Information on data protection pursuant to the General Data Protection Regulation (GDPR) EU 2016/679 in force since 25 May 2018

Consorzio di Tutela Olio Seggiano DOP, with registered offices in Loc. Colonia, 58031 Arcidosso (GR) VAT No. 01555370533 and Tax Code. 92048970534, in its capacity as data controller, (hereinafter “Controller”), informs you, pursuant to art. 13 of Leg. Decree no. 196 of 30.06.2003 (hereinafter, “Privacy Code”) and art. 13 of EU Regulation no. 2016/679 (hereinafter, “GDPR”) that your personal data shall be processed according to the following methods and for the following purposes:

1 Data Controller and Data Processor:

The Data Controller is Consorzio di Tutela Olio Seggiano DOP with registered address in Loc. Colonia – 58031 Arcidosso (GR).  An updated list of Data Processors is kept at the registered address of the Data Controller.

For any information concerning data processing or to exercise the rights conferred by the GDPR it is possible to contact the Consorzio through its email address:

2 Data subject to processing:

The Controller processes personal data – hereinafter “personal data” or just “data” provided by you when concluding contracts for services or products sold by the Controller.

3 Purpose of data processing:

Your personal data shall be processed for the following purposes:

a) The personal data you provide through this website or directly to the Controller are processed without your express consent (art. 6 lett. b) and e) of the GDPR), exclusively for the following Service Purposes:

  • concluding contracts for the services of Controller
  • fulfilling pre-contractual, contractual and tax obligations arising from existing relationship with you
  • fulfilling legal and regulatory obligations and complying with the provisions of EU legislation or orders issued by the Authorities;
  • exercising the rights of Controller, for example legitimate interests or the right of defense in legal proceeding.

b) The personal data you provide through this website or directly to the Controller will instead be processed only with your prior specific and express consent (art. 7 of the GDPR), for the following Marketing Purposes:

  • sending you commercial offers or advertising material via email and / or text message and / or telephone contacts, or newsletters about the products or services offered by the Controller.
  • sending you customer satisfaction surveys via email to verify the quality of services

Please note that if you are already our customer, we may send you commercial offers relating to services and products of the Controller similar to those which you have already used, unless you disagree.

4 Methods of processing, data retention times and data security:

Your personal data shall be processed both on paper, electronically and via automation.

The Controller shall process the personal data for the time necessary to fulfill the purposes referred to above and in any case for no longer than 10 years after the termination of the relationship for Service Purposes (3.a) and for no longer than 2 years after the collection of the data for Marketing Purposes (3.b).

The Controller declares to have implemented appropriate technical and organizational measures for the fulfillment of legal obligations established by the GDPR. In particular, the Controller declares to have activated internal procedures to ensure a level of security appropriate to the risk (both electronic and paper), through encryption, backup and disaster recovery measures and network protection measures through firewalls, antivirus or intrusion prevention systems. The Controller declares to have also verified the existence of equal security measures with its suppliers that provide hosting services connected to the functionalities of this website.

5 Other data recipients:

The Controller internally processes the data collected and uses them to carry out his business. There are no other recipients of the data, with the exception of the recipients envisaged by legal obligations.

6 Data Transfer

Your personal data, once obtained from the website, shall be stored on servers that are located in Italy or in any case within the European Union. It remains in any case understood that the Controller, where necessary, shall have the right to change the location of the server in non-EU countries. In this case, the Controller shall ensure as of now that the transfer of data outside the EU shall be in accordance with the provisions of applicable law, stipulating, where necessary, agreements to guarantee an adequate level of protection and/or adopting the standard contract terms envisaged by the European Commission.

7 Rights of the person concerned

In your capacity as person concerned, you have the rights referred to in art.15 of the GDPR and more specifically, the following rights:

  • to obtain confirmation of the existence or otherwise of personal data concerning you, even if not yet recorded, and their communication in intelligible form;
  • to obtain the following information:
  1. a) the origin of the personal data;
  2. b) the purposes and methods of processing;
  3. c) the logic applied in case of processing performed using electronic instruments;
  4. d) the identification of the Controller, the data processors and the appointed representative pursuant to art. 5, par. 2 of the Privacy Code and art. 3, par. 1 of the GDPR;
  5. e) the parties or categories of parties to whom the personal data may be communicated or who may become aware of such data in their capacity as appointed national representative or data processor
  • to obtain
  1. a) the updating, rectification or, where it is in your interests, completion of incomplete data;
  2. b) the erasure, transformation into anonymous form or the blocking of data processed unlawfully, including that for which retention is not necessary in relation to the purposes for which the data was collected or subsequently processed;
  3. c) certification that the operations referred to in art. 8. A) and B) have been brought to the attention, including with regard to their content, of those to whom the data was communicated or disseminated, unless this proves impossible or involves a manifestly disproportionate effort as compared to the right that is to be protected;
  • To object, in whole or in part:
  1. a) to the processing of personal data concerning you, for legitimate reasons, even though relevant to the purpose of the data collection;
  2. b) to the processing of personal data that concern you for the purposes of sending advertising material or direct sales or for market research or commercial offers, through the use of automated contacting systems without the intervention of an operator by email and/or by means of traditional marketing via telephone and/or standard mail. It should be noted that the right of opposition of the person concerned, explained above in part b), for the purposes of direct marketing via automated methods, is extended to traditional methods and that this right remains in any case without prejudice to the right of the person concerned to oppose the processing even only in part. Therefore, the person concerned may decide to receive notifications via traditional methods only or via automated methods only or neither of the two types of communication.

Where applicable, you shall also have the rights referred to in arts. 16-21 of the GDPR (right of rectification, right to be forgotten, right to restriction of processing, right to data portability, right to object), as well as the right to lodge a complaint to a Supervisory Authority.

8 How to exercise your rights

You may at any time exercise your rights by sending: