PRIVACY POLICY FOR THE USERS OF THE WEBSITE https://www.oleificioolma.it

Information on the personal data processing for visitors who consult OL.MA’s website, pursuant to arts. 13 and following of EU Regulation 679/2016 (GDPR)

Why these informations?

This page describes the methods of operation and management for OL.MA’s Collegio Toscano degli Olivocoltori s.a.c. website (www.oleificioolma.it), in relation to the processing of personal data of the users who consult it and use its services. This customers privacy policy is provided pursuant to articles 13 adn following of EU Regulation 679/2016 (hereafter GDPR - General Data Protection Regulation), towards those who interact with the web services of the Data Controller, electronically accessible at the following address: http://www.oleificioolma.it, that is the link for the website’s home page. This privacy policy is provided only for the website www.oleificioolma.it and does not concern other websites, pages or online services accessible by the user through hypertext links published on the site and referred to the external resources of the Data Controller’s domain, for which, the user is invited to read the privacy information provided by each of them.

1. Data controller

Following the consultation of this site, users are informed that data relating to identified or identifiable natural persons may be processed. The Data Controller is OL.MA Collegio Toscano Olivicoltori s.a.c., with registered office in Grosseto, Loc. Madonnino, 3, VAT number: 00127960532; pec: amministrazione@pec.oleificioolma. Some processing operations may also be carried out by other third parties, to whom OL.MA Collegio Toscano Olivicoltori s.a.c. entrusts some activities, or part of them, according to the services provision. In this case, these subjects will be explicitly designated as Data Processors or Authorized Subjects. The Data Controller will give specific operating instructions to these subjects, with particular reference to the adoption of the minimum security measures, in order to guarantee data confidentiality and security. In particular, in addition to the Data Controller, these data are treated, in the role of Data Processor, by Iride Srl, that carries out maintenance and management activities in relation to the information systems updates, on behalf of the Data Controller, and also provides hosting service and the site management activity for what concerns e-commerce. Instead, for what concerns information systems daily use, management and maintenance, these functions are carried out by specifically authorized internal staff. Data can also be communicated, in case of request, to the competent Authority, in compliance with the obligations deriving from the GDPR.

2. Data Processing Legal Basis and Purpose


Data Controller processes users/visitors personal data (Interested parties), for the following purposes: a) to fulfill the obligations deriving from the purchase agreement of the products marketed on the website, and to resolve any disputes in relation to these transactions; b) to fulfill the legal obligations provided for by administrative, accounting and fiscal legislation, including the duties that concern anti-money laundering legislation; c) to pursue Data Controller legitimate interest, that consists in the proper working of the website, providing updates in relation to site changes and other related services, and to report problems or security updates; d) to fulfill a legal obligation, that consists in the communication to the competent Authorities of any commission of fraudolent activities through the use of the website.

3. Types of Data Processed

NAVIGATION DATA

The computer systems and software procedures used to operate this website, acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. In particular, in this category, are saved data that concern: the visited pages, the start and the duration of the visit, visitors origin and the type of device used.

DATA COMMUNICATED BY USERS/VISITORS

The optional, explicit and voluntary e-mail sending to the e-mail address indicated on this website involves the consequent acquisition of the sender’s e-mail address (necessary to respond to the requests), and of any other personal data included in the communication. Specific information will be shown or displayed on the website pages prepared for particular service on request. To carry out purchase operation on the website, the interested party must register an account and send information about him. To create an account, the user has to provide the following data: the name, the surname, the password, the date of birth, the residence address, the tax code for billing or the VAT number, and the Telephone number. The communication of these data is mandatory to complete the purchase of the products marketed throgh the Data Controller’s website. The non-provision of these data will make it impossible for the Data Controller to provide what is requested by the user. Furthermore, users communicate their data also in relation to the payments making. In this sense, it must be specified that about the payments management, Ol.ma Collegio Toscano degli Olivicoltori s.a.c. uses third parties services, which allow payments by cash on delivery, bank transfer and credit card on various bank circuits. Payment by credit card is secure and guaranteed by Circuito Consorzio Triveneto, which includes the Monte dei Paschi di Siena Bank. Therefore, these service providers will collect and process data subject’s data to carry out financial transactions. To find out the third parties Privacy Policy, the interested parties can visit their website in order to obtain more detailed informations. Below are the links to the Privacy Policy of these third parties:

- Circuito Consorzio Triveneto: http://www.bassilichi.it/note-legali-consorzio-triveneto/

- Monte dei Paschi di Siena Bank: https://www.mps.it/privacy.html

Financial transactions carried out on the website for the purchase of products are protected by SSL Certificate and Server to Server payments with the Consorzio Triveneto.

USERS PERSONAL DATA ACQUIRED BY THIRD PARTIES OL.MA

Collegio Toscano degli Olivicoltori s.a.c. receives informations on users / visitors also through social media (Facebook), until the revocation of the "like" affixed by the same user / interested party on the Data Controller’s Facebook page. In particular, it is specified that the Facebook page is directly managed by internal staff specifically authorized.

4. Data provision

The provision of personal data referred to in point 3 of this Privacy Policy, letters a) to d), is mandatory. Failure, partial or incorrect provision of the aforesaid data, will make it impossibile for the Data Controller to fulfill the legal and contractual obligations foreseen therein.

5. Data Communication to Third Parties

Users’ personal data may be communicated to other subjects to fulfill the administrative, counting, fiscal obligations, and to the system administrators, to the competent Authorities, in case that a crime has been commited, to the Data Controller’s lawyers, in case there is the need to resolve disputes with users, concerning non-payments and/or non-fulfillments of contractual obligations. The informations collected by the Data Controller aren’t communicated to other third subjects, if not for use the necessary and support services to the his activity. By way of example and not exhaustive, these services include: - e-mail services; - IT assistance / web development; - Telephone operator (IT); Users’ data are collected by third parties when they make payments to purchase Data Controller’s products on his website. Relating to these processing, please refer to point 3 of this Privacy Policy. Also cookies services could provide informations about interested parties navigation, since they are tracers technologies used by providers/third parties. We also inform that users’ personal data are not subjected to dissemination, and that they are not transferred abroad.

6. Where and how we preserve your personal data?

Personal data are saved into our services providers (hosting) server, located in Italy. More specifically, the server on which personal data of the users of the website https://www.oleificioolma.it are stored, is managed by Iride s.r.l., at the Aruba headquarters. Personal data access is restricted only to the authorized tecnical staff specifically instructed, and to OL.MA employees who use and update the e-commerce service. Authenticated access measures with password, through FTP / WEB services and use of SSL certificate on SSH connection are adopted. Secure transmission technologies with encryption such as SSL (Secure Sockets Layer) are used to protect financial transactions. Paper documents containing personal data collected through the website, are stored in places with access restricted only to authorized personnel. Transport documents and invoices are preserved at Ol.ma’s headquarters, in a specific room; the archives consist on cabinets.

7. How long we preserve your data?

Navigation data are not stored for more than 30 days and are immediately deleted after their aggregation, except for any need to establish criminal offenses by the Judicial Authorities. The processing of the data communicated by the user is the same as above. The processing of the data stored throgh cookies is the same as above. For products orders, the informations collected are retained for a period of 10 years after the end of the financial year; for the e-mails and the mail, data will be kept for the time necessary to respond to the interested party and for the next 30 days, then they will be deleted. In all other cases, personal data are preserved for the time necessary to provide the requested services, or to fulfill legal obligation.

8. Cookies and other tracking systems

Cookies are small text files used to store some infomations about the user, his preferences or the Internet access device (computer, tablet, mobile phone), and they are mainly used to adapt the operation of the site to the user's expectations, allowing a personalized navigation experience and memorizing the choices made previously. A “Cookie” consists in a limited set of data that is transferred to the user’s browser by a web server, and that could be read only by the server that has made the transfer. It is not a code and it doesn’t transmit virus. This website uses access cookies for the session management, in order to ensure its normal navigation and use. If you want, you can prevent the saving of some or all cookies. However, in this case the use of the site and the offered products could be compromised; for more informations, please refer to the Cookies Policy (link) of the website https://www.oleificioolma.it The Data Processor, through this website, installs only technical and analytical cookies directly, aimed at optimizing its operation. Technical cookies are essential to navigate the site using all its features. For the installation of these types of cookies the user's consent is not required, but only the obligation of the Privacy Policy notice is prescribed. Analytics cookies anonymously collect information on the activity of the website users, on the way they arrived at the site, and on the pages they visited. Cookies other than technical cookies, are installed or activated only as a result of the consent expressed by the user, provided through the interaction with the home page banner of the website www.oleificioolma.it, or by continuing the navigation. Cookies can be used both by the Data Processor of the site you are visiting, or by third parties. Below are listed the types of cookies that are used on the Data Controller’s website:

- Prestashop: whose Data Processor is OL.MA Collegio Toscano degli Olivicoltori s.a.c., purpose of use: username / password - session;

- Google Analytics: whose Data Processor is Google Inc., purpose of use: to distinguish individual users and to check visited pages;

- Social Networks Cookies: this site allows you to easily share posts on social media, to "like", to view the number of shares and to view content from social networks. Specific cookies can be installed to do this. For more detailed information, please refer to the specific privacy policy of the social network used. As highlighted above, the site uses third-party cookies, whose installation requires the provision of the interested user’s consent, as previously indicated. Below are the links to the third parties’ Cookies Policy, and then the instructions to manage or disable cookies, published on their web pages:

- https://policies.google.com/technologies/types?hl=it;

- https://it-it.facebook.com/policies/cookies/

9. Childrens Rights

When the website is visited by a child under 14, for the subscription is required the supervision of a parent or a guardian, who remains responsible for the use of the site by name and on behalf of the minor.

10. Interested Parties Rights

The articles 13 and following GDPR, grant the interested party the exercise of specific rights, such as:

Right of access (Article 15 GDPR):

That consists on the confirmation that the processing of the data subject’s personal data is in progress and, in this case, on the possibility to obtain access to his personal data and to the information referred in the aforementioned article;

Right of rectification (Article 16 GDPR):

Correction of wrong personal data concerning the data subject without unjustified delay; integration of the incomplete interested party’s personal data, considering the purpose of the processing;

Right to erasure (right to be forgotten) Article 17 GDPR:

Cancellation of personal data concerning the data subject without unjustified delay. The Data Controller is obliged to cancel the personal data without unjustified delay in the cases provided for by art. 17 GDPR;

Right to restriction of processing (Article 18 GDPR):

Limitation of treatment in the cases provided for by art. 18 GDPR;

Right to data portability (Article 20 GDPR):

Receipt in a structured format, in common use and readable by an automatic device, of the data subject’s personal data provided to the Data Controller; the right to transmit these data to another Data Controller without impediments by the Data Controller to whom they have been supplied in the cases provided for by art. 20 of the Regulations;

Right to object (Article 21 of the GDPR):

Right to object is foreseen for the interested party, at any time, for reasons related to his own particular situation. The interested party can object to the processing of his personal data pursuant to art. 6 paragraph 1 lett. e) or f), including profiling on the basis of these provisions.

You can exercise your rights by sending a request to the following pec: amministrazione@pec.oleificioolma.it Furthermore, the interested party is informed that he / she has the right to propose a complaint to the Italian Data Protection Authority, if he / she considers that the processing that concerns him / her violates the EU Regulation 679/2016.

You can exercise your rights by sending a request to the following pec: amministrazione@pec.oleificioolma.it Furthermore, the interested party is informed that he / she has the right to propose a complaint to the Italian Data Protection Authority, if he / she considers that the processing that concerns him / her violates the EU Regulation 679/2016.



11. Privacy Policy update

This information is the Privacy Policy of this website. It may be updated after regulatory changes that provide new and/or other ways of personal data processing.

12. How can you contact us?

Your personal data protection is important for Ol.ma Collegio Toscano degli Olivicoltori s.a.c.. This website processes users data according to the GDPR (Reg. EU 679/2016) principles, adopting appropriate security measures to prevent unauthorized access, circulation, modification or unauthorized destruction of data. For the exercise of the users / visitors (interested parties) rights and for any information concerning the data processed through the Data Controller website, the following e-mail addresses are provided:

privacy@oleificioolma.it,

pec: amministrazione@pec.oleificioolma.it