Privacy Policy

Dear User,

TORREVILLA VITICOLTORI ASSOCIATI SOCIETÀ COOPERATIVA AGRICOLA (VAT No. and Tax Code 00187020185), with registered office in Codevilla (PV), Via Villa 2, email: info@torrevilla.it, hereby informs you that the personal data you provide when subscribing to the mailing list via the websites www.torrevilla.it, www.lagenisia.com, www.oltrepopavese.com, www.cantinastoricamontubeccaria.com, will be processed in accordance with EU Regulation 2016/679 (GDPR) and the applicable legislation on privacy and personal data protection.

You are invited, as a data subject, to carefully read this Privacy Policy, which explains your rights as well as the purpose, methods, scope, duration of the processing, and the parties involved.

Index

1. Data Controller
2. Data Subject to Processing
3. Nature of the Processing
4. Processing Methods
5. Parties Carrying Out the Processing
6. Purpose of the Processing
7. Legal Basis
8. Data Retention Period
9. Recipients
10. User Rights

1. Data Controller

The Data Controller determines the purposes and means of the processing of personal data.

The Data Controller of your personal data is TORREVILLA Viticoltori Associati Società Cooperativa Agricola (VAT No. and Tax Code 00187020185), with registered office in Codevilla (PV), Via Villa 2, and administrative office in Torrazza Coste (PV), Via Emilia 4 – email: info@torrevilla.it, phone: +39 0383 77520.

2. Data Subject to Processing

The data subject to processing include personal identification data (first name, last name, city of residence) and other personal data (email address).

3. Nature of the Processing

The processing of data consists of the storage, management, modification, and deletion of personal identification and contact data for the purpose of sending newsletters, event invitations, and other communications to the user.

4. Processing Methods

Personal data will be processed, subject to the user’s consent given at the time of subscription to the mailing list, using electronic and IT-based methods.

Personal data will be stored on cloud providers with access restricted exclusively to employees authorized to process data (commercial department).

Note: The cloud providers used for data storage are secure and declare in their own privacy policies that data processing is carried out in compliance with the GDPR, although data transfers to non-EU countries may occur.

5. Parties Carrying Out the Processing

Personal data are processed by authorized personnel (employees of the commercial department), in compliance with the applicable privacy legislation and the specific instructions provided by the Data Controller at the time of appointment, which the user may request to review.

The identification of additional data processors and the data processed by them is detailed in a specific section of our Privacy Policy, which the user may request to review.

Note: The cloud providers used for data storage are secure and declare in their own privacy policies that data processing is carried out in compliance with the GDPR, although data transfers to non-EU countries may occur.

6. Purpose of the Processing

Personal data are processed for the following purposes:

• Compliance with legal obligations
• Compliance with contractual obligations
• Marketing and newsletter distribution

7. Legal Basis

The legal bases for processing common personal data (personal identification data and other data), pursuant to Article 6 of Regulation (EU) 2016/679 (GDPR), are:

• Contractual obligations
• Consent
• Legitimate interest
• Legal obligation

8. Data Retention Period

Personal data will be retained for five years, without prejudice to the right of erasure exercisable by the data subject (see Section 10 below).

9. Recipients

Without prejudice to communications required by law or contractual obligations, all collected and processed data may be disclosed exclusively for the purposes indicated above to the following categories of recipients:

• Italian Revenue Agency (Agenzia delle Entrate);
• Other public administrations;
• Data subjects;
• Authorized data processors;
• Data controllers and processors.

10. User Rights

Pursuant to Regulation (EU) 2016/679 (GDPR), users whose personal data are being processed may exercise the following rights, in accordance with the methods and limits set out in the applicable legislation, by contacting the Data Controller at info@torrevilla.it:

• request confirmation as to whether or not personal data concerning them are being processed (Art. 15 GDPR);
• obtain access to the processed personal data (Art. 15 GDPR);
• obtain additional or updated information regarding (Art. 15 GDPR):
  • the purposes of the processing;
  • the categories of personal data processed;
  • the recipients of the personal data;
  • the data retention period;
  • which personal data are stored on cloud platforms that may transfer data to non-EU countries;
• request rectification of inaccurate personal data (Art. 16 GDPR);
• request erasure of personal data (Art. 17 GDPR);
• lodge a complaint with a supervisory authority (Art. 15 GDPR);
• request restriction of processing (Art. 18 GDPR);
• receive the personal data provided to the joint data controllers in a structured, commonly used, and machine-readable format (Art. 20 GDPR);
• request portability of personal data to another data controller (Art. 20 GDPR);
• request any additional useful information regarding the processing of personal data contained in Torrevilla’s Privacy Policy.

Last modified: January 16, 2025