Menu
Your Cart

Informativa privacy

Privacy Policy

INFORMATION ON THE PROCESSING OF PERSONAL DATA PURSUANT TO ARTICLES 13 AND 14 OF REGULATION (EU) 679/2016 (General Data Protection Regulation - GDPR)

This information notice pertains to the processing of personal data of users (data subjects) who access and use the website www.agricook.it (hereinafter referred to as the "Site").

This notice is provided solely for the Site and not for apps, social platforms, and third-party websites accessible through hyperlinks (links) contained therein, for which the Data Controller is in no way responsible.

It is useful to recall, in this regard, that Regulation (EU) 679/2016 (General Data Protection Regulation – GDPR) defines "personal data" as any information relating to an identified or identifiable natural person ("data subject").

According to the GDPR, "processing" means any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

1. Data Controller

The Data Controller is Agricook Srl, Via Lambro n. 19, 20831 Seregno (MB), VAT: 1172322096 – email: [email protected] (hereinafter "Agricook" or "Controller").

2. Nature of Data Provision

To use the services offered by the Site, users may be asked to provide the personal data necessary to ensure their use: for example, to fill out contact forms available on the Site, the user's email address is required to respond to communications sent. It should be noted that the user is free to provide the requested data, meaning that they are not legally obligated to provide them: however, failure to provide the data indicated as necessary will make it impossible for AGRICOOK to render the requested service.

3. Types of Data Processed, Purposes, and Legal Basis of Processing

Processing operations are carried out with reference to only the personal data necessary for the use of the Site and its functionalities. The types of data processed include, in particular:

3.1 Navigation Data

The computer systems and software procedures used to operate the Site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified data subjects but, by its nature, could, through processing and association with data held by third parties, allow users to be identified. This data is used solely to obtain anonymous statistical information on the use of the site and to check its correct functioning and is not, and will not be used by the Controller for profiling activities.

3.2 Data Provided by the Data Subject

AGRICOOK processes data voluntarily provided by the user for purposes related to the provision of Services. The legal basis for the processing is the performance of a contract to which the data subject is a party, pursuant to Article 6(1)(b) of Regulation (EU) 679/2016 (GDPR).

In particular, the personal data provided by the data subject may be processed for the following purposes:

  • In relation to the data provided by filling out contact forms (in particular, name, surname, company name, region, email address, and any other personal data included in the message sent by the user) to respond to support requests and, more generally, to the communications from the data subject.
  • Email address and other personal data possibly contained in emails sent to the addresses indicated on the Site and/or in the related attachments, to perform the processing activities necessary to respond to the user's requests.

4. Methods and Duration of Processing

The processing will be carried out using paper and/or electronic means, also through authorized parties, operating under the direct authority and according to the instructions provided by the Controller, with logic strictly related to the purposes indicated and, in any case, to ensure the security and confidentiality of the processed data.

Processing operations are carried out to ensure data and system security. Specific security measures are adopted to minimize the risk of data destruction or loss, even accidental, unauthorized access, unauthorized or non-compliant processing with the purposes indicated in this notice.

The data processed will be retained for no longer than necessary to achieve the purposes for which they were collected and subsequently processed. Specifically:

  • The data provided by sending emails or filling out contact forms on the site will be retained for the time necessary to provide a response.

5. Categories of Recipients

The personal data of the data subject may be communicated to:

  • Collaborators and employees of the Controller, specifically authorized, within their duties;
  • Commercial partners of AGRICOOK (subject to the explicit and free consent of the data subject), who will process the communicated data as independent Data Controllers for their purposes;
  • Providers of the services offered through the Site or connected to its operation.

Personal data will not be transferred abroad, to countries, or international organizations outside the European Union that do not guarantee an adequate level of protection, recognized pursuant to Article 45 GDPR, based on an adequacy decision by the EU Commission. If it is necessary for the provision of Site services, the transfer of personal data to non-EU countries or international organizations, for which the Commission has not adopted an adequacy decision pursuant to Article 45 GDPR, will only take place in the presence of adequate safeguards provided by the recipient country or organization, pursuant to Article 46 GDPR and provided that the data subjects have enforceable rights and effective legal remedies.

In the absence of an adequacy decision by the Commission, pursuant to Article 45 GDPR, or adequate safeguards, pursuant to Article 46 GDPR, including binding corporate rules, cross-border transfers will only occur if one of the conditions specified in Article 49 GDPR is met.

6. Rights of the Data Subject

The data subject has the right to access their personal data, request its rectification, updating, and deletion or restriction if incomplete, incorrect, or collected in violation of the law, as well as to object to the processing for legitimate reasons or to obtain its portability.

In particular, the data subject has the right to obtain confirmation of the existence or not of personal data concerning them, even if not yet recorded, and their communication in an intelligible form.

The data subject also has the right to obtain information on:

  • The purposes and methods of processing;
  • The logic applied in case of processing carried out with the help of electronic means;
  • The identification details of the Controller, the processors, and the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of it as authorized processors.

The data subject has the right to obtain:

  • The updating, rectification, or integration of their data;
  • The deletion, anonymization, or blocking of data processed unlawfully, including data that is not necessary for the purposes for which it was collected or subsequently processed;
  • The restriction of processing when one of the conditions outlined in Article 18 GDPR applies;
  • Certification that the operations referred to in letters a), b), and c) have been made known to those to whom the data has been communicated or disseminated, except when this proves impossible or involves a disproportionate effort relative to the protected right;
  • The transmission of the data concerning them, provided to the Controller and processed based on the expressed consent of the data subject for one or more specific purposes, in a structured, commonly used, and machine-readable format. Pursuant to Article 20 GDPR, the data subject also has the right to transmit such data to another controller without hindrance and, if technically feasible, to obtain the direct transmission of personal data from one controller to another.

Where the processing is based on consent, the data subject has the right to withdraw their consent at any time (pursuant to Article 7(3) GDPR).

The data subject has the right to object, in whole or in part:

  • For legitimate reasons, to the processing of personal data concerning them, even if relevant to the purpose of collection;
  • To the processing of personal data concerning them for the purpose of sending advertising materials or direct selling or for carrying out market research or commercial communication;
  • To automated decision-making processes that significantly affect their person.

Without prejudice to any other administrative or judicial remedy, the data subject has the right to lodge a complaint with a supervisory authority, particularly in the Member State where they usually reside, work, or where the alleged violation occurred.

7. Exercise of Rights

The above rights are exercised by request addressed to the Controller, by sending an email to [email protected]. The request is made freely and without formalities by the data subject, who has the right to receive appropriate feedback within a reasonable time, depending on the circumstances of the case.

The data subject may use, to exercise their rights, non-profit organizations, organizations, or associations whose statutory objectives are in the public interest and are active in the field of protecting the rights and freedoms of data subjects regarding personal data protection, by conferring appropriate mandates. The data subject may also be assisted by a trusted person.

More information on the purposes and methods of personal data processing can be obtained by writing to [email protected] and indicating "Privacy" in the subject line.

To know their rights, lodge a complaint, and stay updated on the legislation concerning the protection of individuals concerning the processing of personal data, the data subject can contact the Data Protection Authority by visiting the website at http://www.garanteprivacy.it.

Information updated in July 2021.