Circular letter on personal data processing performed by the website: staging.consorziovaccherosse.blacksolutions.net,in compliance with art. 13 of the European General Data Protection Regulation (GDPR – 2016/679)
Consorzio Vacche Rosse S.C.A., as data controller, notify to data subjects the following information on data processing.
This circular letter is referred to and is valid only for this website (staging.consorziovaccherosse.blacksolutions.net) and not for other external websites surfed by the user through links available in staging.consorziovaccherosse.blacksolutions.net. The data controller isn’t responsible of processing performed by third part websites. Please take a look to data processing policy when you visit a third part website.
DATA CONTROLLER
The data controller is Consorzio Vacche Rosse S.C.A. – Via F.lli Rosselli 41/2, 42123 Reggio Emilia (RE) – ITALY – VAT IT01463760353, which avails of its own processing managers or those of external processing companies.
PURPOSES OF PROCESSING, LEGAL BASIS AND RETENTION TIME
| Purposes of processing | Categories of personal data | Legal Basis | Data retention time |
|---|---|---|---|
| A. To browse on the website and guarantee the proper functionality and cyber security to the website itself and other users. | – Browsing data | Legitimate interest pursued by the controller to promote his own business through his website, to maintain it online, reachable and to defend itself and the other visitors against possible cyber attacks | Data controller will keep the browsing data for the time strictly necessary to reach processing purposes. For what concern cookies retention time more information are available consulting the website’s Cookie Policy. |
| B. Processing for statistical and analytical purposes | – Browsing data | Legitimate interest of the Data Controller to improve and enhance the website and user experience based on statistical surveys, in order to make these changes relevant and data-driven. | The information necessary to produce the statistics will be kept in disaggregated form for the period necessary to process the anonymous and aggregated indicators. |
| C. To grant availability of e-commerce area and services | – Browsing data | To perform a contract in which data subject is part or to manage pre-contractual requests submitted by data subjects | Same as point A. |
| D. User sign-in and login to website personal area | – Identification data – Data concerning contact details and addresses – Other mandatory or optional data requested in sign-in form | To perform a contract in which the data subject is party or to manage pre-contractual requests submitted by data subjects | The data controller will keep this personal data until account cancellation. |
| E. To carry out, provide services or deliver your orders and purchases, and to attempt to legal obligations related to the agreement | – Identification data – Contact details and addresses – Payment methods details | Contract performance; legitimate interest (management of communication/disputes); legal obligations | Ten years after the relationship end (or longer for legal obligations/disputes). |
| F. To send newsletter and other commercial communications following your sign-in through the newsletter form | – Contact details and addresses | Data subject’s explicit consent | Your e-mail address will be kept until consent revocation (unsubscribe). |
| G. Promotional activities, sending advertisement material and completing market researches directly to the user | – Identification and contact data – Browsing data – Data related to purchasing and browsing habits | Explicit consent; legitimate interest for Soft Spam communications | Until consent revocation, or ten years for existing partners. |
| H. Management of communication through social networks | – Identification data – Social-profile data – Information communicated by the data subject during the interaction | Legitimate interest; contract/pre-contract performance | Time strictly necessary to respond, then deletion or new notice for other purposes. |
TYPES OF PERSONAL DATA PROCESSED
A. Surfing data. Systems and software procedures responsible for the functioning of this website acquire, during their normal operation, several personal data which transmission is implicit in the use of Internet communication protocols. This category of data includes:
- IP addresses or domain names of computers utilized by users connecting to the site;
- the URI (Uniform Resource Identifier) addresses of the requested resources;
- the time of request;
- the method used in submitting the request to the server;
- the size of file obtained in response;
- the numeric code indicating the status of response given by the server (good result, error, etc.);
- other parameters relating to the operating system and the user’s IT environment.
This data are processed only to obtain anonymous statistical information on the use of the site and to check its proper functioning, and are deleted after processing. They could be used to ascertain responsibility in case of hypothetical cybercrimes that might damage the website or other users during the browsing session.
The website could also automatically process data through setting cookies in user’s browser. Cookies are small strings of text set during the browsing in the website and, according to their purposes and the values set up, they allow the site and/or third parties to collect information related to the user, usually anonymously. The use of this electronic tool is analytically described through the Cookie Policy of the website.
B. Processing for statistical and analytical purposes. The Data Controller may process information about users’ use of the website. This information, processed where possible in anonymized and/or aggregated format, will be necessary to detect statistics on the interaction of users with the website in order to evaluate interventions to improve, enhance or revise the functionality to optimize, make the user experience more pleasant and meaningful, as well as to evaluate more overall the impact of the tool. The results of the processing will not constitute personal data, as they will be expressed in aggregate terms and for the Controller’s internal use only.
C. Sign-in and login to personal area. Data submitted in the sign-in form are required to create your account and manage subsequent requests or business relations. Login may be required for e-commerce functions.
D. E-commerce functions. You can purchase products and services provided by the data controller directly through e-commerce functions available in the website. Personal data are processed to fulfil orders, provide services, deliver goods and manage administration; appropriate security measures protect payment data. Other information may be specified in the Terms and Conditions.
E. Newsletter and marketing. The data controller may carry out promotional activities by sending e-mails or other communications containing commercial information. Processing is based on explicit consent or on the Soft Spam rule, which applies when:
- the recipient already has a commercial relationship with the controller and provided the e-mail address in that context, and
- messages concern products or services similar to those already purchased.
You can always object or limit such processing.
F. Management of communication through social networks. The Data Controller manages part of its online communication through public profiles on social networks. Comments follow the platform’s policies; private messages are processed solely to answer requests. Information may later be used outside the social network if a business relationship starts. The data controller mostly uses these social networks: Twitter, Instagram, Facebook, YouTube.
TRASMISSION OF PERSONAL TO THIRD PARTIES
- Companies which provide IT systems and website management and development services (as e-commerce and secure payment infrastructure, web development consultants, etc.);
- Companies and professional offices which provide business assistance and consultancy (IT technologies, accounting, etc.);
- Shipping and freight transport companies;
- Companies which provide technical or consultancy services concerning market research, marketing and business promotion;
- Public institutions, for the fulfillment of legal obligations related to commercial relationship, to investigate on crime or cyber-attacks delivered or suspected to our systems or to other visitors, or to manage disputes.
Further information related to the third parties who may process your personal data are available by submitting a specific request to the data controller.
PROVISION OF DATA AND CONSEQUENCES OF REFUSAL TO REPLY
The communication of your personal data is mandatory when the process is necessary to browse the website, carry out commercial or information requests, provide services or perform a contract. Denial will prevent us from fulfilling your requests. In other cases (e.g. marketing) providing data is optional and, when needed, subject to explicit consent.
RIGHTS OF DATA SUBJECTS
We inform you about the existence of your rights to access, rectify, erase, restrict, object to, and port your data (Articles 15 to 22 GDPR). If processing is based on consent, you may revoke it at any time without affecting previous lawful processing.
Requests or complaints can be sent to info@consorziovaccherosse.it. To facilitate handling, please specify in the subject: “Request to exercise a data subject right”. State your identity, the relationship with the Controller, the right you wish to exercise and all useful information to identify the data and processing in question (you may use the form provided by the Italian Supervisory Authority at https://www.garanteprivacy.it/home/modulistica-e-servizi-online).
You are entitled to lodge a complaint with the Italian Supervisory Authority by certified e-mail (protocollo@pec.gpdp.it), registered letter to Piazza Venezia 11, 00187 Rome, or with the supervisory authority of another EU Member State.
MODIFICATIONS
The Data Controller reserves the right to modify, update, add or remove parts of this information notice. Please check periodically for changes; the circular letter indicates the update date. Using the site after changes are published constitutes acceptance of those changes.
This circular letter was updated on 23/04/2025
