Privacy Policy

INFORMATION REGARDING THE PROCESSING OF PERSONAL DATA

pursuant to Article 13 of the Regulation (EU), 2016/679

1. WHY IS THIS INFORMATION NECESSARY?

Pursuant to the Regulation (EU) 2016/679 (hereinafter referred to as the “Regulation”), this document describes the methods for processing the personal data of users who consult the websites of CALUGI S.r.l. accessible by electronic means at the following website address:

www.tartufi.it

This information does not concern other websites, pages or online services that can be reached through hypertext links that may be published on the websites but refer to resources outside the domain of the Data Controller.

This Policy is also valid as information for the purposes of the processing of cookies in compliance with the Provision of the Supervisory Authority no. 229 of 08 May 2015.

2. DATA CONTROLLER

Following consultation of the website listed above, data relating to identified or identifiable natural persons may be processed.

In this regard, we inform you that the Data Controller is CALUGI S.r.l. with headquarters in Via Cerbioni, 38-50051 Castelfiorentino (FI) Telephone:0571/672185: 571/672185
Email: calugi@tartufi.it

3. LEGAL BASIS OF THE PROCESSING AND STORAGE TERMS

The Data Controller, in accordance with Art. 5.1 e) of the GDPR (General Data Protection Regulation), shall process the data provided by you for the entire duration of the performance of the services requested and shall retain them for the following 12 months for the purpose of completing administrative activities, as well as for the terms necessary to comply with legal obligations.

4. PLACE OF DATA PROCESSING AND DATA TRANSFER

The processing carried out by the Data Controller with the data collected from this website through the forms provided or sent voluntarily, takes place at the registered office of the Controller mentioned above, and is only handled by personnel appointed for this purpose or by any persons appointed for occasional maintenance operations. Your personal data will also be processed within the territory of the European Union. Should it become necessary, for technical and/or operational reasons, to make use of subjects located outside the European Union, or should it be necessary to transfer some of the collected data to technical systems and services managed in the cloud and located outside the European Union area, the processing will be regulated in compliance with the provisions of Section V of the Regulation and authorised in accordance with specific decisions of the European Union. All necessary precautions will therefore be taken in order to guarantee the fullest protection of personal data, basing such transfer: a) on adequacy decisions of the third country recipients expressed by the European Commission; b) on adequate guarantees expressed by the third-party recipient pursuant to art. 46 of the Regulation; c) on the adoption of company restrictions, the so-called Corporate binding rules.

5. TYPES OF DATA PROCESSED, PURPOSES OF THE PROCESSING AND RETENTION PERIODS

The collection of information via the website may be carried out in one of the following ways:
a) Explicit methods
b) Implicit methods
c) Information sent voluntarily by the data subject.

5.1. EXPLICIT METHOD OF ACQUIRING INFORMATION

This information is collected through an explicit request when you use the website and may include: your name, address, telephone number, email address, etc. This information is requested when you order a product, request a service, participate in promotional activities, fill out questionnaires, and join the virtual community, etc. When you visit a section of the website that requires the acquisition of personal data, an explicit request to this effect will appear and you will be invited to give your consent if required.

5.2. IMPLICIT METHOD OF ACQUIRING INFORMATION

5.2.1. Surfing data

The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data the transmission of which is implicit in the use of Internet communication protocols and which are not in any way used or managed by the Data Controller.
This information is not collected in order to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes the IP addresses or domain names of the computers used by users connecting to the website, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters relating to the user’s operating system and computer environment.
Other information collected in this way may concern: the “Uniform Resource Locator” (URL) of the website from which the user has connected, which pages of the website have been visited, which is the next URL to which the user has connected, and which browser was used to reach the website.
These data, necessary for the use of the web services, are also processed in aggregate form, in order to

  • obtain statistical information on the use of the services (most visited pages, number of visitors per time slot or per day, geographical areas of origin, etc.);
  • check the correct functioning of the services offered.
    Browsing data do not persist for more than 26 months and are deleted immediately after their aggregation (except for any need to ascertain crimes by the judicial authorities).

5.2.2. COOKIES

What are cookies
Cookies are information entered on your browser when you visit a website or use a social network with your personal computer, smartphone or tablet. Each cookie contains a variety of data, for example, the name of the server used, a numeric identifier, etc. The cookies may remain in the system for the duration of a session (until the browser is closed which has been used to navigate on the web) or for longer periods and they may contain a unique identifying code.

What are they used for
Cookies are used to perform computer authentication, session tracking and store specific information about users accessing a web page. They are often useful because they can make browsing and using the web faster and more convenient, for example by facilitating certain procedures when shopping online, when gaining authentication to restricted areas or when a website automatically recognises the language you usually use.

How are cookie classified?
Cookies are classified as:

  • Technical: : these are the cookies that serve the purpose of carrying out the navigation or providing a service requested by the user. They are not used for any other purpose and are normally installed directly by the website owner. Without the sphere of use of these cookies, some operations may not be carried out or could be more complex and/or less secure, such as home banking activities (viewing account statements, bank transfers, paying bills, etc.), for which cookies which allow the user to be identified and maintained during the session, are essential. The use of such cookies does not require the user’s prior consent;
  • Profiling: : these are the cookies used to track the navigation of the user on the web and create profiles on their tastes, habits, choices, etc. These cookies can be used to send the advertising messages to the user’s terminal which are in line with the preferences already expressed by the user when surfing online. The use of these cookies requires the prior acquisition of the user’s free, informed consent.
  • Third party cookies: it may also happen that a web page contains cookies coming from other websites and contained in various elements hosted on the page itself, such as advertising banners, images, videos, maps or specific links to web pages of other domains residing on servers other than the one on which the requested page is located. In other words, these cookies are set directly by operators of websites or servers other than this specific website. We speak, in these cases, of so-called third-party cookies, which are usually used for profiling purposes. The use of these cookies requires the prior acquisition of the user’s free, informed consent.

5.2.2.1. Cookies and other tracking systems present

Cosa sono i cookies
On the websites managed as indicated above, no cookies are used for profiling users, nor are any other tracking methods employed. Only session (non-persistent) cookies are used in a manner strictly limited to what is necessary for the safe and efficient navigation on the websites. The storage of session cookies in your terminal equipment or browser is under your control. The information relating to cookies is recorded in the logs of the services, with a storage period of no more than 90 days, just like the other navigation data. In addition, the website contains links to the most common social platforms such as Facebook, Instagram, etc., managed by third parties. To this end, we inform you that no information of any kind is stored and for further information, please refer to the specific privacy policies of the various social networks. Pursuant to the Provision of the Privacy Supervisory Authority dated 8 May 2015 published in the Official Journal no.126 on 3 June 2014, cookies cannot be freely installed on users’ terminals, but are required to comply with a series of regulations. The table below contains the types of cookies used on our website:

COOKIES PRESENT ON THE WEBSITE AND THE SUBJECTS WHO MANAGE THEM This table lists the various types of cookies on our website and for each one we indicate whether they are managed directly by us or by third parties. If the cookie is managed by a third party, not only do we not see the data stored, but we have no possibility to intervene. For this reason, you will find a link to their information and consent forms.
CONSENT COOKIES TYPE COOKIE MANAGER DESCRIPTION AND LINKS TO THIRD-PARTY INFORMATION
TECHNICIANS PROFILING CONTROLLER THIRD PARTY
NO Session cookie X X The use of the so-called session cookies is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to enable the safe and efficient exploration of the website.
The so-called session cookies used on this website avoid the use of other computer techniques that could potentially compromise the confidentiality of the users’ navigation and they do not allow the acquisition of personal data which could identify the user.
The information collected in aggregate form is anonymous and makes it possible to analyse the type of traffic on the website. Over time, this can help improve the content and make it easier to use.
Most browsers automatically accept cookies, but it is also possible to refuse them altogether or selectively accept only some of them, by acting on the preferences of your own browser.
If the user inhibits the loading of cookies, some components of the website may not be available, and some of the pages may be incomplete.

NO Google analytics X X In order to improve the website and understand which parts or elements are most popular with users, we use third-party Google Analytics cookies as an anonymous and aggregate analysis tool. We are not the owners of these cookies, so for more information please see the information provided by Google
NO Widget social network X X The website integrates the main Social Networks through scripts made available by the same networks. These scripts may use Cookies in order to facilitate the sharing of content on social networks or interaction with other members.
These types of cookies are managed by the different companies that are part of the individual Social Networks, each of which is responsible for their own cookies.
You can find out more about the published privacy policies on the following links:

• Facebook: http://www.facebook.com/policy.php
• Instagram: https://instagram.com/about/legal/privacy/

NO Essential technical cookies for statistics and perform-
ance analysis
X X These cookies allow us to know in which way visitors use the website, so that we can assess and improve its operation and encourage the production of content that best meets the information needs of our users. For example, they allow us to know which pages are the most and least frequented. They take into account, among other things, the number of visitors, the time spent on the website by the average user, and the way in which they arrive on the website. This allows us to know what is working well and what to improve, as well as ensuring that the pages load quickly and are displayed correctly. All information collected by these cookies is anonymous and not linked to your personal data. In order to perform these functions on our websites, we use third-party services that anonymise the data so that it cannot be traced back to individuals (so-called “single-in”). Where there are services that are not fully anonymized, you will find them listed among the third-party cookies for which you can refuse consent as a guarantee of protecting your privacy.

In addition, you also have other options to browse without cookies acting directly on your browser.

Blocking third-party cookies

Third-party cookies are generally not essential for browsing, so you can refuse them by default, through the appropriate functions on your browser.

Activating the Do NotTrack option

The Do Not Track option is present in most of the latest generation of browsers. Websites designed to comply with this option should automatically stop collecting some of your browsing data when it is activated. As mentioned, however, not all websites are set up to respect this (discretionary) option.

Activating the ‘anonymous surfing’ mode

With this function you can navigate without leaving any trace of your navigation data on the browser. Websites will not remember you, the pages you visit will not be stored in your history, and any new cookies will be deleted.
However, anonymous navigation does not guarantee anonymity on the Internet, as it only serves to keep your navigation data out of your browser, whereas your navigation data will continue to be available to website operators and connectivity providers.

Directly deleting cookies

There are functions for this on all browsers. However, remember that new cookies are downloaded every time you connect to the Internet, so you should delete them periodically. If you wish, some browsers offer automated systems to delete cookies periodically.

Configuring cookie management in the browser
The main browsers allow you to modify the settings for managing cookies. It is possible to decide to: allow cookies to be saved by websites, deny cookies altogether, and decide which cookies to accept.
These settings vary depending on the browser used to navigate, following are links to the information pages of the most popular:
• Chrome: http://support.google.com/chrome/answer/95647?hl=it&hlrm=en
• Firefox: http://support.mozilla.org/it/kb/Attivare%20e%20disattivare%20i%20cookie
• Internet Explorer: http://windows.microsoft.com/it-IT/windows-vista/Block-or-allow-cookies
• Safari: https://support.apple.com/kb/PH19214?viewlocale=it_IT&locale=it_IT
• Opera: http://help.opera.com/Windows/10.20/it/cookies.html
• Google Analytics downloading a specific plug-in of the browser

For more information on the use of cookies by third-party services and further instructions on how to manage cookies on your browser, please visit the following address: http://www.youronlinechoices.com/it/

If you decide to set your browser to refuse cookies on this website, please note that some of the features may not be available and access to some of the sections may be limited.

5.3. INFORMATION SENT VOLUNTARILY BY THE DATA SUBJECT

The optional, explicit, and voluntary sending of messages to the Data Controller’s contact addresses, as well as the filling in and forwarding of the forms present on the websites, imply the acquisition of the contact data of the sender, necessary for replying, as well as all the personal data included in the communications.
Specific information will be published on the pages of the Data Controller’s websites set up to provide certain services.

5.4. LINKS TO OTHER WEBSITES

The website may contain links to third-party websites. When you use these links, you are entering an environment that is not under the control of our organization, and we are not responsible for the content you may encounter there or for the privacy practices employed. This policy does not extend to the privacy practices of linked sites. It is advisable to carefully examine the procedures of each website you visit. In addition, those websites may independently send their own cookies to users, collect data or request personal information.

6. PURPOSES OF THE DATA PROCESSING

The purposes of the data processing are understood as the reasons, the scope for which the data is collected. Depending on these purposes, in certain cases it may be necessary to obtain your prior consent in order to proceed with their collection and subsequent processing. In case this is required, it will be explicitly requested so that you can grant your consent for all or only some of the processing.

6.1. Purposes for which consent is not required:

a. Navigation data
These data are only used to obtain anonymous statistical information on the use of the website and to check its correct functioning and they are deleted immediately after being processed. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the website.
b. b. Personal data provided voluntarily by users processed as a result of requests for a service or for other purposes.
These data will only be used for the purpose and for the time strictly necessary for performing the service or providing what is requested and they may, for this reason, be communicated to third parties (e.g., couriers for the shipment of the products requested, other consultants needed to respond to your requests, etc.), or to persons within our organisation (e.g., office staff, production staff, etc.).
c. c. Processing of information relating to traffic (which does not allow personal identification).
These data are used on an aggregate, non-personalised basis to analyse user behaviour in order to understand how visitors use the website and to measure interest in the various pages. This makes it possible to improve the content of the website and to simplify its consultation.

7. RECIPIENTS OF THE DATA

Personal data will not be disclosed but may be communicated where necessary for the provision of the service to third parties (such as third-party technical service providers, postal couriers, hosting providers, IT companies) appointed, if necessary, as Data Processors by the Data Controller for tasks of a technical or organisational nature which are instrumental to the provision of services.
Access to the data is also allowed to categories of the Data Controller’s appointees involved in the organisation for data processing (administrative, sales, marketing, customer service, system administrators). An updated list of the Data Processors can always be requested from the Data Controller.
This is without prejudice to the right of communication to third parties subject to specific and optional consent.

8. RIGHTS OF THE DATA SUBJECTS

The Data Controller guarantees that you can exercise your rights under Article 12 of the GDPR at any time. In particular you have the right:
– to know whether the Controller holds and/or processes personal data relating to you and to access them in full, also by obtaining a copy of the same (Art. 15 Right of access),
– to the rectification of inaccurate personal data or the integration of incomplete personal data (Art. 16 Right to Rectification);
– to the deletion of personal data held by the Data Controller if one of the reasons set out in the GDPR applies (Right to Erasure, Art. 17);
– to ask the Controller to limit the processing only to some personal data, if one of the reasons provided for by the Regulation exists (Art. 18, Right to Restriction of Processing);
– to request and receive all your personal data processed by the Controller, in a structured, commonly used, and machine-readable format, or to request transmission to another Controller without hindrance (Art. 20, Right to Data Portability);
– to oppose in whole or in part the processing of data for the purpose of sending advertising material and carrying out market research (so-called Consent) (Art. 21 Right to object)
– to oppose in whole or in part to the processing of data in automatic or semi-automatic mode for profiling purposes (so-called Consent)
These rights may be exercised by notifying the Data Controller, whose contact details are indicated in the relevant section of this notice.

9. RIGHT TO COMPLAIN

Data subjects who believe that the processing of their personal data carried out through this website is in breach of the provisions of the Regulation have the right to lodge a complaint with the Supervisory Authority, as provided for by Art. 77 of said regulation, or to take legal action (Art. 79 of the Regulation) contactable at the following email garante@gpdp.it or on the website http://www.gpdp.it.