Information pursuant to Article 13 of Regulation (EU) 2016/679
In order to be able to provide its services, this website collects and performs processing operations on the data provided by users. On this page we provide the data subject with information regarding the processing of their personal data as provided for by the EU General Data Protection Regulation 679/2016 ("GDPR",)
The Data Controller
The personal data of the data subject are used by the Data Controller in accordance with the principles of Regulation (EU) 2016/679.
The Data Controller is ONETTI GIORGIO Erboristeria Apistica
Head Office Via Statale, 93 - 23013 Cosio Valtellino (SO) ITALY
Contact details Tel. +39 0342 635337 - Fax +39 0342 638021
The categories of data collected by the data controller vary according to the type of use the user makes of the site.
This information notice consists of the following sections: Site consultation
- Contact request
- Newsletter subscription/commercial communications
- Registered user
- Rights of the data subject
1. Site consultation
Category of Data
If the user uses the site for consultation purposes, the data controller collects browsing data, which are anonymous and cannot be traced back to the data subject. This category of data includes, for example, the IP addresses or domain names of the computers used by users who connect to the site, the URI addresses of the resources requested, the time and other parameters relating to the user's operating system and computer environment.
Purpose and legal basis of processing
The purposes of the processing of this data are technical-functional access to the site, analysis of aggregate traffic data and information security. This data is processed in order to obtain technical information on the use of the site, to check its correct operation, to monitor and analyse aggregate traffic data. These data, while remaining anonymous, by their very nature, through processing and association with data held by third parties, may make it possible to identify users should it be necessary, for example, to ascertain responsibility in the event of hypothetical computer crimes.
You may choose to enable or disable cookies at any time by adjusting the settings on your browser. For more information on cookies we invite you to visit our specific Cookie Laws page.
The legal basis for the processing is compliance with legal obligations and the legitimate interest of the data controller. The provision of computer traffic data is technically necessary as it is indispensable for navigation.
Recipients of the processing
Without prejudice to the communications that may be carried out at the request of the authority in charge for security checks, all anonymous data and in aggregate form may be communicated exclusively to internal authorised persons for the purposes of technical fulfilment.
The data controller processes the personal data of the data subject relating to telematic traffic to the extent strictly necessary and proportionate to ensure the proper functioning of the site, network and information security. Anonymous personal data are processed by automated tools only for the purposes indicated above and for the time strictly necessary to achieve the purposes for which they were collected. The necessary security measures have been taken to prevent data loss, illicit or incorrect use and unauthorised access.
Period of storage of personal data
Anonymous data collected during navigation/consultation on the site are retained for the time required by law.
2. Contact request
The visitor to the site in the contact section can make an information request by sending an e-mail or filling in the contact form. In this case the data controller receives the following information: e-mail address, first name, last name, telephone.
Purpose and Legal Basis of the Processing
Legal basis of the processing is the consent of the data subject, which is given by express request by the data subject and for the following purposes
Sending communications, commercial and otherwise, of products and services.
Recipients of the processing
The data provided by the interested party may be communicated exclusively for the purposes of performing the requested service to authorised internal persons.
Method of processing
The processing will be carried out using manual and computerised tools and with organisational logics strictly related to the purposes themselves.
Period of storage of personal data
The data will be kept for the time necessary to fulfil the request.
3. Newsletter subscription/commercial communications
Category of data
Visitors to the site can subscribe to newsletters. In this case the data controller receives the following information from the data subject: name, surname, e-mail address
Purpose and Legal Basis of the Processing
The legal basis of the processing is the consent of the data subject, the provision of data is optional and takes place through explicit approval and only for the following purposes
Sending commercial communications of products and services;
Recipients of data processing
The data provided by the data subject may be communicated solely for the purposes of carrying out the requested communication service to the following categories of recipients, for the purposes described
Internal persons in charge of processing. Purposes: technical-commercial fulfilments connected with the requested service.
Third-party suppliers. Purpose: technical delivery of the service.
The data controller requires the recipients of the processing to comply with security measures equal to those adopted in respect of the data subject, restricting the scope of action to the service expressly requested.
Method of processing
By registering for the newsletter, the user's e-mail address is automatically included in a list of contacts to whom e-mail messages may be sent containing information, also of a commercial and promotional nature, relating to this site. Personal data, for purposes strictly related to the provision of this service, may be disclosed to third parties based in countries where the RGPD is not applied (non-EU countries), but for which in any case an adequacy provision on the level of data protection by the European Commission is in force.
Retention period of personal data
Optional data, collected on the basis of consent, are retained for 24 months without prejudice to the rights of the data subject, in particular to deletion, as explained in the section "Rights of the data subject".
4. Registered User
Category of Data
If the visitor registers on the site, the data controller receives the following information: first name, last name, title, e-mail address, date of birth (optional),
If an order is placed on the site, the data controller receives the following additional categories of data relating to the data subject: Delivery/delivery address(es) (street, municipality and province, nationality), telephone (landline and/or mobile), fiscal code.
Bank/postal coordinates. The collection of this data depends on the payment system used. With electronic payments, the data are acquired directly by the service provider and are not received and processed by this site.
Purpose and Legal Basis of Processing
The personal data of the data subject will be processed for the services and products offered by the e-commerce website with the purposes described below, which are distinguished according to the legal basis of the processing (lawfulness) and the type of contribution.
Operations prior to the completion, execution and conclusion of the contract, customer management.
Legal basis of the processing: execution of pre-contractual and contractual measures. The provision of data is mandatory.
Fulfilment of obligations provided for by laws, regulations and/or community regulations or by other legitimised authorities.
Legal basis of the processing: legal obligations. The provision of data is mandatory.
Performance of administrative-accounting activities.
Legal basis for processing: legitimate interest, which will be exercised by balancing the interests of the data controller and the data subject. The provision of data is mandatory.
Any refusal to provide data, in whole or in part, may result in the impossibility of providing the requested service.
Without prejudice to communications carried out in fulfilment of legal obligations, all data collected and processed may be communicated to the following categories of recipients, exclusively for the purposes described:
Internal persons authorised to process data.
Purposes: Commercial, administrative, accounting and contractual fulfilment.
Purpose: Provision of services (support, maintenance, product delivery/delivery, provision of additional services, providers of electronic communication networks and services) related to the requested service.
Credit and digital payment institutions.
Purpose: Management of collections, payments, reimbursements related to the contractual service.
External professionals/consultants and consultancy firms.
Purpose: Fulfilment of legal obligations, exercise of rights, protection of contractual rights, credit recovery.
The legal basis for such processing is the performance of services inherent to the contractual relationship established and the legitimate interest of the data controller in carrying out processing necessary for such purposes.
Modalities of processing
The processing will be carried out both manually (e.g. registration forms, order forms, etc.) and by computer/telematic means (management software, accounting software, etc.) with organisation and processing logics strictly related to the purposes themselves and in any case in such a way as to guarantee the security, integrity, confidentiality and availability of the data in compliance with the organisational, physical and logical measures provided for by the provisions in force. The data controller imposes on its third-party suppliers the observance of security measures equal to those adopted in respect of the data subject, restricting the scope of action to the service requested.
Storage period for personal data
The data required for the purpose of registering the user on the site and the contractual data are retained for the time necessary to carry out the business relationship. Accounting data will be kept for the time required by legal obligations.
5. Rights of the data subject
In relation to the other processing operations described in this Policy, the data subject may exercise the rights set out in Articles 15 to 21 of the GDPR and, in particular, the following rights
- to access personal data
- to obtain the rectification of inaccurate personal data and/or the integration of incomplete personal data
- to obtain the deletion of personal data
- to obtain the restriction of processing
- data portability;
- to object to the processing of personal data without prejudice to any legitimate interests of the data controller;
- to revoke consent where applicable (in which case the revocation shall not affect the lawfulness of the processing based on the consent given before the revocation)
- to lodge a complaint with the Italian Data Protection Authority (Piazza di Montecitorio n. 121, 00186, Rome).
The above rights may be exercised vis-à-vis the data controller by contacting him at the references given herein. The exercise of rights as data subject is free of charge. However, in the event of manifestly unfounded or excessive requests, also due to their repetitive nature, the data controller may charge a reasonable fee, in light of the administrative costs incurred in handling the request, or deny satisfaction of the request.
What are cookies?
A cookie is a text file that is stored by your internet browser on your computer or other device and is sent to a website server which will be able to retrieve it and read its contents. Cookies are used to make websites work more efficiently, to improve their performance and the user's browsing experience. They contain some anonymous information and allow the website to remember, for example, the user's browsing settings preferences.
Technical cookies (Necessary)
Functional cookies help to perform certain functionalities, such as sharing website content on social media platforms, collecting feedback and other third-party functions. The interactions and information captured are subject to the data processing policies of each social network.
Analytical cookies are used to understand how visitors interact with the website. These cookies allow us to count the number and source of visits. They help us to know what pages are being viewed and to improve the performance of our site. All information collected by cookies is aggregated and therefore anonymous.
Profiling cookies are used to provide visitors with personalised advertisements based on the pages visited previously and to analyse the effectiveness of advertising campaigns.
You can manage cookies at any time by changing the settings on your internet browser, deactivating or deleting them. Such deactivation may slow down or prevent access to certain parts of the site.
How do I disable cookies from my browser?
If you do not wish to receive cookies, you can change your browser settings so that you are notified when they are sent. From the browser settings page you can also control and delete cookies that have already been stored at any time. The settings for controlling, managing or deactivating cookies may vary depending on the internet browser used, so we suggest that you consult the "Help" function of your internet browser for more information on how to do this.
Below we provide Users with links explaining how to manage or disable cookies for the most popular internet browsers:
Internet Explorer: http://windows.microsoft.com/it-IT/internet-explorer/delete-manage-cookies
Google Chrome: https://support.google.com/chrome/answer/95647
Mozilla Firefox: http://support.mozilla.org/it/kb/Gestione%20dei%20cookie
For more information on third-party cookies and how not to accept them, please visit the following sites:
http://www.aboutads.info/choices (available in English only)