Information on the processing of personal data

TORSELLI VIVAI 

COMPANY AGRICULTURAL SIMPLE
Via Vecchia Fiorentina, 1st tr., no. 505
Valenzatico – 51039 – Quarrata (PT)
P.I./C.F. 01712570470

(hereinafter, “Data Controller”), ​​as data controller, informs you, pursuant to Article 13 of Legislative Decree No. 196 of June 30, 2003 (hereinafter, “Privacy Code”) and Article 13 of EU Regulation No. 2016/679 (hereinafter, “GDPR”), that your data will be processed in the manner and for the purposes set out below.

1. Subject of the processing

The Data Controller processes personal, identifying, and non-sensitive data (including, but not limited to, name, surname, company name, address, telephone number, email address – hereinafter, “personal data” or “data“) provided by you when using the contact form on the Data Controller’s website cupressus.it (hereinafter, “Site“).

2. Purpose of processing

Your personal data is processed:

A) without your express consent (Article 24, letters a), b), and c) of the Privacy Code and Article 6, letter a). b), e) GDPR), for the following Service Purposes:

  • manage and maintain the Site;
  • process a contact request;
  • fulfill obligations established by law, regulation, EU legislation, or an order of the Authority;
  • prevent or detect fraudulent activities or abuses harmful to the Site;
  • exercise the rights of the Owner, for example the right to exercise a right in court.

B) only with your specific and separate consent (Articles 23 and 130 of the Privacy Code and Article 7 of the GDPR), for the following Other Purposes/Marketing Purposes: to send you via email, post, and/or text message and/or telephone, newsletters, commercial communications, and/or advertising material about the services offered by the Data Controller and to measure your satisfaction with the quality of the services;
Please note that if you are already our customers, we may send you commercial communications relating to the Data Controller’s services and products similar to those you have already used, unless you disagree (Article 130, paragraph 4 of the Privacy Code).

3. Processing Methods

The processing of your personal data is carried out using the operations indicated in Article 4 of the Privacy Code and Article 4(2) of the GDPR, namely: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, erasure, and destruction of data.
Your personal data is subject to processing (both on paper and electronic and/or automated, through the use of a website hosted on the infrastructure of the SERVICE PROVIDER: ?).
The Data Controller will process the personal data for the time necessary to fulfill the aforementioned purposes and in any case for no longer than 10 years from the termination of the relationship for Service Purposes and for no longer than 2 years from the collection of the data for Other Purposes.

4. Security

The Data Controller has adopted a wide variety of security measures to protect your data against the risk of loss, misuse, or alteration. In particular, it has adopted the measures referred to in Articles 32-34 of the Privacy Code and Article 32 of the GDPR.

5. Access to Data

Your data may be made accessible for the purposes referred to in Article 13 of the GDPR. 2.A) and 2.B):

  • to employees and collaborators of the Data Controller, in their capacity as persons in charge and/or internal data processors and/or system administrators;
  • to third-party companies or other entities (for example, website providers, cloud providers, e-payment service providers, suppliers, hardware and software support technicians, freight forwarders and carriers, credit institutions, professional firms, etc.) who perform outsourced activities on behalf of the Data Controller, in their capacity as data processors.

6. Data Communication

Without your express consent (pursuant to Article 24, letters a), b), and d) of the Privacy Code and Article 6, letters b), c), and d) of the Italian Legislative Decree no. b) and c) GDPR), the Data Controller may communicate your data for the purposes referred to in Art. 2.A) to supervisory bodies, judicial authorities, and all other entities to whom communication is required by law for the fulfillment of the aforementioned purposes. Your data will not be disclosed.

7. Data Transfer

The management and storage of personal data will take place on the server indicated above (Italy) of the Data Controller and/or third-party companies duly appointed as Data Processors.
The Data Controller hereby ensures that the transfer of data outside the EU will take place in accordance with applicable legal provisions, subject to the stipulation of the standard contractual clauses provided by the European Commission.

8. Nature of the data provision and consequences of refusal to respond

The provision of data for the purposes referred to in Article 2.A) is mandatory. Without it, we will not be able to guarantee you the Services referred to in Article 2.A).
The provision of data for the purposes referred to in Article 2.B) is optional. You can therefore decide not to provide any data or to subsequently object to the processing of data already provided. In this case, you will not receive email newsletters, commercial communications, and advertising materials relating to the Services offered by the Data Controller. In any case, you will continue to be entitled to the Services referred to in Article 2.A).

9. Rights of the Data Subject

As a data subject, you have the rights set forth in Article 7 of the Privacy Code and Article 15 of the GDPR, specifically the rights to:

  • i. obtain confirmation of the existence or otherwise of personal data concerning you, even if not yet recorded, and communication of such data in an intelligible form;
  • ii. obtain information on: a) the source of the personal data; b) the purposes and methods of processing; c) the logic applied to processing carried out with the aid of electronic means; d) the identification details of the data controller, data processors, and the designated representative pursuant to Article 5, paragraph 2 of the Privacy Code and Article 3, paragraph 1, of the GDPR; e) the entities or categories of entities to whom the personal data may be communicated or who may become aware of it in their capacity as designated representative(s) in the territory of the State, data processor(s), or persons in charge of processing;
  • iii. obtain: a) the updating, rectification, or, where interested therein, integration of the data; b) the deletion, anonymization, or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which it was collected or subsequently processed; c) certification that the operations referred to in letters a) and b) have been notified, including their content, to those to whom the data was communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right being protected;
  • iv. object, in whole or in part: a) on legitimate grounds, to the processing of your personal data, even if pertinent to the purpose of collection; b) to the processing of your personal data for the purpose of sending advertising or direct sales materials or for conducting market research or commercial communications, through the use of automated calling systems without the intervention of an operator, by email and/or through traditional marketing methods such as telephone and/or post. Please note that the data subject’s right to object, set out in point b) above, for direct marketing purposes via automated means extends to traditional methods, and that the data subject may exercise the right to object even partially. Therefore, the data subject may decide to receive communications only via traditional means, only automated communications, or neither type of communication.
    Where applicable, you also have the rights set forth in Articles 16-21 GDPR (Right to rectification, right to be forgotten, right to restriction of processing, right to data portability, right to object), as well as the right to lodge a complaint with the Supervisory Authority.

10. How to exercise your rights

You may exercise your rights at any time by sending:
a registered letter with return receipt to

ESSEDICOM s.r.l. registered office at Lungarno F. Ferrucci 23 – 50126 Florence | VAT no./Tax ID no. 05217640480

An email to info@cupressus.it

11. Minors

This Site and the Data Controller’s Services are not intended for minors under the age of 18, and the Data Controller does not intentionally collect personal information from minors. If information about minors is inadvertently recorded, the Data Controller will delete it promptly upon user request.

12. Data Controller, Data Processor, and Persons in Charge

The Data Controller is
ESSEDICOM s.r.l., with registered office at Lungarno F. Ferrucci 23 – 50126 Florence | VAT No./Tax Code 05217640480

The external data controller is the Service Provider (?)

Which may also process your data independently as independent data controllers for the purposes of its own privacy policy.
The updated list of data processors and persons in charge of data processing is kept at the Data Controller’s headquarters.

13. Changes to this Privacy Policy

This Privacy Policy may be subject to change. We therefore recommend that you check this Policy regularly and refer to the most up-to-date version.