In compliance with the obligations deriving from the national legislation (Privacy Code) and the Community (European General Regulation No. 679/2016) regarding the protection of personal data, La Spinosa respects and protects the privacy of visitors and users.
This privacy statement applies to both the collection of information from the website and from other channels.
1 – Legal basis of processing
With the use or consultation of this site visitors and users explicitly approve this privacy statement and consent to the processing of their personal data in relation to the methods and purposes described below, including any disclosure to third parties if necessary for the provision of a service.
The provision of data and therefore the consent to the collection and processing of data is optional, the User can deny consent, and may revoke at any time a consent already provided. However, denying consent may make it impossible to provide certain services and the browsing experience on the site would be compromised.
2 – Purpose of the processing
The processing of personal data means: registration, storage, organization, consultation, selection, extraction, comparison, processing, use, modification, interconnection, blocking, communication, cancellation and destruction, transfer or dissemination, or the combination of two or more such operations.
The processing of data collected by the site, in addition to the purposes related, instrumental and necessary for the provision of the service, is aimed at the following purposes:
2.1 – Statistics
Collection of data and information in an exclusively aggregate and anonymous form in order to verify the correct functioning of the site, to improve the online store and the platform.
None of this information is related to the physical person-user of the site, and they do not allow identification in any way.
2.2 – Security
Collection of data and information in order to protect the security of the site and users (spam filters, firewalls, virus detection) and to prevent or unmask fraud or abuse to the detriment of the website.
The data are recorded automatically and may possibly also include personal data (IP address) that could be used, in accordance with applicable laws, in order to block attempts to damage the site itself or to harm other users, or otherwise harmful activities or constituting crime. These data are never used for the identification or profiling of the User and are periodically deleted.
2.3 – Marketing / Advertising
Collection of data and information in general and particular on the User’s orientations and preferences; send informative and advertising material, including third parties; send commercial communications, including interactive ones; carry out direct sales or placement of products or services; transferring to third parties the data collected and processed for commercial purposes, or for all those commercial and / or statistical purposes.
2.4 – Accessory activities
Communicate the data to third parties who perform functions necessary or instrumental to the operation of the service, and to allow third parties to perform technical, logistical and other activities on our behalf.
This site uses suppliers to perform certain activities, send traditional mail, analyze data, provide marketing assistance and provide services to customers.
Providers only have access to the personal data that are necessary to perform their duties, and undertake not to use the data for other purposes, and are required to process personal data in accordance with applicable regulations.
This category of data is retained only for the period of time necessary for the provision of the service.
3 – Data collected
This site collects user data in two ways.
3.1 – Data collected in an automated manner
While browsing users, the following information can be collected that is stored in the site log files:
Internet protocol (IP) address;
Type of browser;
Parameters of the device used to connect to the site;
Name of the Internet service provider (ISP);
Date and time of visit;
Web site of origin of the visitor (referral) and of
Possibly the number of clicks.
These data are used to analyze user trends and collect data in aggregate form, to administer and guarantee the security of the site, and are in no way attributable to the identity of the User.
3.2 – Data provided voluntarily
The site can collect other data in case of voluntary use of services by users, such as commenting, communication (chat, contact forms and email), publication of reports and newsletter subscription:
name and surname;
These data are provided voluntarily by the User at the time of requesting the service, or adding the comment, and will be used exclusively for the provision of the service requested and processed only for the time necessary to provide the service.
The email address, in case of registration to the newsletter, is also used in order to send promotional material to already existing customers, therefore in the context of an existing business relationship. The customer can always oppose the sending of such communications by clicking on the link Manage preferences newsletter present in the footer of the website. For users who are not yet customers, the sending of promotional material is subject to the collection of consent, revocable later.
The fiscal data are necessary in order to take advantage of the services provided for payment, and for billing purposes.
The data collected by the site are not provided to third parties, unless it is a legitimate request by the judicial authority and only in the cases provided by law. The data, however, may be provided to third parties if this is necessary for the provision of a specific service requested by the User, or for tax purposes or for the implementation of security checks or optimization of the site.
4 – Data retention period
The data collected are processed for the time necessary for the purposes for which they were collected, and in any case not later than the time prescribed by law.
The data necessary for tax purposes are kept until the assessments relating to the corresponding tax period are established, ie for at least 10 years and more if the relative annuity is not yet prescribed for tax purposes.
At the expiry date the data will be deleted or anonymised, unless there are additional purposes for the storage of the same (eg warranty delivery obligations, tax obligations).
5 – Security measures
The Data Controller treats the data of visitors / users in a lawful and correct manner, adopting the appropriate security measures to prevent unauthorized access, disclosure, modification or unauthorized destruction of data, as well as illicit use of data. The processing is carried out through IT and / or telematic tools, with organizational methods and with logic strictly related to the purposes indicated, and the data are stored and stored in secure facilities with access and personnel verification limits. Access to information is strictly limited to authorized personnel.
The website is constantly monitored to check for security breaches and to ensure that information is secure.
In addition to the Data Controller, in some cases, they may have access to the data categories of persons involved in the organization of the site (administrative, commercial, marketing, legal, system administrators) or external subjects (as suppliers of third party technical services, postal couriers, hosting providers, IT companies, communication agencies).
It is important that you take appropriate protection against unauthorized access to your password and your computer. Always make sure you are disconnected when using a computer shared with other users.
6 – Rights of the User
Pursuant to art. 7 of Legislative Decree 30 June 2003, n. 196 http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/1311248 and of the General Regulations for the protection of personal data, the User can, according to the procedures and within the limits provided from the current legislation:
oppose in whole or in part, for legitimate reasons, the processing of personal data concerning him for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication;
Request confirmation of the existence of personal data concerning him;
Know its origin;
Receive intelligible communication;
Having information about the logic, methods and purposes of the processing;
request the updating, rectification, integration, cancellation, transformation into anonymous form, blocking of data processed in violation of the law, including those no longer necessary for the pursuit of the purposes for which they were collected;
in cases of consent-based processing, receive only the cost of any support, its data provided to the holder, in a structured and readable form by a data processor and in a format commonly used by an electronic device;
As well as, more generally, exercise all the rights that are recognized by the current provisions of the law.
Requests should be addressed to the Data Controller.
7 – Subjects of the treatment
The data controller in accordance with applicable laws is: La Spinosa, located in via Le Masse 15 50021 – Barberino Val d’Elsa (FI), contacted at firstname.lastname@example.org, or at the specified address.