The websites www.vannuccipiante.it and www.vannuccipiante.com collect some Personal Data from their Users. This disclosure shall be drawn up on the basis of the legislation on the personal data protection, including the articles 13 and 14 of Regulation (EU) 2016/679 (hereinafter, GDPR) and Legislative Decree n. 196/2003 (Privacy Code) as supplemented by Legislative Decree n. 101/2018.

Data Controller

Azienda Agricola Vannucci Piante di Vannucci Vannino (hereafter the Data Controller), with registered office in Pistoia (PT), via Pratese, 238; local units: Quarrata (PT), loc. Piuvica, via Moreno Vannucci; Pistoia (PT), via Bonellina, 116 – tax number VNNVNN63C06G713K – VAT number 01258370475 – Tel. 057379701 – email: gdpr@vannuccipiante.it.

 

1)      Types of data collected and processing purposes

 

a) Contacts. It is possible to contact the Data Controller to request information and for any request regarding the products and services offered. The data collected are those entered in the present forms and those collected through messages sent to the e-mail addresses of the Data Controller; cookies (for more information, please refer to the Cookie Policy).

The purpose of processing your data is to respond to your requests, and the legal basis of the processing lies in the execution of pre-contractual and contractual measures (Article 6, letter b, GDPR).

 

b) Content on external platforms. These services allow you to view content hosted on external platforms directly from the pages of the site www.vannuccipiante.it and to interact with them. If a service of this type is installed, it is possible that, even if the Users do not use the service, the same will collect traffic data regarding the pages in which it is installed.

 

The widgets that are installed on the aforementioned site are:

1) Google Maps: it is a map visualization service managed by Google Inc. that allows this Site to integrate such content within its pages. The personal data collected by the Data Controller through the platform are cookies and usage data; please refer to Google’s privacy policy (https://policies.google.com/privacy?hl=it), noting that your data in this case may be processed by the same, even in non-EU countries. In any case, Google continues to offer a series of international data transfer mechanisms and is certified according to the EU – U.S. frameworks which constitute a legal system for the transfer of personal data from the EEA to the United States, within which certified organizations guarantee to provide a level of protection in line with European data protection legislation.

2) E-mail: it is a service that allows the User to send an e-mail message directly to the Data Controller through the use of the platform linked to the e-mail address of the Data Controller. Please refer to the privacy policy of the e-mail provider used by the User.

3) Facebook (Facebook, Inc.): the Facebook social link is an interaction service with the Facebook social network, provided by Facebook, Inc. Personal Data collected: Cookies and Usage Data. Place of processing: USA – Privacy Policy. (Facebook has certification under the EU-US frameworks which constitute a legal system for transferring personal data from the EEA to the United States, within which certified organizations guarantee to provide a level of protection in line with European legislation for data protection).

4) Twitter. The Twitter social widget is an interaction service with the Twitter social network, provided by Twitter, Inc. Personal Data collected: Cookies and Usage Data. Place of processing: United States – https://twitter.com/it/privacy. Subject adherent to the Privacy Shield.

5) Youtube. The Youtube social widget is an interaction service with the YouTube social network, provided by Google Inc. Personal Data collected: Usage data. Place of processing: United States – Privacy Policy. Subject adherent to the Privacy Shield.

6) LinkedIN. The Linkedin button is an interaction service with the Linkedin social network, provided by Linkedin Inc. Personal data collected: Cookies and Browsing and usage data. Place of Processing: USA – Privacy Policy https://www.linkedin.com/static?key=privacy_policy&trk=hb_ft_priv. Subject adherent to the Privacy Shield.

7) www.bellostare.it, www.pistoianurserypark.it and www.nurserycampus.it. By clicking on the respective widgets present on the website www.vannuccipiante.it, the user’s navigation can be redirected to the aforementioned Internet sites. Please refer to the Privacy Policies of the same.

8) Redirects to other sites (Link section). By clicking on the links on the website www.vannuccipiante.it in the section specifically named, the user’s navigation can be redirected to institutional websites. Please refer to the Privacy Policies of the same.

 

c) Special offers and area and services reserved for selected customers – redirect to the website www.vannuccipiante.com. By entering costumers data on the website www.vannuccipiante.com (company name, user name, email, telephone number), the Data Controller offers the possibility to access a showcase of products reserved for customers selected by personnel authorized by Holder.

With regard to the reserved area, the User, after sending his / her data, receives the credentials for accessing his / her private area, where he / she can view the documents within his/her competence (including invoices and delivery notes) using the platform Arkottica offered by InfoSvil srl.

In both cases mentioned above, the purpose of processing your data is to respond to your requests, and the legal basis of the processing lies in the execution of contractual measures (Article 6, letter b, GDPR)

 

2) Method and place of collected Data processing

Data processing is carried out using IT and / or telematic tools, with organizational methods and logic strictly related to the purposes indicated and, in particular, through the adoption of adequate security measures pursuant to EU Regulation 2016/679. In addition to the Data Controller, in some cases other third parties (such as technical service providers and hosting providers) may also have access to the data, also appointed, if necessary, Data Processors by the Data Controller.

 

3) Legal basis of the processing

The Owner processes Personal data relating to the User, for the purposes set out below:

-point 1, letters a), b) and c): the processing of your data is necessary to respond to your requests (in particular, for the execution of pre-contractual measures such as request for information on the owner’s services, and contractual).

It is in any case always possible to ask the Data Controller to clarify the concrete legal basis of each treatment.

 

4) Place and scope of communication of your data

The data is processed and stored at the registered office of the Data Controller and at the local units by the personnel authorized by the Data Controller, or by people in charge of occasional maintenance operations.

Personal data is stored on servers located within the EU, except as provided in point 1, lett. b) of this privacy policy which should be consulted.

Your data may be communicated to third parties belonging to the following categories: subjects providing services for the management of the website used by the Data Controller and by the communication networks (including e-mail); companies providing platforms used by the Data Controller to offer the best service to customer requests (in particular, the Arkottica platform); external collaborators of the Data Controller; competent authorities for the fulfilment of legal obligations and / or provisions of public authorities, upon request.

Your data will not be disseminated.

The subjects belonging to the aforementioned categories act as Data Processing Managers, or operate in total autonomy from the Data Controller.

The User can request information on the list, constantly updated, of the data processors to the Data Controller by contacting him at those details mentioned at the beginning.

 

5) Nature of the attribution data and consequence of any refusal to answer

The provision of data for the purposes referred to in point 1, lett. a), b) and c) is functional in order to use the services requested, therefore any refusal to grant them will make it impossible for the Data Controller to perform these services.

 

6) Retention period

Data is processed and stored for the time required for the purposes for which it was collected.

Therefore:

The Personal Data collected for purposes related to the execution of a contract or the execution of pre-contractual measures between the Data Controller and the User will be retained until the execution of this contract is completed and, in any case, in compliance with current legislation.

The Data Controller may be obliged to keep the Personal Data for a longer period in compliance with a legal obligation or by order of an authority.

At the end of the retention period, personal data will be deleted. Therefore, upon expiration of this term the right of access, cancellation, rectification and the right to the portability of the Data can no longer be exercised.

 

7) User Rights

Users can exercise certain rights with reference to the data processed by the Owner.

In particular, pursuant to the GDPR, the User has the right to:

– withdraw the consent at any time;

– oppose the processing of their own data;

– access their own data;

– verify and request rectification;

– obtain the limitation of the treatment;

– obtain the cancellation or removal of their own personal data;

– receive their own data or make them transfer to another owner;

– make a complaint to the Control Authority (Privacy Guarantor).

 

8) How to exercise rights

To exercise its rights, the User can send a request to the contact details of the Data Controller mentioned in this document.

 

9) System log and maintenance

For needs related to operation and maintenance, this application could collect system log, i.e. files that record interactions and that may also contain personal data, such as the user’s IP address.

 

10) Information not contained in this policy

Further information in relation to the processing of Personal Data may be requested at any time to the Data Controller using the contact details.