Data controller
Società Agricola Cimolai S.r.l. Società Unipersonale (single-member company) – Via San Rocco, 79/a 33080 San Quirino (Pordenone).
Data controller’s email address: info@borgodellerose.it

Type of data collected
The following is included among the Personal Data collected by Società Agricola Cimola S.r.l. Società Unipersonale, either autonomously or through third parties: Utilisation data; Cookies; information about the device.
Complete details about each type of data collected are provided in dedicated sections of this privacy policy or by means of specific informative texts viewed before collecting the data itself.
Personal Data can be given freely by Users or, in the event of Utilisation Data, it can be collected automatically while Users are visiting www.borgodellerose.it.
Unless otherwise specified, all the Data requested by Società Agricola Cimolai S.r.l. is obligatory. If Users should refuse to communicate it, it may not be possible for Società Agricola Cimolai S.r.l. to supply its services. If Società Agricola Cimolai S.r.l. indicates that some Data is not mandatory, Users are free to refrain from communicating such Data because this will not have any consequence on the availability of the service or on its effectiveness.
Any Users dubious about which Data is obligatory are encouraged to contact the Data Controller.
Unless otherwise specified, any use of Cookies – or of other tracking tools – by Società Agricola Cimolai S.r.l. or by the Data Controllers of third party services used by Società Agricola Cimolai S.r.l., has the purpose of supplying the service requested by Users, as well as other purposes described in this document and in the Cookie Policy, if available.
Users are responsible for the Personal Data of third parties, obtained, published or shared through Società Agricola Cimolai S.r.l. and guarantee that they are entitled to communicate it or disclose it, releasing the Data Controller from any responsibility towards third parties.

How and where the Data collected can be processed
Processing rules
The Data Controller adopts suitable safety measures aimed at preventing the access, disclosure, modification or unauthorised destruction of the Personal Data.
Data processing is performed using computer and/or electronic tools and employing organisational modalities and logics strictly connected to the purposes indicated. In some cases, as well as the Data Controller, other entities involved in the organisation of www.borgodellerose.it (administrative, sales, marketing and legal staff or system administrators) or external entities (such as suppliers of third party technical services, postal carriers, hosting providers, computer companies, communication agencies) may have access to the Data. An updated list of the Processors can always be requested from the Data Controller.

Legal basis of data processing
The Data Controller processes the Personal Data of Users under the following circumstances:
• Users have given their consent to one or more of the specific purposes; Note: under some legal systems the Data Controller may be authorised to process Personal Data without the consent of Users or without one of the other legal bases specified hereafter, until Users opt out of such data processing. Nevertheless, this is not applicable if Personal Data processing is governed by the European legislation concerning Personal Data protection;
• processing is required to perform a contract with a User and/or to execute pre-contractual measures;
• processing is required to fulfil one of the Data Controller’s legal obligation;
• processing is required to perform a task in the public interest or for the exercise of public authority invested in the Controller;
• processing is required to pursue the legitimate interests of the Controller or of third parties.
It is, however, always possible to ask the Data Controller to explain the concrete legal basis of each data processing and, in particular, to specify whether such processing has a legal basis, is required by a contract or is required to enter into a contract.

Place
The Data will be processed at the Data Controller’s operational headquarters and in any other place the parties involved in the processing may be located. Contact the Data Controller for any additional information.
A User’s Personal Data may be transferred to a place that differs from the one the User is located in. For more information on the place where the data will be processed, Users can refer to the section regarding details about Personal Data processing.
Users are entitled to obtain information regarding the legal basis of Data transfer outside the European Union or to an international organisation governed by public international law or made up of two or more countries, such as the UN, as well as regarding safety measures adopted by the Data Controller to protect such Data.

Users can check if one of the transfers just described takes place by reading the section of this document regarding Personal Data processing details or by requesting the Data Controller for information by contacting him in one of the ways specified at the top of this document.

Data storage period
The Data shall be processed and stored for the time required by the purposes it has been collected for.
Therefore:
• Any Personal Data collected for purposes involved in performing a contract between the Data Controller and the User shall be stored until such a contract has been performed.
• Personal Data collected for purposes ascribable to the legitimate interest of the Data Controller shall be stored until such interest has been fulfilled. Users can obtain further information regarding the legitimate interest pursued by the Data Controller in the relative sections of this document or by contacting the Data Controller.
When processing is based User consent, the Data Controller can store their Personal Data for longer, until the aforementioned consent is withdrawn. Moreover, the Data Controller may be obliged to store the Personal Data for a longer period of time to fulfil a legal obligation or to comply with the requirements of an authority.

The Personal Data will be cancelled at the end of the storage period. Therefore, all rights to access, cancel or modify data and regarding Data portability shall no longer be exercised at the end of this period.

Purpose of Processing the collected Data
A User’s Data is collected to allow the Data Controller to provide his services, fulfil legal obligations, comply with law enforcement requests or actions, defend his rights and interests (or those of Users or third parties), identify any malicious or fraudulent activities, as well as for the following purposes: SPAM protection, visualisation of external platforms, statistics, remarketing e behavioural targeting and tag management.
To obtain detailed information on why we process Personal Data and on the Personal Data processed for each purpose, Users can refer to the “Details about Personal Data processing” section.

User rights
Users can exercise certain rights over the Data processed by the Data Controller.
In particular, Users are entitled to:
• withdraw their consent at any time. Users can withdraw previously given consent to processing their Personal Data.
• object to the processing of their Data. Users can object to the processing of their Data if this is done on a legal basis that differs from the one their consent was granted on. Additional information on the right to object can be found in the section below.
• accessing one’s own Data. Users are entitled to obtain information about the Data processed by the Data Controller and about certain aspects of such processing. They are also entitled to receive a copy of the Data processed.
• checking and requesting modifications. Users can check that their Data is correct and request that it be updated or corrected.
• obtaining restriction of processing. Under certain conditions, Users can request that the processing of their Data is limited. In this case the Data Controller will only be entitled to store the Data, which cannot be used for any other purpose.
• obtain cancellation or removal of one’s own Personal Data. Under certain conditions, Users can request the Data Controller to cancel their Data.
• receive one’s own Data or transfer it to another Data Controller. Users are entitled to receive their own Data in a structured, commonly-used, machine-readable format and, where technically feasible, to transmit it to another controller. This provision can only be applied when Data is processed using machine-readable tools and processing is based on the User’s consent, on a contract the User is a party to or on contractual measures connected to it.
• lodging a complaint. Users can lodge a complaint with the competent personal data protection supervisory authorities or engage in legal proceedings.

Information on the right to object
When Personal Data is processed in the public interest, in the exercise of official authority vested in the Controller or to pursue a legitimate interest of the Controller, Users are entitled to object to processing for reasons connected with their particular circumstances.
Users are informed that, if their Data is processed for direct marketing purposes, they can object to such processing without providing any reasons. To find out whether the Controller processes data for direct marketing purposes, Users can refer to the respective sections of this document.

How Users can exercise their rights
To exercise their rights, Users can send a request to the Controllers contact details specified in this document. Such requests can be lodged free of charge and the Controller shall deal with them as soon as possible and in any case within one month from receiving them.