Privacy Azienda Agricola

Data Processing Privacy Policy

Informative document Article 13 EU Reg. 2016/679 – GDPR                                    

GUARDASTELLE SOCIETÀ SEMPLICE AGRICOLA DI FANTACCI SUSANNA & C., LOC. SOVESTRO – 53037 SAN GIMIGNANO (SI) (hereinafter the “Data Controller”), in its capacity as controller of the processing, informs you, pursuant to Art. 13 of EU Regulation 2016/679 (hereinafter the “GDPR”), that your data will be processed in the following ways and for the following purposes:

  1. Subject of the Processing

The Data Controller processes the personal, identifying data (e.g.: name, surname, company name, address, telephone number, e-mail address, bank and payment references, hereinafter “personal data” or “data”) that you provide when entering into agreements for the services provided by the Data Controller.

  1. Purpose of the Processing

The collection and processing of personal data are carried out for the purpose of conducting:

  1. Without your express consent (Art. 6, letter b) and e) GDPR), for the following Service Purposes:
  • the fulfilment of all the operations imposed by legal obligations, tax and fiscal provisions deriving from the performance of the business activity and the provisions envisaged in relation to anti-money laundering;
  • the establishment and execution of ongoing contractual relations;
  • the operations strictly connected and instrumental to the start of the aforesaid relationships, including the acquisition of information prior to signing the Agreement;
  • the management of relationships with the Customer for administration, accounting, orders, shipping, invoicing, services, management of any litigation;
  • the survey of the degree of customer satisfaction, the processing of statistics for internal use;
  • the management and execution of the necessary customs activities in the case of import/export activities, and assistance with inspection by the Responsible Authorities;
  • the provision of transport, logistics and management services for the required shipments of goods;
  • the execution of all the necessary practices for the correct and complete management of the shipment and/or the goods in transit.
  1. And, only with your specific and separate consent (Art. 7 GDPR), for the following Marketing Purposes:
  • to send you by e-mail, post and/or text message and/or telephone contact, newsletters, commercial communications and/or advertising material on products or services offered by the Data Controller and measurement of the degree of satisfaction with the quality of service;
  • to send you via e-mail, post and/or text message and/or telephone contact, commercial and/or promotional communications from third parties.

Please note that if you are already our customers, we may send you commercial communications relating to services and products of the Data Controller similar to those which you have already used, unless you disagree.

The contractual, service, commercial and non-commercial litigation and promotional purposes concern the processing of personal data of the Customer only. The Customer’s personal data will be processed for the entire duration of the contractual relations entered into and also subsequently for the fulfilment of all the legal obligations and for future commercial purposes.

  1. Processing method

The processing of your personal data is carried out via the operations indicated under Article 4, paragraph 2, GDPR and specifically involves the collection, registration, organisation, storage, consultation, processing, amendment, selection, extraction, comparison, use, interconnection, blockage, communication, cancellation and destruction of data. Your personal data is subject to both paper and electronic and/or automated processing.

The data provided will be stored in our archives according to the following parameters:

  • For administration, accounting, orders, estimates and the entire production flow, assistance and maintenance, shipping, invoicing, services, management of any disputes: 10 years as established by law by the provisions of art. 2220 of the Italian Civil Code, allowing for any delayed payment of the fees justifying extension;
  • For the purposes referred to in paragraph 2.A, points 1 to 8 above, the retention periods end with the expiry of the agreement and / or business relationship of supply;
  • For marketing purposes (paragraph 2.B, points 1-2): 24 months.
  1. Access to data

Your data may be made accessible for the purposes referred to in points 2.A and 2.B:

  • to the partners, employees and collaborators of the Data Controller in Italy and abroad, in their capacity as appointees and/or internal data processors and/or system administrators;
  • to third party companies or other subjects that carry out activities under outsourcing agreements on behalf of the Data Controller, in their capacity as external data processors.

For the sake of brevity, the detailed list of these figures is available at our headquarters and is at your disposal.

  1. Disclosure of data

Without the need for express consent (Art. 6, letters b) and c) GDPR), the Data Controller may disclose your data for the purposes referred to in point 2.A to supervisory bodies, judicial authorities, and those subjects to whom disclosure is obligatory by law for the fulfilment of the aforesaid purposes.

Your data will not be publicly disclosed.

  1. Transferral of data

Personal data are stored on the servers located in the offices of the operational headquarters, within the European Union. Personal data collected as a result of the execution of the agreement will be transferred abroad only if this situation is or can become an integral part of the execution of the agreement.

  1. Nature of data provision and consequences of refusal to respond

The provision of data for the purposes referred to in point 2.A is compulsory. In their absence, we will not be able to guarantee you the Services indicated in point 2.A.

The provision of data for the purposes referred to in point 2.B is optional. You may therefore decide not to provide any data or to subsequently deny the possibility of processing data already provided: in this case, you will not receive newsletters, commercial communications and advertising material relating to the Services offered by the Data Controller. You will still be entitled to the Services referred to in point 2.A.

  1. Rights of the data subject

In relation to the aforementioned processes, each Data Subject may exercise the rights referred to in Articles 15 to 22 of the Regulations.

  1. to access personal data (Art. 15 of the GDPR);
  2. to obtain their rectification or cancellation (obscuring) or limitation of the pertinent process (Arts. 16, 17 and 18 of the GDPR);
  3. to oppose the processing (Art. 21 of the GDPR);
  4. data portability (Art. 20 of the GDPR);
  5. to withdraw consent;
  6. to lodge a complaint with the supervisory authority (Privacy Guarantor – garanteprivacy.it).

In cases of opposition to the processing of Data pursuant to Article 21 of the Regulation, the Company reserves the right to assess the request, which will not be accepted if there are legitimate reasons to proceed with the process that prevail over the interests, rights and freedom of the person concerned.

  1. Procedures for the exercise of rights

You may exercise your rights at any time by sending:

  • a registered letter with notification of receipt to GUARDASTELLE SOCIETÀ SEMPLICE AGRICOLA DI FANTACCI SUSANNA & C., SOVESTRO – 53037 SAN GIMIGNANO (SI);
  • an e-mail to info@guardastelle.com
  1. Data controller, processors and persons in charge


The updated list of data processors and persons in charge of data processing is kept at the Data Controller’s registered office.