This document describes the methods of managing the Website https://agrivar.com/ with reference to the processing of the personal data of users who consult it
CONTROLLER AND CONTACT DETAILS
Following access to and consultation of this Website, data relating to identified or identifiable persons may be processed.
Pursuant to the GDPR, the Controller is Agrivar Società Agricola S.r.l. Via Cà Masino 1091 Castel San Pietro Terme – Loc. Varignana (BO) – Italy, Tel. 051 19938344, firstname.lastname@example.org (hereafter also the “Company”), through its legal representative.
RECIPIENTS AND/OR CATEGORIES OF PERSONAL DATA RECIPIENTS
Hosting and back-end infrastructure;
Platform support and management;
Marketing campaign and newsletter management;
The user can ask the Controller for an up-to-date list of Processors at any time through the contact details provided above.
Finally, the personal data of the user may be communicated to public and private entities and/or subjects in order to fulfill specific obligations provided for by laws, regulations and EU legislation. Such subjects shall act as independent Controllers.
LOCATION OF DATA PROCESSING
The processing related to the web services of this site and described through it take place mainly at the headquarters of Agrivar Azienda Agricola S.r.l. No data deriving from the web services is communicated by the Company to third parties if the purpose of the processing is not strictly relevant or imposed by laws or regulations. The processing related to the web services of this site that take place at the premises of the Controller is handled by in-house personnel, officially trained and appointed for such processing or by third parties that are appointed as the Processor.
PURPOSE AND LEGAL BASIS FOR THE PROCESSING
Your personal data may be processed for the following purposes:
1) Information and/or support at the request of the data subject
The processing of the personal data of users is necessary when, at the request of the user, the Controller provides support and/or information on the products and/or services or in order to acknowledge a contact request from the user through the contact section. The processing is carried out pursuant to Art. 6(1)(b) of the GDPR.
2) Performance of operations that allow browsing of the Website pages
3) Statistical processing of aggregated data in relation to the Website services
TYPE OF PERSONAL DATA PROCESSED
With reference to browsing data, the computer systems and software procedures used to operate this Website acquire, during their normal operation, some personal data whose transmission is implicit to the use of Internet communication protocols. This information is not collected in association with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This data category includes the IP addresses or domain names of computers used by users who connect to the Website, Uniform Resource Identifier (URI) addresses of the requested resources, the time of the request, the method used to submit the request to the server, and other parameters related to the user’s operating system and computing environment. The optional and voluntary sending of e-mails to the addresses indicated on the Website involves the acquisition of the user’s personal data, as indicated therein, necessary to respond to user requests.
TRANSFER OF PERSONAL DATA TO NON-EU COUNTRIES
Generally, the processed data will not be transferred outside the European Union. However, personal data may be transferred to a non-EU country, subject to the conditions set out in the GDPR. Specifically, the above transfer may be put in place, without specific authorizations, if the third country to which the data is transferred falls under those which guarantee an adequate level of protection according to the European Commission. In the absence of such an adequacy decision adopted by the European Commission, this transfer to third countries can be carried out by adopting the adequate guarantees referred to in Art. 46 of the Regulation, based on which the above-mentioned personal data transfer occurs. In the absence of an adequacy decision or additional guarantees, the transfer of personal data to third countries can be carried out if the terms are met and the additional conditions set out by the GDPR exist, including the possibility to make use of the derogations for specific situations in Art. 49 of the GDPR.
DATA RETENTION TIMES
If the user has submitted a request for support through the contact and customer care form, the data will be processed only for the time necessary to fulfill the request.
This is without prejudice to other retention times required by law and the possibility of revoking consent or exercising all the rights granted to the data subject by the GDPR and indicated below in this policy.
As for browsing data, the Controller will delete this information 12 months after the last online interaction that occurred in relation to the Controller’s communications or the content published on the Website for which the Controller has direct evidence of this interaction (e.g. clicks, opening, response).
NATURE OF THE PROVISION OF DATA
The processing of personal data for the purposes of data subject requests is necessary. However, if the user does not provide the necessary personal data, the Controller will not be able to supply the service and/or respond to the request.
DATA SUBJECT RIGHTS
Data subjects may, where the conditions exist, exercise all the rights recognized under the GDPR, such as: the right to obtain confirmation that there is or is not ongoing processing of personal data concerning the data subject; the right of access to his or her personal data; the right to obtain rectification of inaccurate data or have incomplete data completed; the right to obtain deletion of personal data regarding him or her; the right to obtain the restriction of processing of his or her personal data; the right to receive the personal data concerning him or her in a structured and machine-readable format; the right to oppose the processing; and the right to withdraw consent at any time whenever the processing is based on consent;
The data subject may exercise these rights by writing to the Controller using contact details provided above.
The data subject has the right to submit a complaint to the Italian Data Protection Authority.