Privacy Policy

PRIVACY POLICY and PROCESSING OF PERSONAL DATA

Privacy policy regarding the processing of personal data pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 (GDPR)

1. Introduction

This notice, provided in accordance with Articles 13 and 14 of the GDPR, refers to the site. www.gardavino.it (the Site) and is provided by Soc. Agr. Cantina della Valtenesi and Lugana S.r.l. with registered office in Moniga del Garda (BS) Via Pergola 21, VAT number 04020910982, in the person of the legal representative pro tempore Piovani Massimo, Tax Code 04020910982, in his capacity as Data Controller (hereinafter referred to as CVL). In this notice, singular definitions also include plural ones, and vice versa. In compliance with the GDPR, we hereby inform you that CVL will process the personal data provided and collected through the Site in accordance with the following conditions.

2. Data type, regulatory references, and operational methods

CVL will handle the personal data collected and/or provided through the Site according to the methods and for the purposes described in this section.

2.1 Registration on the Site
Processed data. When the user registers on the Site, regardless of whether they make a purchase or not, CVL may collect the following personal data related to them: first name, last name, email address.
Purpose of processing. The data collected pursuant to this paragraph will be collected and processed to allow the data subject to register on the Site by creating an account, as well as, following registration, to enable them to access their reserved area on the Site and to use the online services offered by CVL to registered users.
Reason. The reason for the treatments described in this paragraph is based on the necessity to register through the Site by creating a corresponding account, which is considered essential for entering into a purchase contract for the marketed products, pursuant to Article 6, paragraph 1, letter b) of the GDPR.
Need for data provision. The provision of the data mentioned in this paragraph is necessary and, in its absence, it will not be possible to register on the Site and purchase CVL products through it.
Retention period. The data provided during registration on the Site will be retained by CVL until the account is deleted by the concerned party to whom the data relates. CVL reserves the right to extend the aforementioned retention period if necessary to comply with a legal obligation to which CVL is subject or to protect a right of CVL before a competent authority.

2.2 Purchases through the Site
Processed data. At the moment a user completes a purchase order through the Site, CVL will proceed to process the following categories of personal data.
name, surname;
email
phone number;
data related to the purchase (transaction amount, products purchased);
shipping and/or billing address;
data related to the payment methods used (e.g. bank data, postal data).
For further information regarding the processing of data related to users' payment cards or PayPal accounts, please refer to the following paragraph 3 Purpose of processing. The data mentioned in this paragraph will be processed exclusively to enable the completion of the purchase contract and the proper execution of related operations, including the shipping of products purchased by the interested parties (and, where necessary under industry regulations, to fulfill tax obligations).
Need for data provision. Providing the data mentioned in this paragraph is necessary, and without it, it will not be possible to purchase products through the Site. Data retention period. CVL will retain the processed data to allow the purchase of its products through its Site for a maximum period of 10 (ten) years from the purchase itself, without prejudice to the possibility of extending the aforementioned retention period if necessary to comply with a legal obligation to which CVL is subject or to protect a right of CVL before a competent authority.

2.3 Marketing Activities
Processed data. Some of the personal data provided by a user at the time of registration on the Site, or during the purchase process of a product through the Site, such as: email address, phone number, and postal addresses may be processed by CVL for marketing activities that may materialize in accordance with the following methods:
a) limited to CVL customers, in sending email messages to the addresses provided by them in the context of a purchase through the Site or at the time of registration regarding products similar to those purchased through the Site (c.d.Soft-spam) or to other products that may not be similar as long as they are present on the site and/or marketed by CVL.
b) in the sending of promotional newsletters, in conducting market research, also aimed at assessing the level of user satisfaction, and in sending advertising material related to CVL products and/or services, also through automated systems, such as email and/or push notifications, or through traditional methods (e.g., postal mail or brochures).
Legal grounds for processing. The legal grounds on which the processing of personal data by CVL for direct marketing purposes are based are, respectively:
a) the legitimate interest of CVL in the case of communications related to products similar to those purchased by its customers on the Site (soft-spam), in accordance with what is provided for in art. 6, par. 1, lett. f) GDPR and art. 130, paragraph 4D.Lgs.196/2003 (Privacy Code). Users retain the right to oppose the processing in the manner described in the following paragraph.
b) the consent of the interested parties in the case of promotional messages related to products that are not similar to those already purchased by a CVL customer (art. 6, par. 1, lett. a) GDPR).
Interested parties may object, at any time, to the processing of their personal data for this purpose in the following ways:
- revoke marketing consent by sending an email to info@gardavino.it from the email address used to complete the registration on the Site;
- To unsubscribe from a newsletter, send an email to info@gardavino.it from the email with which you registered on the Site, or contact the Data Controller using the contact details provided in the following point 7.
If you wish to unsubscribe from the Site, you can send an email to the Data Protection Officer of the Company at the email address info@gardavino.it from the email with which you registered on the Site. Additionally, registered users on the Site will always be able to verify and manage their consents from their account page.
Need for data provision. The provision of the data referred to in this paragraph 2.3, as well as the granting of consent for their processing where necessary, is optional, and any lack thereof will not affect either the registration of a user on the Site or the completion of a purchase through it.
Data retention. The data processed for the purposes of direct marketing will be retained for a period of 24 (twenty-four) months from the provision of the data and the granting of consent to their processing, where required. At the end of this period, CVV will proceed to request the renewal of consent for the processing of such data. CVL reserves the right to extend the aforementioned retention period in cases where it is necessary to comply with a legal obligation imposed on it or to protect a right of CVL before a competent authority.

2.4 Profiling
Processed data. Data provided during registration on the Site or during the completion of a purchase on the same, data related to the preferences and purchasing habits of the users of the Site.
Purpose of processing. The personal data mentioned in this paragraph may be processed by CVL for the purpose of profiling activities, that is, for analyzing the preferences and consumption habits of the individuals concerned, through the detection of the type and frequency of purchases made by them, aimed at sending advertising material or personalized promotional communications from CVL, as well as to present products of specific interest to the individuals concerned.
Legal basis. The legal basis for the profiling activities carried out by CVL is represented by the consent of the data subjects pursuant to Article 6, paragraph 1, letter a) of the GDPR.
Need for data provision. The provision of the data described in this section, as well as the consent to their processing, is optional and, in its absence, CVL will not be able to deliver personalized promotional messages and communications to the interested parties. The lack of consent for data processing will not affect the ability of an interested party to register on the Site and/or complete purchases through it.
Retention period. The data processed for profiling purposes will be kept for a period of 12 (twelve) months from the provision of the same and the granting of consent for their processing, where required. At the end of this period, CVL will proceed to request the renewal of consent for the processing of such data. CVL reserves the right to extend the aforementioned retention period if necessary to comply with a legal obligation imposed on it or to protect its rights before a competent authority.
Registered users on the Site will always be able to verify and manage their consents from their account page.

2.5 Contacts with stakeholders
Processed data. CVL may process personal data provided by the interested parties (e.g., first name, last name, contact details, any other information contained in the requests of the interested parties) when they decide to contact the company through the contact details available on the Site (e.g., phone number, email, postal mail), as part of the customer care service or for any other request related to CVL's products and activities.
Purpose of processing. CVL will process the personal data mentioned in this paragraph solely for the purpose of responding to the requests made by the data subjects.
Legal basis for processing. The legal bases for the processing described in this paragraph are represented by:
a) the necessity to finalize a purchase contract in the case of interested parties contacting CVL for customer care activities (art. 6, par. 1, lett. b) GDPR);
b) the consent of the data subjects in the event that they contact CVL, or the website, for any other type of information (art. 6, para. 1, lett. a) GDPR). In particular, the fact that a data subject decides to contact CVL, or the website, by submitting a request to it will be considered an unequivocal positive action equivalent to written consent pursuant to art. 4, no. 11) GDPR.
Need for data provision. Providing the data referred to in this paragraph is optional; however, without it, CVL will not be able to respond to requests submitted by the interested parties.
Retention period. The data processed as described in this paragraph will be kept for the period strictly necessary to respond to the requests of the interested parties. CVL reserves the right to extend the aforementioned period if necessary to comply with legal obligations to which it is subject or to protect its own rights before a competent authority.

2.6 Navigation data
When a user visits the Site, CVL collects the following browsing data:
- technical information, including IP address, information about the devices used by visitors to the Site, browser, and operating systems,
- information about navigation on the Site, including URLs of visited pages and activities carried out on the page, dates and times of navigation, time spent on the Site, click stream, etc.
This information is collected for the proper functioning, management, maintenance, and improvement of the Site, as well as to ensure that the navigation of the interested parties occurs safely and to ascertain responsibility in the event of cybersecurity violations. It is also used to allow CVL to obtain statistical analyses on the use of the Site with the possibility of analyzing the data in aggregated form and to enable it to receive promotional announcements in line with their desires and interests. The processing of navigation data is also necessary to allow the completion of purchases through the Site. Users of the Site are always free to decide whether to provide their navigation data, for example, by choosing to disable cookies through their browser settings. However, refusing to provide information necessary for navigation may make it impossible to carry out activities strictly related to navigation itself and, therefore, also to consult and interact with our Site, as well as to complete purchases through the Site. Such data is retained only for the time strictly necessary for the purposes for which it is collected. Navigation data is collected using cookies. To learn more about how cookies work, how to enable and disable them, please consult our cookie policy.

2.7 Interaction with social media
The Site allows interaction with third-party sites and social networks (Google, Instagram, Facebook) through hyperlinks, sharing buttons, social plugins, and other similar tools. By accessing one of the areas of the Site equipped with this type of tools, the Internet browser will connect interested parties directly to the servers of the third-party sites in question, thus transferring their personal data to the operators of those sites. The data transfer will be carried out based on the consent of the interested parties, expressed unequivocally when they click on a specific hyperlink, plugin button, or another similar tool. Depending on the specific agreements with the operators of those third-party sites, CVL may act as an independent data controller or as a joint controller regarding such data transfers. As for the privacy protection methods and the processing of personal data collected by the operators of third-party sites with which the described interactions occur, please refer to the respective sites.

3. Use of PayPal

To make a payment using one of the types of payment cards indicated on the Site, the user enters the confidential card details directly on a page that communicates securely via encryption protocol with the payment service provider (acting as an independent data controller), without passing through the CVL server, which therefore will not process such data in any way. The data will be acquired in encrypted format. The Site also allows purchases through the PayPal payment tool. In this case, the user will be redirected to an external page where they will need to provide the personal information requested by PayPal, which acts as an independent data controller to complete the purchase process. Personal data does not pass through the CVL server, which therefore will not process such data in any way. Regarding the processing of payment card data and the data requested by PayPal, it is reminded that this is necessary to allow the completion of the online purchase contract with CVL. Therefore, failing to provide this data will prevent users from completing the online purchase process.

4. Methods of treatment

The processing of personal data of the interested parties will mainly be carried out with the aid of electronic or otherwise automated means, according to the methods and with the tools suitable to ensure the security and confidentiality of the data itself in compliance with the GDPR. In particular, all necessary technical, IT, organizational, logistical, and procedural security measures will be adopted to ensure the minimum level of data protection required by law.
allowing access only to persons authorized to process data by CVL or the data processors designated by CVL. The information acquired and the processing methods will be relevant and not excessive in relation to the type of services provided. The data will also be managed and protected in environments whose access is under constant control.

5. Communication and dissemination of data

The personal data of the interested parties processed in accordance with this notice may be communicated:
- to all those subjects (including Public Authorities) who have access to personal data by virtue of regulatory or administrative provisions;
to the companies or third parties entrusted with the services of printing, packaging, shipping and/or delivery and/or collection of the products purchased through the Site;
- to post offices, couriers, or shippers responsible for delivering the products purchased through the Site;
to the banking institutions and to the companies that manage the national or international payment circuits through which online payments for products purchased through the Site are made;
- the company, consultants, or professionals possibly appointed for the installation, maintenance, updating, and, in general, the management of the hardware and software of Cantina Michelotti or that it uses for the provision of its services;
- external companies responsible for sending advertising communications on behalf of CVL;
- to the employees and/or collaborators of CVL;
- to the subjects that manage online payment transactions;
- to the subjects responsible for the repair of products purchased under the legal warranty of conformity or otherwise of damaged products;
- to all those public and/or private entities, natural and/or legal persons (legal, administrative, and tax consulting firms, judicial offices, chambers of commerce, labor chambers and offices, etc.), whenever the communication is necessary or functional for the correct fulfillment of the contractual obligations undertaken, as well as the obligations arising from the law.
The data relating to the individuals will not be disclosed, except in anonymous and aggregated form, for statistical or research purposes.

6. Transfer of data outside the EU

CVL will not transfer the personal data of the interested parties to countries outside the European Union. In the event that this becomes necessary to pursue the purposes of the processing described in this Privacy Policy, CVL ensures that any transfers of data outside the EU will be carried out in a manner that guarantees the full protection of the rights and freedoms of the individuals concerned. If no adequacy decisions have been issued by the European Commission regarding the recipient third country, data transfers will be carried out by adopting the safeguards provided for in Articles 46 and following of the GDPR, including the standard contractual clauses approved by the European Commission, and a careful assessment of the legislation of the potential third country of destination.

7. Data Controller

CVL, as the Data Controller, can be contacted at the following details:
Address: CVL Srl Via Pergola 21 Moniga (BS).
Phone: 0365/502002
Email: info@gardavino.it CVL, in accordance with current regulations, has appointed a Data Protection Officer (DPO) who can be contacted for any requests or needs related to the protection of your personal data at the following email: info@gardavino.it

8. User rights

Pursuant to Article 13 of the GDPR, CVL informs that every user and/or interested party has the following rights regarding their personal data:
AccessYou can obtain information regarding the processing of your personal data and a copy of such personal data (art. 15 GDPR).
Correction: if any user and/or interested party believes that their personal data is inaccurate or incomplete, they may request that such data be rectified or modified according to their instructions (art. 16 GDPR);

CancellationEvery user and/or interested party has the right to request the deletion of their personal data, which will be granted in cases provided for by applicable law, and in particular if: (a) the personal data is no longer necessary for the purposes for which it was collected or otherwise processed; (b) in cases where the processing of your data is based on consent, any user and/or interested party revokes the consent in question; (c) any user and/or interested party objects to the processing and there are no overriding legitimate grounds for continuing (moreover, your right to object to processing for direct marketing purposes is absolute); (d) the personal data of any user and/or interested party is being processed unlawfully; (e) the personal data of any user and/or interested party must be deleted to comply with a legal obligation; (f) the personal data relates to minors and has been collected in relation to the offering of information society services (Article 17 GDPR);
Limitation: any user and/or concerned party can obtain the temporary limitation of the processing of their personal data in the event of one of the following situations: (a) in case of questioning the accuracy of the personal data, for the period necessary for CVL to verify their accuracy; (b) the processing of personal data is unlawful but the user and/or the concerned party opposes the deletion of the data and instead requests that its use be limited; (c) although CVL no longer needs them for processing purposes, the personal data are necessary for the establishment, exercise, or defense of a right in court; (d) in case of opposition to processing under Article 21, paragraph 1 of the GDPR, pending verification regarding the potential prevalence of legitimate grounds of the data controller over those invoked (Article 18 GDPR);

OppositionIn relation to specific situations that concern each user and/or interested party, they have the right to object to the processing of personal data based on the legitimate interest of CVL pursuant to Article 6, paragraph 1, letter f) of the GDPR at any time. Upon receiving the objection, CVL will continue processing only if there are demonstrable legitimate and compelling reasons that override the rights, interests, and freedoms of the data subject, or for the establishment, exercise, or defense of a right in legal proceedings. Every user and/or interested party has the absolute right to object at any time to the processing of personal data carried out for the purposes of direct marketing, including profiling to the extent that it is related to such direct marketing (Article 21 GDPR);
Withdrawal of consent: in the event that the processing of personal data is based on consent, every user and/or data subject has the right to withdraw it at any time (Article 7 GDPR);

Data portabilityWhere the processing is based on consent or is necessary for the performance of a contract, each user and/or data subject has the right to receive the personal data provided in a structured, commonly used, and machine-readable format and, where technically feasible, to the secure transmission of personal data to another data controller (Article 20 GDPR).

8.1 Procedure for exercising user rights.
In addition to what is provided in paragraph 2.3, the rights referred to in this point 8) may be exercised by any user and/or interested party by making a request addressed informally to the Data Protection Officer (DPO), sending an email to the following address info@gardavino.it (from the email with which one registered on CVL) or by sending a request addressed to CVL Srl Via Pergola 21. Such requests will be fulfilled without delay and, in any case, in accordance with the timelines provided by current legislation.

9. Protection of rights

In protection of rights and personal data, every user and/or interested party can, at any time, decide to file a complaint with the competent supervisory authority (in Italy, the Guarantor for the Protection of Personal Data, Piazza Venezia, 11 00187 Rome; Tel. +39 06 696771; e-mail protocollo@gpdp.it) or to take legal action before the competent national judicial bodies.
Without prejudice to this right, we invite you to contact us for the exercise of your rights through our contact channels listed in the previous paragraph 8, as it is our precise and primary intention to guarantee and protect every user and/or interested party.

10. Modifications

CVL reserves the right to make changes to this notice at any time, providing adequate publicity to the users of the Site and ensuring, in any case, a suitable and similar protection of personal data. In order to review any changes, each user and/or interested party is invited to regularly consult this notice. In any case, should CVL make substantial changes to this notice (e.g.: processing of personal data for different and additional purposes), it will inform the interested parties by email using the one provided during registration on the site.

Privacy Policy ofwww.gardavino.it

This application collects some Personal Data from its Users.

This document can be printed using the print command available in the settings of any browser.

Data Controller
Agricultural Company Cantina della Valtenesi and Lugana Srl -
Via Pergola 21 - Moniga del Garda (BS) Italy
Email address of the Owner: info@gardavino.it
PEC Address: cvl.srl@legalmail.it

Types of Data Collected
Among the Personal Data collected by this Application, either independently or through third parties, there are: Usage Data; Cookies; surname; email; username; phone number; billing address.
Complete details on each type of data collected are provided in the dedicated sections of this privacy policy or through specific informational texts displayed prior to the collection of the data itself.
Personal Data may be freely provided by the User or, in the case of Usage Data, collected automatically during the use of this Application.
Unless otherwise specified, all data requested by this Application is mandatory. If the User refuses to provide them, it may be impossible for this Application to provide the Service. In cases where this Application indicates certain data as optional, Users are free to refrain from providing such data, without any consequences on the availability of the Service or its functionality.
Users who have doubts about which Data are mandatory are encouraged to contact the Data Controller.
The eventual use of Cookies - or other tracking tools - by this Application or by the holders of third-party services used by this Application, unless otherwise specified, is intended to provide the Service requested by the User, in addition to the further purposes described in this document and in the Cookie Policy, if available.
The User assumes responsibility for the Personal Data of third parties obtained, published, or shared through this Application and guarantees that they have the right to communicate or disseminate them, releasing the Owner from any liability towards third parties.

Methods and location of the processing of the collected Data

Treatment methods
The Owner adopts appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of Personal Data.
The processing is carried out using IT and/or telematic tools, with organizational methods and logics strictly related to the indicated purposes. In addition to the Data Controller, in some cases, other parties involved in the organization of this Application (administrative, commercial, marketing staff, legal personnel, system administrators) or external parties (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) may also have access to the Data, who may also be appointed, if necessary, as Data Processors by the Data Controller. The updated list of Data Processors can always be requested from the Data Controller.

Legal basis of the processing
The Data Controller processes Personal Data related to the User if one of the following conditions is met:

• The User has given consent for one or more specific purposes; Note: in some jurisdictions, the Data Controller may be authorized to process Personal Data without the need for the User's consent or any other of the legal bases specified below, until the User objects (opts out) to such processing. However, this does not apply if the processing of Personal Data is governed by European legislation on the protection of Personal Data;
• The processing is necessary for the execution of a contract with the User and/or for the execution of pre-contractual measures;
• The processing is necessary to fulfill a legal obligation to which the Data Controller is subject;
• The processing is necessary for the performance of a task carried out in the public interest or for the exercise of public powers vested in the Controller;
• The processing is necessary for the pursuit of the legitimate interest of the Data Controller or third parties.

It is still possible to ask the Data Controller to clarify the specific legal basis for each processing and in particular to specify whether the processing is based on law, provided for by a contract, or necessary to conclude a contract.

Place
The data are processed at the operational offices of the Data Controller and in any other location where the parties involved in the processing are located. For more information, contact the Data Controller.
The User's Personal Data may be transferred to a country different from the one in which the User is located. For more information about the location of processing, the User can refer to the section regarding details on the processing of Personal Data.
The user has the right to obtain information regarding the legal basis for the transfer of Data outside the European Union or to an international organization of public international law or established by two or more countries, such as the UN, as well as information regarding the security measures adopted by the Data Controller to protect the Data.

The user can verify if one of the aforementioned transfers is taking place by examining the section of this document related to the details on the processing of Personal Data or by requesting information from the Data Controller by contacting them using the details provided at the beginning.

Retention period
The data is processed and stored for the time required by the purposes for which it was collected.
Therefore:

• The Personal Data collected for purposes related to the execution of a contract between the Data Controller and the User will be retained until the execution of that contract is completed.
• The Personal Data collected for purposes related to the legitimate interest of the Data Controller will be retained until that interest is satisfied. The User can obtain further information regarding the legitimate interest pursued by the Data Controller in the relevant sections of this document or by contacting the Data Controller.

When the treatment is based on the User's consent, the Data Controller may retain the Personal Data for a longer period until such consent is revoked. Additionally, the Data Controller may be required to retain the Personal Data for a longer period in compliance with a legal obligation or by order of an authority.
At the end of the retention period, Personal Data will be deleted. Therefore, upon the expiration of this period, the rights to access, deletion, correction, and the right to data portability can no longer be exercised.

Purpose of Processing the Collected Data
User Data is collected to enable the Owner to provide the Service, fulfill legal obligations, respond to requests or enforcement actions, protect their rights and interests (or those of Users or third parties), identify any fraudulent or malicious activities, as well as for the following purposes: Displaying content from external platforms, Statistics, Payment management, Interaction with social networks and external platforms, and Traffic optimization and distribution.
To obtain detailed information on the purposes of the processing and the Personal Data processed for each purpose, the User can refer to the section Details on the processing of Personal Data.

Details on the processing of Personal Data
Personal Data is collected for the following purposes and using the following services:

• Payment management
  Unless otherwise specified, this Application processes all payments by credit card, bank transfer, or other means through external payment service providers. In general, and unless stated otherwise, Users are requested to provide payment details and personal information directly to such payment service providers.
  This Application is not involved in the collection and processing of such information: it will instead only receive a notification from the relevant payment service provider regarding the completed payment.
  PayPal (Paypal)
  PayPal is a payment service provided by PayPal Inc., which allows the User to make payments online.
  Personal data processed: surname; email; billing address; phone number; username; various types of data as specified by the service's privacy policy.
  Place of processing: Please refer to Paypal's privacy policy.
• Interaction with social networks and external platforms
  This type of service allows for interactions with social networks or other external platforms directly from the pages of this Application.
  The interactions and information acquired from this Application are in any case subject to the User's privacy settings related to each social network.
  This type of service could still collect traffic data for the pages where the service is installed, even when Users do not use it.
  It is recommended to disconnect from the respective services to ensure that the data processed on this Application is not linked back to the User's profile.
  PayPal button and widget.
  The PayPal button and widget are interaction services with the PayPal platform, provided by PayPal Inc.
  Personal Data processed: Usage data; Tracking tool.
  Place of processing: Please refer to Paypal's privacy policy.
• Traffic optimization and distribution
  This type of service allows this Application to distribute its content through servers located in the territory and to optimize its performance.
  The Personal Data processed depends on the characteristics and the method of implementation of these services, which by their nature filter communications between this Application and the User's browser.
  Given the distributed nature of this system, it is difficult to determine the locations where content is transferred, which may contain the User's Personal Data.
  Cloudflare (Cloudflare Inc.)
  Cloudflare is a traffic optimization and distribution service provided by Cloudflare Inc.
  The integration methods of Cloudflare stipulate that it filters all traffic of this Application, meaning the communications between this Application and the User's browser, also allowing the collection of statistical data on it.
  Personal Data processed: Tracking Tools.
  Place of processing: United States Privacy Policy.
• Statistics
  The services contained in this section allow the Data Controller to monitor and analyze traffic data and are used to track User behavior.
  Google Analytics with anonymized IP (Google LLC)
  Google Analytics is a web analytics service provided by Google LLC (Google). Google uses the Personal Data collected to track and examine the use of this Application, compile reports, and share them with other services developed by Google.
  Google may use Personal Data to contextualize and personalize ads in its advertising network.
  This Google Analytics integration anonymizes your IP address. The anonymization works by shortening the IP address of users within the borders of the member states of the European Union or in other countries adhering to the agreement on the European Economic Area. Only in exceptional cases will the IP address be sent to Google's servers and shortened within the United States.
  Personal Data processed: Cookies; Usage data.
  Place of processing: United States Privacy Policy Opt Out.
  Monitoring conversions of Meta ads (Meta pixel) (Meta Platforms Ireland Limited)
  The Meta ads conversion tracking (Meta pixel) is a statistics service provided by Meta Platforms Ireland Limited that connects data from the Meta advertising network with actions taken within this Application. The Meta pixel tracks conversions that can be attributed to ads on Facebook, Instagram, and Audience Network.
  Personal Data processed: Usage data; Tracking tools.
  Place of processing: Ireland Privacy Policy Opt out.
  Meta Events Manager (Meta Platforms Ireland Limited)
  Meta Events Manager is a statistics service provided by Meta Platforms Ireland Limited. By integrating the Meta pixel, Meta Events Manager can provide the Owner with information about traffic and interactions on this Application.
  Personal Data processed: Usage data; Tracking tools.
  Place of processing: Ireland Privacy Policy Opt out.
  Google Analytics 4 (Google Ireland Limited)
  Google Analytics is a statistics service provided by Google Ireland Limited (Google). Google uses the Personal Data collected to track and analyze the use of this Application, compile reports, and share them with other services developed by Google.
  Google may use Personal Data to contextualize and personalize ads in its advertising network.
  In Google Analytics 4, IP addresses are used at the time of collection and then deleted before the data is recorded in any data center or server. To learn more, you can refer to the official Google documentation.
  Personal Data processed: Tracking Tools.
  Place of processing: Ireland Privacy Policy Opt Out.
• Viewing content from external platforms

Information on how to disable interest-based advertising.

In addition to any opt-out functions provided by any of the services listed in this document, Users can read more about how to disable interest-based advertising in the appropriate section of the Cookie Policy.

Further information on the processing of Personal Data

Sale of goods and services online
The Personal Data collected are used for providing services to the User or for the sale of products, including payment and possible delivery. The Personal Data collected to complete the payment may include those related to the credit card, the bank account used for the transfer, or other payment methods provided. The payment data collected by this Application depend on the payment system used.

User Rights

Users can exercise certain rights regarding the Data processed by the Data Controller.
In particular, within the limits established by law, the User has the right to:

• revoke consent at any time. The user can revoke the consent to the processing of their Personal Data previously expressed.
• oppose the processing of their Data. The user can oppose the processing of their Data when it occurs on a legal basis other than consent. Further details on the right to object are provided in the section below.
• Access to one's Data. The user has the right to obtain information about the Data processed by the Data Controller, about certain aspects of the processing, and to receive a copy of the Data processed.
• Check and request rectification. The user can verify the correctness of their data and request its update or correction.
• obtain the limitation of processing. The user can request the limitation of the processing of their data. In this case, the Controller will not process the data for any other purpose than their storage.
• to obtain the deletion or removal of their Personal Data. The user can request the deletion of their Data by the Data Controller.
• to receive their Data or have it transferred to another controller. The user has the right to receive their Data in a structured, commonly used, and machine-readable format and, where technically feasible, to obtain its transfer without hindrance to another controller.
• File a complaint. The user can file a complaint with the competent data protection authority or take legal action.

Details on the right to object

When Personal Data is processed in the public interest, in the exercise of public powers vested in the Data Controller, or to pursue a legitimate interest of the Data Controller, Users have the right to object to the processing for reasons related to their particular situation.
Users are informed that, if their Data is processed for direct marketing purposes, they can object to the processing at any time, free of charge and without providing any reason. If Users object to the processing for direct marketing purposes, Personal Data will no longer be processed for such purposes. To find out whether the Data Controller processes Data for direct marketing purposes, Users can refer to the respective sections of this document.

How to exercise rights
To exercise their rights, Users can send a request to the contact details of the Data Controller indicated in this document. The request can be submitted free of charge, and the Data Controller will respond as soon as possible, in any case within one month, providing the User with all the information required by law. Any corrections, deletions, or limitations on processing will be communicated by the Data Controller to each of the recipients, if any, to whom the Personal Data have been transmitted, unless this proves impossible or involves a disproportionate effort. The Data Controller will inform the User of such recipients if requested.