Art. 13 of Regulation (EU) 2016/679

The Vestri Farm, based in Via Teso, 17 – 52047 – Marciano della Chiana (AR), takes the protection of your personal data seriously. The Company’s goal is to ensure the protection of users’ personal data at any time. This privacy statement concerns the use of this website www.aziendaagricolavestri.it managed by Azienda Agricola Vestri, as well as the use of all the services offered through it. Therefore, the user is invited to carefully read this Information on the processing of personal data, to find out which data is collected and for what purposes they are processed.

1. Reasons for the information and ownership of the treatment Azienda Agricola Vestri informs you that it is the Data Controller – pursuant to articles 4, n. 7 and 24 of EU Regulation 2016/679 “General Data Protection Regulation” (hereinafter also the “Regulation” or “GDPR”) of the Personal Data you have provided to the Vestri Farm through this Site. For these latter circumstances, this information is supplementary to any other information received. He also informs you that your Personal Data will be processed in compliance with current European legislation on privacy (Regulation (EU) 2016/679), as well as the specific local regulations applicable for processing carried out outside the European Union.

2. Type and source of data The Personal Data that Azienda Agricola Vestri will collect and retain according to the specific purposes pursued below, include, for example, personal information such as title, name and surname, date of birth, country, language; contact information such as postal address and email address, telephone and, in relation to the purpose of purchase, payment information, such as credit card or other payment method (hereinafter also collectively “the Data”). Azienda Agricola Vestri will process the Personal Data you directly and knowingly provided through this Site on the occasion of your online purchase order and / or your registration on the Site by creating an account and / or the Azienda Agricola Vestri newsletter service and / or a request to our Customer Service. When registering for an account on the Website, the user is required to provide personal information, such as title, first and last name, country, language, email address, telephone number. The user is also asked to choose a password for their account. When the Company is contacted by a user, for example by sending an e-mail, the message received is stored for the purpose of answering questions, processing requests and improving the services offered. Each time the user accesses the website, some data is also automatically collected, such as IP address, browser type and version, operating system and platform used, through so-called “cookies”. Cookies are a particular type of data, transferred and stored in the user’s hard disk through the browser used by the latter, which allows the company to create mechanisms useful for authenticating access, memorizing the selected navigation settings. and personalization of the Website based on the personal needs of users. The user can disable cookies through the settings of their browser but it should be remembered that by doing so, the use of some services of the Website may be impossible. If the user provides personal data of third parties, he must ensure that these subjects are informed and have authorized the processing of their data as described in this Notice.

3. Methods of processing, purpose of data processing and nature of the provision The Company informs you that it will proceed to the processing of Personal Data, for the following purposes, manually and / or with the support of IT or telematic means. Personal Data will be acquired to manage the relationship between you and the Vestri Farm and to respond or satisfy all your requests, as well as to process your online purchase order through the website www.impresaagricolavestri.it and therefore to carry out all the order management activities, including the administrative management of the contract, the shipment of products, the accounting activity, the prevention of fraud, the management of any disputes, communications with the user for any problem relating to the management of order or subsequent requests relating to the order, as well as to comply with all the obligations imposed by the laws and regulations in force. It is necessary to provide Personal Data for the aforementioned purposes, as refusal would make it impossible to complete the purchase. Furthermore, with your consent, the Personal Data may be included in the Company’s CRM program and processed, together with the detailed data of your purchases, for the following purposes: a) Marketing, through traditional means of contact (ordinary mail and telephone) and / or by e-mail to send promotional news, commercial communications, newsletters, advertising material, catalogs and invitations to events organized by the Company. b) Profiling, and therefore analyzing the user’s contacts with the Company, interests, preferences and purchasing habits. The Company may also use the Personal Data to carry out statistical and market analyzes aimed at identifying products and / or services of interest to customers of its brand. The insertion of data in the CRM program is optional and free, as it is based on the consent that the user can choose to give when providing his / her Personal Data for both marketing and profiling purposes (points a) and b)) or only for one of the two. The user can unsubscribe or withdraw his consent at any time (see point 6). Failure to provide Personal Data for one or both of the aforementioned CRM purposes does not prevent the user from using the Company’s services or making purchases, but the Company will not be able to inform him of the marketing initiatives and / or events organized by the same and not will be able to understand your interests and offer services tailored to your needs.

4. Communication and dissemination of data Users can be sure that their personal data will always be in good hands, since the protection of the same is one of the company’s priorities. Information regarding users will be shared exclusively in the ways described below and only with third parties who comply with the provisions of the law in force on data protection and ensure an adequate level of protection of the same. Users’ personal data will be shared with the Company. The Data may be disclosed to any other third party, when the disclosure is required by law, including the scope of prevention / repression of any illegal activity. In all other cases, users’ personal data will be shared with third parties only with the prior and explicit consent. Your data will not be disclosed in any way. The Data Controller may communicate the Data, for the sole purposes described above, to third parties (eg suppliers, partners), duly appointed as Data Processors pursuant to Article 28 of the GDPR. Furthermore, the Data may be disclosed to any other subject, if the disclosure is required by law. Finally, the Data may be brought to the attention of persons authorized for this purpose by the Data Controller.

5. Security of personal data In order to protect users’ personal data from unauthorized access, disclosure and alteration, both technical and other security measures have been implemented. These security measures are periodically adapted in an attempt to always offer a high level of security. Despite this, users are reminded that, despite all efforts made, no security measure is perfect or impenetrable, so the Company cannot in any way be held responsible for the violation due to errors, omissions or unauthorized actions of third parties. Furthermore and in order to contribute to the maintenance of a high level of security, users are requested to always keep the chosen username and password secret, without disclosing them to third parties. Some information regarding users will be stored on some servers provided by third parties. The third-party provider was chosen on the basis of the best knowledge currently available and could be replaced from time to time, especially if there is the opinion that users’ personal data are no longer protected appropriately. The third party provider constantly strives to provide a high standard of security.

6. Duration of treatment The Data is acquired and processed by the Company on the basis of your consent, pursuant to Article 6 paragraph 1, letter a) of the Regulation. There is no obligation to provide data, but failing that, the Data Controller will be unable to proceed with the aforementioned activities. Your data will be stored in compliance with the principle of proportionality and only until this is made necessary by the existence of legitimate commercial purposes, or for as long as required by law. Generally, we keep the data for a maximum period of 24 months for marketing purposes and 12 months for profiling purposes. At the end of this period, your data will be anonymized or in any case stored in aggregate form for statistical purposes relating to consumption choices.

7. Users’ rights on the data processed You can, at any time, change the data relating to your account, by accessing the “Account” area, logging in with your credentials. Furthermore, you may exercise the rights referred to in articles 15 et seq. of the GDPR applicable to you, including the right to ask the Data Controller, at any time, for access to the Data, the rectification, cancellation of the same or the limitation of processing, the portability of data, as well as to oppose their processing. Please note that if a user requests the deletion of their personal data, the user will no longer be able to provide the services offered by the Website. You also have the right to modify and / or cancel your subscriptions at any time using the UNSUBSCRIBE link in the newsletter or other specific procedures that may be made available to the user. We remind you that you can also always lodge a complaint with the Guarantor Authority for the protection of personal data or with any other competent Supervisory Authority.

8. Contacts Any request relating to personal data referring to this information and for the exercise of your rights can contact the Data Controller or Customer Service, by sending an email to the following email address info@impresaagricolavestri.it and / or by sending a registered letter to the following address , Vestri Farm, Via Teso, 17 – 52047 – Marciano della Chiana (AR) – Italy.

9. Changes to this information Please note that this Privacy Policy is subject to periodic changes aimed at improving the protection of users’ personal data. Users are advised to periodically check this Privacy Policy. In the event of substantial changes, we will communicate them to the user and request his consent, if required by applicable law. By continuing to use the Website, the user declares to accept the new Privacy Policy.

10. Related Information Before using the website, users are asked to carefully read the INFORMATION ON COOKIES

0