerber Tech Inc.

Personal data collected: Various types of Data as specified in the privacy policy of the service.

Place of processing: USA – Privacy Policy

Google Fonts (Google Inc.)

Google Fonts is a font display service managed by Google Inc., allowing this Site to integrate such content into its pages.

Personal data collected: Cookie and Usage Data.

Place of processing: USA – Privacy Policy

Google Maps (Google Inc.)

Google Maps is a map display service managed by Google Inc., allowing this Site to integrate such content into its pages.

Personal data collected: Cookie and Usage Data.

Place of processing: USA – Privacy Policy

RSS Feed Management

These services allow the management of RSS feeds and the distribution of their content. Depending on the characteristics of the service used, these services may also be used to insert advertisements within the content and collect statistical data on them.

Google Analytics (Google Inc.)

Google Analytics is a web analytics service provided by Google Inc. (“Google”). Google uses the collected Personal Data to track and examine the use of this Site, compile reports, and share them with other Google-developed services. Google may use the Personal Data to contextualize and personalize the ads of its own advertising network.

At the following link https://tools.google.com/dlpage/gaoptout?hl=en, Google provides the browser add-on for opting out of Google Analytics.

Personal data collected: Cookie and Usage Data.

Place of processing: USA – Privacy Policy – Opt-Out

User Rights

Users may exercise certain rights regarding their Data processed by the Data Controller.

In particular, the User has the right to:

• Withdraw their consent at any time. The User may withdraw consent to the processing of their Personal Data previously given.
• Object to the processing of their Data. The User may object to the processing of their Data when it is carried out on a legal basis other than consent. Further details on the right to object are indicated in the section below.
• Access their Data. The User has the right to obtain information on the Data processed by the Data Controller, on certain aspects of the processing, and to receive a copy of the Data processed.
• Verify and request rectification. The User can verify the accuracy of their Data and request that it be updated or corrected.
• Obtain the restriction of processing. When certain conditions are met, the User can request the restriction of the processing of their Data. In this case, the Data Controller will not process the Data for any purpose other than its storage.
• Obtain the deletion or removal of their Personal Data. When certain conditions are met, the User may request the deletion of their Data by the Data Controller.
• Receive their Data or have it transferred to another controller. The User has the right to receive their Data in a structured, commonly used, and machine-readable format and, if technically feasible, to obtain its transfer without hindrance to another controller. This provision is applicable when the Data is processed with automated tools and the processing is based on the User’s consent, a contract to which the User is a party, or pre-contractual obligations connected to it.
• Lodge a complaint. The User can lodge a complaint with the data protection authority or take legal action.

Details on the Right to Object

When Personal Data is processed in the public interest, in the exercise of official authority vested in the Data Controller, or to pursue a legitimate interest of the Data Controller, Users have the right to object to the processing for reasons related to their particular situation.

Users should note that, where their Data is processed for direct marketing purposes, they may object to that processing without providing any justification. To determine if the Data Controller processes Data for direct marketing purposes, Users may refer to the respective sections of this document.

How to Exercise Rights

To exercise their rights, Users may address a request to the Data Controller at the contact details indicated in this document. Requests are filed free of charge and processed by the Data Controller as soon as possible, in any case within one month.

Applicability of a Higher Level of Protection

While most provisions of this document apply to all Users, some are expressly subject to the applicability of a higher level of protection for the processing of Personal Data.

This higher level of protection is always guaranteed when the processing:

• is carried out by a Data Controller based in the EU; or
• concerns Personal Data of Users located in the EU and is related to the offering of goods or services, whether for payment or free of charge, to such Users; or
• concerns Personal Data of Users located in the EU and allows the Data Controller to monitor the behavior of such Users to the extent that such behavior takes place within the European Union.