Privacy Policy

PRIVACY POLICY SUMMARY

CONTACT INFORMATION

Data Controller:

Frutteto Italia SRL, an Italian company with registered office at Via Padania 9 – 26030 Volongo (CR) – Italy. Paid-up share capital: €142,857.00
Cremona Companies Register – REA: 200021 – VAT No. 01770310199

Data Controller’s email address: info@fruttetoitalia.it

Certified email address: Owner’s address: fruttetoitalia@legalmail.it

Telephone: +39 0372 845 745

PERSONAL DATA COLLECTED BY THE WEBSITE FOR THE FOLLOWING PURPOSES (WITH USE OF THE SERVICES INDICATED)

Purpose:

Contacting the User
Tools:

– Contact form

Personal Data: first name and last name, email address, Cookies, Usage Data, other types of Data.

– Mailing list or newsletter (if the User has subscribed to the relevant service).

Personal Data: first name; last name; email address; Cookies, Usage Data, other types of Data.

Statistics
Tools:

Google Analytics with anonymized IP

Personal Data: Cookies and Usage Data

Google Tag Manager

Personal Data: Cookies, Usage Data, other types of Data.

Displaying content from external/third-party platforms
Tools:

Instagram, Facebook, Stripe

Personal Data: Cookies; Usage Data; other types of Data.

Managing contacts and sending messages and/or newsletters
Tools:

Interaction with external data collection platforms and other third parties
Tools:

Google invisible reCAPTCHA

Personal Data: Cookies; Usage Data; other types of Data.

Google Tag Manager

Personal Data: Usage Data; Other types of Data.

Behavioral targeting and remarketing
Tools:

Facebook and Instagram Remarketing

Personal Data: Usage data; email address, Cookies, other types of Data.

Personal Data: first name; last name; email address, telephone number, gender, date of birth, Skin data, Data on products purchased/in which the User is interested, Cookies, Usage data, other types of Data.

Registration and Authentication
Tools:

WordPress.com

Personal Data: various types of Data.

Platform Services
Tools:

WordPress.com

Personal Data: various types of Data.

***

FULL PRIVACY POLICY

The Data Controller, as further defined below, considers the privacy of its Users to be of fundamental importance and guarantees that the Processing of Personal Data is carried out in compliance with applicable privacy legislation, and in particular with European Regulation No. 2016/679 and national legislation on the protection of personal data, Legislative Decree 196/2003, where still in force, and the relevant national legislation implementing Legislative Decree 101/2018 on the protection of personal data. To this end, the Data Controller has adopted the following Privacy Policy to regulate and inform Users of the Website www.fruttetoitalia.com of the methods and purposes of Processing of Users’ Personal Data.

Users are kindly requested to review this document each time they access the Website, as it may be subject to revisions, additions, and/or changes resulting from regulatory requirements and/or changes and/or additions to the Website’s functionality.

Data Controller:

Frutteto Italia SRL, an Italian company with registered office at Via Padania 9 – 26030 Volongo (CR) – Italy. Paid-up share capital of €142,857.00.
Cremona Companies Register Office – REA: 200021 – VAT No. 01770310199

Data Controller’s email address: info@fruttetoitalia.it

Data Controller’s certified email address: fruttetoitalia@legalmail.it

Telephone: +39 0372 845 745

TYPES OF DATA COLLECTED

Among the Personal Data collected by www.fruttetoitalia.com and all landing pages linked and/or related to it (hereinafter, the “Site”), independently or through third parties, whose privacy policies are referred to, are: email address, personal data of various types as further specified below, cookies, and usage data.

Complete details on each type of data collected are provided in the dedicated sections of this privacy policy, or through specific information texts displayed before the data is collected.

Personal Data may be freely provided by the User or, in the case of Usage Data, collected automatically when using the Site.

Unless otherwise specified, all Data requested by the Site is mandatory. Refusal to provide such Data may make it impossible to provide the Service.

In cases where some Data is indicated as optional, Users are free to refrain from providing such Data, without this having any impact on the availability or operation of the Service.

Users who are unsure about which Data is mandatory are encouraged to contact the Owner.
Any use of Cookies by the Site or by the owners of third-party services used by the Site, unless otherwise specified, is intended to provide the Service requested by the User, in addition to any other purposes described in this document and in the Cookie Policy, if available.

The User assumes responsibility for the Personal Data of third parties obtained, published, or shared through the Site and guarantees that he or she has the right to communicate or disseminate such Data, thereby releasing the Owner from any liability towards him or any third party.

METHODS AND PLACE OF PROCESSING OF COLLECTED DATA

The Data Controller adopts appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of Personal Data.

Processing is carried out using computer and/or electronic means, following organizational methods and procedures strictly related to the purposes indicated. In addition to the Data Controller, in some cases, other parties involved in the Data Controller’s organization and/or management of the Site (including but not limited to administrative, sales, marketing, legal, system administration personnel, etc.) or external parties (including but not limited to accountants, external legal personnel, third-party technical service providers, postal couriers, hosting providers, IT companies, communications agencies, and/or providers of address management and email messaging services, etc.) may have access to the Data. These parties may also be appointed, if necessary, as Data Processors by the Data Controller. The updated list of Data Processors may always be requested from the Data Controller.

LEGAL BASIS FOR PROCESSING

The Data Controller lawfully processes Personal Data relating to the User if one of the following conditions applies:

The Data Subject has given consent to the processing of his or her Personal Data for one or more specific purposes, pursuant to Article 6, paragraph 1, letter a) of the GDPR. Note: In some jurisdictions, the Data Controller may be permitted to process Personal Data without the User’s consent or without any other legal basis specified below, until the User objects to such Processing (“opt-out”). However, this does not apply if the Processing of Personal Data is regulated by European data protection legislation;
Processing is necessary for the performance of a contract with the User and/or for the implementation of pre-contractual obligations, pursuant to Article 6, paragraph 1, letter b) of the so-called GDPR 2016/679;
The Processing of Personal Data is necessary for compliance with a legal obligation to which the Controller is subject, pursuant to Article 6, paragraph 1, letter c) of the GDPR;
The Processing is necessary to protect the vital interests of the data subject or of another natural person, pursuant to Article 6, paragraph 1, letter d) of the GDPR;
The Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller, pursuant to Article 6, paragraph 1, letter e) of the GDPR;
The Processing of Personal Data is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, unless such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject which require protection of personal data, in particular where the Data Subject is a child, all pursuant to Article 6, paragraph 1, letter f) of the GDPR.
Pursuant to Article 6 of the GDPR, Personal Data acquired through the Website without the Data Subject’s consent will be processed by the Data Controller for the management and maintenance of the Website, to enable the use of the Services, to fulfill User requests, to enable effective customer communication, to fulfill obligations under laws, regulations, EU legislation, or orders from authorities, or in any case for purposes related to the Data Controller’s activities and functions, or finally, to prevent or detect fraudulent activity or abuse to the detriment of the Data Controller through the Website.

You may always ask the Data Controller to clarify the specific legal basis for each Processing and, in particular, to specify whether the Processing is based on law, provided for by a contract, or necessary to enter into a contract.

LOCATION OF PERSONAL DATA PROCESSING

The Data is processed at the Data Controller’s registered and/or operational headquarters and/or in any other location where the parties involved in the Processing are located, and/or at the Data Controller’s offices and/or at other entities or IT systems/servers of other parties specifically designated as (external) Data Processors.

For further information, the User is invited to contact the Data Controller.

The User’s Personal Data may be transferred to a country other than their own. For further information on the location of Processing, the User can consult the relevant section of this Privacy Policy.

The User has the right to obtain information regarding the legal basis for the transfer of Data outside the European Union or to an international organization governed by public international law or consisting of two or more countries (such as the UN), as well as regarding the security measures adopted by the Data Controller to protect the Data. If one of the transfers described above takes place, the User can refer to the relevant sections of this document or request information from the Data Controller (as specified in the “CONTACT INFORMATION” section).

RETENTION PERIOD

The Data is processed and stored for the time required for the purposes for which it was collected.

The User can obtain further information regarding the retention period of individual Personal Data processed by contacting the Data Controller (as specified in the “CONTACT INFORMATION” section).

At the end of the retention period, the Personal Data will be deleted. Therefore, upon expiration of this period, the rights to access, erasure, rectification, data portability, objection, and restriction of processing may no longer be exercised.

PURPOSE OF PROCESSING COLLECTED DATA

User Data is collected to allow the Owner to provide its Services, as well as for the following purposes:

Contacting the User
Statistics
Displaying content from external/third-party platforms
Managing contacts and sending messages and/or newsletters
Interaction with external data collection platforms and other third parties
Behavioral targeting and remarketing
Registration and authentication
Platform services
To obtain further detailed information on the purposes of the Processing and on the Personal Data specifically relevant to each purpose, the User may refer to the following section of this document.

DETAILS ON THE PROCESSING OF PERSONAL DATA

To learn how Personal Data is processed depending on the purposes pursued, the User may consult the relevant section below.

Contacting the User:
To contact the User, the Data Controller may use the Personal Data collected through the following tools:

– Contact form; Mailing list or newsletter sending (if the User has subscribed to the relevant service).

Personal data: first name; last name; email address, telephone number, gender, date of birth, skin data, data on products purchased/in which the User is interested, cookies, usage data, other types of data.

The Google invisible reCaptcha service is active for the contact form (see the specific section below).

For more information, the User is invited to consult the “Hubspot” section.

Statistics
The services contained in this section allow the Data Controller to monitor and analyze traffic data and track User behavior.

These purposes are pursued using the following tools:

Google Analytics with anonymized IP;

Google Analytics is a web analytics service provided by Google for statistical purposes to understand how visitors interact with the Site, compile reports, and share them with other Google services. Google Analytics may use a set of cookies to collect information and generate statistics on Site usage, without providing personal information about individual visitors to Google. The User’s IP address is anonymized. This anonymization works by shortening the User’s IP address within the member states of the European Union or in other countries party to the Agreement on the European Economic Area. Only in exceptional cases will the IP address be sent to Google’s servers and shortened within the United States.

Please note, however, that the data may also be processed outside the EEA.

Users are also advised that as of July 16, 2020, Google no longer bases the Processing of Users’ Personal Data on the EU-U.S. Privacy Shield to transfer data from the European Economic Area and the United Kingdom to the United States. Specifically, as of September 30, 2020, Google updated its Personal Data Processing Policy and uses the standard contractual clauses approved by the European Commission, based on the European Commission’s adequacy decisions for certain countries, as applicable, for data transfers from the EEA to the United States and other countries.

Regarding the use of cookies by Google Analytics, Users are advised to carefully review the relevant privacy policy and cookie policy, as well as the section of this Cookie Policy entitled “How can I give or withdraw consent to the installation of Cookies?” via their browser settings and the Privacy Shield section of this Policy.

Google Tag Manager
This site uses Google Tag Manager. Google Tag Manager is a solution operated by Google LLC that allows you to manage website tags using a dedicated interface.

Google Tag Manager is a tag management system for managing JavaScript and HTML tags used for website tracking and analytics. Tags are small pieces of code used, among other things, to measure traffic and visitor behavior, understand the impact of online advertising and social media, set up remarketing and targeting, and test and optimize websites.

The Tag Manager tool itself (which implements the tags) is a cookie-free domain and does not record Personal Data. This tool allows the activation of other tags that may, in turn, record Data under certain circumstances.

For more information on Google Tag Manager’s privacy policy, please visit the following link: https://policies.google.com/privacy?hl=en. For the terms of use, please visit https://www.google.com/analytics/tag-manager/use-policy/. For Google Tag Manager privacy information, please visit https://support.google.com/tagmanager/answer/7207086.

Personal Data: Usage Data; other Data.

Displaying content from external/third-party platforms
This type of service allows you to view content hosted on external platforms directly from the pages of the Site and interact with them.

If a service of this type is installed, it is possible that, even if not specifically used, it may collect traffic data relating to the pages on which it is installed.

These purposes are achieved through:

Facebook, Facebook Widgets;
The Site contains redirect or sharing buttons to the Facebook social media platform and to individual social network pages attributable to the Data Controller.

Facebook shares information globally, both internally with Facebook companies and externally with its partners and with people with whom the User connects and shares content around the world. The information controlled by Facebook may be transferred, transmitted, or stored and processed in the United States or other countries outside the EEA.

According to the relevant policy, Facebook may use cookies to display ads and make recommendations for businesses and other organizations to people who might be interested in their products, services, or causes; to measure the performance of advertising campaigns of companies that use Facebook products; to display and measure ads across different browsers and devices used by the same person; to provide statistical data on people who use Facebook products, on people who interact with ads, advertisers’ websites and apps, and on companies that use Facebook products; and to enable functionality that allows Facebook to provide its products.

Furthermore, when visiting the Site, the Facebook Pixel cookie may be installed, which allows the Data Controller to track conversions that occur on the Site as a result of ads running on Facebook.

The information collected through cookies may be shared with organizations outside of Facebook, such as advertisers and/or advertising networks, for the purpose of serving ads and measuring the effectiveness of advertising campaigns.

Users are also advised that as of July 16, 2020, Facebook no longer bases the Processing of Users’ Personal Data on the EU-U.S. Privacy Shield to transfer data from the European Economic Area and the United Kingdom to the United States. Instead, it uses standard contractual clauses approved by the European Commission and based on the European Commission’s adequacy decisions for certain countries, as applicable, for data transfers from the EEA to the United States and other countries.

Regarding the Privacy Shield, please read the relevant section in the Cookie Policy.

In this case, the following Personal Data is processed: Cookies; Usage Data; and other types of Data.

For more information on the installation and use of cookies by Facebook, please carefully review the relevant Cookie Policy. Finally, please read the service’s privacy policy carefully to obtain detailed information on the collection and transfer of Personal Data, your rights, and how to configure your privacy settings appropriately.

For behavioral targeting and remarketing, this site uses Facebook remarketing services managed by Hubspot. For more information on Hubspot, please consult the dedicated section.

Instagram, Instagram Widget
The Site contains buttons that redirect or share to the Instagram social media platform, owned by Facebook, and to individual pages of the social network linked to the Data Controller.

Facebook/Instagram shares information globally, both internally with Facebook/Instagram companies and externally with partners and people the User connects with.

According to the relevant policies, Instagram uses cookies, pixels, local storage technologies, and other similar technologies to show the User relevant content for the purpose of offering the service and for reasons related to the User’s use, as well as to collect information relating to the User’s use of Instagram. Instagram may also use these technologies to remember choices made by the User (e.g., user name, language, or geographic region) and personalize the Service to offer better features and content. Instagram and its advertising partners may use these technologies to show the User ads relevant to their interests. These technologies store visits to the User’s device and may also be able to track the device’s browsing activity on sites and services other than Instagram. This information may be shared with organizations outside of Instagram, such as advertisers and/or advertising networks, for the purpose of serving ads and measuring the effectiveness of advertising campaigns.

The information controlled by Facebook/Instagram may be transferred and/or transmitted and/or stored and/or processed in the United States or other countries outside the User’s country of residence or in any case outside the EEA for the purposes described in the regulations at the following links: Facebook Terms; Instagram Terms.

The User is also informed that as of July 16, 2020, Facebook/Instagram no longer bases the Processing of Users’ Personal Data on the EU-U.S. Privacy Shield for transferring data from the European Economic Area and the United Kingdom to the United States; However, it uses standard contractual clauses approved by the European Commission and based on the European Commission’s adequacy decisions for certain countries, as applicable, for data transfers from the EEA to the United States and other countries.

Regarding the Privacy Shield, the User is referred to the relevant section in the Cookie Policy.

In this case, the following Personal Data is processed: Cookies; Usage Data; other types of Data.

Regarding the management of cookies installed by Instagram and how to disable them, the User is encouraged to carefully consult, in addition to the relevant privacy policy, the cookie policy for detailed information on the collection and transfer of Personal Data, the User’s rights, and how to configure privacy settings appropriately.

Regarding the Instagram terms of use, the User is also encouraged to read those terms.

For behavioral targeting and remarketing, this Site uses Instagram remarketing services managed by Hubspot. For more information on Hubspot, please consult the dedicated section.

Stripe
Credit/debit card payments for Products sold on the Site are processed through the Stripe gateway. This is a third-party provider that may install cookies; therefore, please read the relevant privacy policy carefully.

Contact management and sending messages and/or newsletters
This type of service allows us to manage a database of email contacts, telephone numbers, or any other contact information used to communicate with you.

These services may also collect data relating to the date and time the messages were viewed by the User, as well as the User’s interaction with them (e.g., tracking the use of links included in messages).

Google invisible reCaptcha
reCAPTCHA is a free captcha service from Google that protects websites from spam software and misuse by non-human visitors. This service is most commonly used when filling out contact forms to ensure that specific online actions are performed by humans and not bots. Traditional captchas work with small tasks that are easy for humans to solve, but pose significant challenges for machines. With reCAPTCHA, users no longer have to actively solve puzzles. The tool uses modern risk analysis techniques to distinguish humans from bots. All users have to do is check the “I’m not a robot” text box. However, with Invisible reCAPTCHA, even this is no longer necessary. reCAPTCHA integrates a JavaScript element into the source text, after which the tool runs in the background and analyzes the user’s behavior. The software calculates a so-called captcha score from the user’s actions. Google uses this score to calculate the probability that the user is a human before entering the captcha. reCAPTCHA and Captcha in general are used whenever bots could manipulate or abuse certain actions (such as registrations, surveys, etc.).

When using reCAPTCHA, data is transmitted to Google to determine whether the user is truly human. reCAPTCHA thus ensures the security of our website and, consequently, of the user.

IP addresses and other data required by Google for its reCAPTCHA service may be sent to Google, whose servers may be located in the USA.

First, the reCAPTCHA algorithm checks whether Google cookies from other Google services (YouTube, Gmail, etc.) have already been placed on the user’s browser. ReCAPTCHA then sets an additional cookie in the user’s browser and takes a snapshot of the browser window.

The IP address that the user’s browser transmits to Google is generally not merged with other Google data from other Google services.

However, data will be merged if you are logged in to your Google account while using the reCAPTCHA plugin.

If you wish to prevent your data and behavior from being transmitted to Google, you must log out of Google completely and delete all Google cookies before visiting our website or using the reCAPTCHA software. Data is typically automatically sent to Google as soon as you visit our website. To delete this data, you must contact Google Support at https://support.google.com/?hl=en-GB&tid=111401120.

By using our website, you agree to the automatic collection, processing, and use of data by Google LLC and its representatives.

You can find more information about reCAPTCHA on the Google Developers page at https://developers.google.com/recaptcha/.

For more information, please read the Google Privacy Policy and Terms of Service carefully.

Personal Data: Cookies; Usage Data; other types of Data.

Google Tag Manager
This Site uses Google Tag Manager. Google Tag Manager is a solution managed by Google LLC that allows you to manage website tags using a dedicated interface.

Google Tag Manager is a tag management system for managing JavaScript and HTML tags used for website tracking and analytics. Tags are small pieces of code that are used, among other things, to measure traffic and visitor behavior, understand the impact of online advertising and social media, set up remarketing and targeting, and test and optimize websites.

The Tag Manager tool itself (which implements the tags) is a cookie-free domain and does not record Personal Data. This tool allows the activation of other tags that may, in turn, record Data under certain circumstances.

For more information on the Google Tag Manager privacy policy, please see the following link: https://policies.google.com/privacy?hl=en, the terms of use: https://www.google.com/analytics/tag-manager/use-policy/, and Google Tag Manager privacy policy: https://support.google.com/tagmanager/answer/7207086.

Personal Data: Usage Data; other types of Data.

Behavioral targeting and remarketing
This type of service allows this Site and its partners to inform, optimize, and serve advertising based on the User’s past use of this Site.

This activity is facilitated by tracking Usage Data and using trackers to collect information that is then transferred to the partners who manage the remarketing and targeting activity.

Some services offer a remarketing option based on email address lists.

Facebook and Instagram Remarketing
Facebook (and Instagram) Remarketing is a remarketing and behavioral targeting service provided by Facebook Inc.

With the help of the Facebook pixel (or equivalent functions for transmitting event data or contact information via interfaces or other software in apps), Facebook (/Instagram) is able to target visitors to this Site and other online services for advertising.

This Site therefore uses the “Custom Audiences” remarketing function of Facebook Inc.: this allows Site Users to see interest-based advertising (“Facebook Ads” or “Instagram Ads”) when they browse the Facebook or Instagram social networks or other websites that use this process. This displays ads that are of interest to the User in order to make online offerings more interesting for them.

The use of Custom Audiences causes the User’s browser to automatically establish a direct connection to the Facebook/Instagram server.

The data collected is processed by Facebook Inc. in the United States.

This Site has no control over the scope of the data collected and its further use by Facebook Inc.: therefore, please carefully read the relevant Facebook Privacy Policy and Instagram Privacy Policy.

You can learn more about Facebook behavioral advertising by visiting this page: https://www.facebook.com/help/164968693837950

To opt out of Facebook interest-based ads, please follow these instructions: https://www.facebook.com/help/568137493302217

Facebook adheres to the Self-Regulatory Principles for Online Behavioral Advertising established by the Digital Advertising Alliance. To opt out of Facebook and other participating companies, visit the Digital Advertising Alliance in the United States http://www.aboutads.info/choices/, the Digital Advertising Alliance of Canada in Canada http://youradchoices.ca/, or the European Interactive Digital Advertising Alliance in Europe http://www.youronlinechoices.eu/, or disable it using your mobile device settings.

The “Facebook Custom Audiences” feature can be disabled for logged-in users at https://www.facebook.com/settings/?tab=ads#.

Personal Data: Usage data; email, cookies, other types of data.

Registration and authentication
Tools:

WordPress.com

To register for the reserved area and authenticate when logging in, this site uses the WordPress platform. For more information on WordPress’s data processing, please read the relevant privacy policy.

Personal data: various types of data.

Platform services
The Site was created using the WordPress.com platform.

The User is invited to read the relevant privacy policy.

Personal data: various types of data.

PRIVACY SHIELD

The Privacy Shield, or “privacy shield” between the EU and the US, is a self-certification mechanism for companies established in the US that intend to receive personal data from the European Union. It was also deemed adequate by the European Commission in 2016.

Specifically, companies undertake to comply with the principles contained therein and to provide data subjects (i.e., all individuals whose personal data has been transferred from the European Union) with adequate protections, under penalty of removal from the list of certified companies (“Privacy Shield List”) by the US Department of Commerce and possible sanctions by the Federal Trade Commission.

However, with Decision 2016/1250 of July 16, 2020, on the adequacy of the protection offered by the EU-US Privacy Shield framework (so-called “Privacy Shield”). In the “Schrems II” ruling, the Court of Justice of the European Union (CJEU) held that the Privacy Shield does not provide an adequate level of protection for personal data transferred from the EU to a company established in the United States.

With the same ruling, the European Court of Justice upheld Decision 2010/87, deeming the standard contractual clauses for the transfer of personal data from the EU to a non-EU country to be valid.

Users are encouraged to consult the FAQs on the Schrems II ruling and its effects prepared by the European Data Protection Board (EDPB), the website www.privacyshield.gov, and the website of the Italian Data Protection Authority for a better understanding of the issue.

DATA COMMUNICATION AND TRANSFER

The Data Controller specifies that the utmost care and confidentiality in data processing is one of its core values.

User data may be disclosed to third parties.

To the extent necessary to provide the services, the Data Controller may use Data Processors and service providers, such as authentication, hosting and maintenance services, data analysis services, email messaging services, delivery services, payment transaction management, solvency, and address and email verification.

Some of the Data Processors/service providers referred to in the previous sections are located outside the European Union (EU)/European Economic Area (EEA). In any case, the User’s Personal Data will be shared with countries outside the EU/EEA, provided that:

the country in question is considered a safe third country;
the Data Processor/service provider in question has adhered to the European Commission’s standard contracts regarding the transfer of Personal Data to third countries;
the Data Processor/service provider in question is certified pursuant to Article 13 of the GDPR. 40 of the GDPR or
the Data Controller/service provider in question has a set of approved binding corporate rules.
The User’s Personal Data may be disclosed or shared to comply with a legal obligation or the instructions of a court/judicial authority or any other competent body, to enforce or apply the Site’s Privacy Policy and/or other agreements, to protect the rights or safety of the Data Controller, Data Processors, service providers, and/or other third parties, or for fraud protection or credit risk reduction.

The User’s Personal Data, and in particular the email address, may also be disclosed or shared with companies and/or third parties with which the Data Controller collaborates and/or has entered into agreements if Users have subscribed to the newsletter, expressly consenting to this. “point and click” to the transfer of said Data to companies and/or third parties for the purposes indicated in the relevant consent (for example Hubspot – for more information please consult the relevant section), including marketing purposes also through Profiling.

USER RIGHTS

The User may exercise the following rights with respect to the Data processed by the Data Controller:

• right to withdraw consent at any time. The User may withdraw any consent previously given to the processing of their Personal Data (see GDPR, Art. 7);

• right of access. The User has the right to obtain from the Data Controller confirmation as to whether or not Personal Data concerning them is being processed and, where that is the case, access to their Personal Data and receive all relevant information (including the purposes of the processing), as well as a copy of the aforementioned Data (see GDPR, Art. 15);

• right to rectification of their Personal Data. The User has the right to obtain from the Data Controller without undue delay the rectification of inaccurate Personal Data concerning them. Taking into account the purposes of the processing, the data subject has the right to have incomplete Personal Data completed, including by providing a supplementary statement (see GDPR, Art. 16);

• right to erasure (“right to be forgotten”). The User has the right to obtain from the Data Controller the erasure of Personal Data concerning him or her without undue delay in the following cases: if the Personal Data is no longer necessary, or the User withdraws consent on which the processing is based and there is no other legal basis for the processing, or if the User objects to the processing, or the Personal Data has been unlawfully processed, or if the Personal Data must be erased for compliance with a legal obligation in Union or Member State law to which the Controller is subject, or if the Personal Data was collected in relation to the offer of information society services (see GDPR, Art. 17);

• right to restriction of processing. The User has the right to obtain from the Data Controller restriction of processing in the following cases: if the accuracy of the Personal Data is contested by the User, or if the processing is unlawful and the Data Subject opposes the erasure of the Personal Data and requests the restriction of its use, or if the User who has objected to the processing is pending verification whether the legitimate grounds of the Data Controller override those of the User (see GDPR, Art. 18);

• Right to data portability. The User has the right to receive the Personal Data concerning him or her, which he or she has provided to the Data Controller, in a structured, commonly used and machine-readable format and has the right to transmit those data to another controller without hindrance from the Controller to whom the personal data were provided (see GDPR, Art. 20);

• Right to object to the processing of Personal Data. The User may object at any time to the processing of personal data concerning him or her (when carried out on a legal basis other than consent). In particular, if the Personal Data is processed for direct marketing purposes, the User has the right to object at any time to the processing of personal data concerning him or her for such purposes, including profiling to the extent that it is related to such direct marketing (see GDPR, Art. 21);

• Right to lodge a complaint with the competent supervisory authority. The User may lodge a complaint with the competent data protection supervisory authority (in Italy: www.garanteprivacy.it) and before the competent courts of the Member States (see GDPR, Art. 77 et seq.).

How to exercise your rights

To exercise their rights as indicated above, Users, without paying any fee or charge (except as provided for in Article 12, paragraph 5 of the GDPR), may send a request to the Data Controller’s contact details, specifically:

Frutteto Italia SRL, an Italian company with registered office at Via Padania 9 – 26030 Volongo (CR) – Italy. Paid-up share capital: €142,857.00
Cremona Companies Register Office – REA: 200021 – VAT No. 01770310199

Data Controller’s email address: info@fruttetoitalia.it

Data Controller’s certified email address: fruttetoitalia@legalmail.it

Telephone: +39 0372 845 745

Cookie Policy

The Site uses Cookies. To learn more and view the detailed information, the User can consult the Cookie Policy.

Further information on Data Processing

Legal Defense

The User’s Personal Data may be used by the Data Controller in court or in the preparatory stages leading to possible legal action for defense against improper use of the Site or related Services by the User.

The User declares to be aware that the Data Controller may be required to disclose/communicate the Data by order of public authorities.

Specific Information

Upon the User’s request, in addition to the information contained in this Privacy Policy, the Site may provide additional and contextual information regarding specific Services or the collection and processing of Personal Data.

System Logs and Maintenance

For operation and maintenance purposes, the Site and any third-party services used by it may collect system logs, which are files that record interactions and may also contain Personal Data, such as the User’s IP address.

Information not contained in this Privacy Policy

Further information regarding the Processing of Personal Data may be requested from the Data Controller at any time, as specified in the “CONTACT INFORMATION” section.

Changes to this Privacy Policy

The Data Controller reserves the right to modify or update this Privacy Policy at any time.

The User is encouraged to regularly consult this page to ensure they are always familiar with the latest version of this Privacy Policy (see “Last Updated” at the bottom of this page). If the changes concern the processing of Personal Data based on consent, the Data Controller will collect the User’s consent again, if necessary.

DEFINITIONS AND LEGAL REFERENCES

Cookie or “Cookies”

Small piece(s) of data stored on the User’s device.

Personal Data or “Data” or “Personal Data” or “Data”

Any information relating to a Data Subject.

Sensitive and/or Specially Designated Data

Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as the processing of genetic data, biometric data intended to uniquely identify a natural person, data concerning health, or data concerning a natural person’s sex life or sexual orientation.

Usage Data

This information is collected automatically through the Site and/or third-party applications integrated into the Site, including: IP addresses or domain names of the computers used by the User who connects to the Site, URI (Uniform Resource Identifier)

Data Subject or “Data Subjects”

The identified or identifiable natural person to whom the Personal Data refers. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

Profiling

Any form of automated processing of Personal Data consisting of the use of such Personal Data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

Service

The service(s) provided by the Site as defined in the relevant terms (if any) on this site/application.

Site

The hardware or software tool through which Users’ Personal Data is collected and processed, specifically www.fruttetoitalia.com, as well as all landing pages linked and/or related to it.

Data Controller or “Owner”

The natural or legal person, public authority, or other entity , the agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data; where the purposes and means of such processing are determined by Union or Member State law, the Controller or the specific criteria for its designation may be established by Union or Member State law. The Data Controller, as identified above, unless otherwise specified, is the owner of the Website.

Processing or “Data Processing”

Any operation or set of operations performed on Personal Data or sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

European Union or “EU”

Unless otherwise specified, any reference to the European Union in this document shall be deemed to extend to all current member states of the European Union and the European Economic Area (EEA).

User or “Users”

The individual or individuals who use the Site and who, unless otherwise specified, are the Data Subject.

Legal References

This privacy policy has been prepared in accordance with applicable legislation, and in particular Articles 13 and 14 of Regulation (EU) 2016/679 (GDPR), the related implementing legislation, Legislative Decree 101/2018, and to the extent still applicable under Legislative Decree 196/2003.

Last updated: October 14, 2023.