Privacy & Cookie Policy

This legislation describes the information we process to provide our services or to ensure the best possible service to our customers


As required by the European Union Regulation no. 679/2016 (“GDPR”) below we provide the user (“Interested”) with the information required by law relating to the processing of their personal data

1.The owner and manager of data processing

The owner and manager of data processing is Cotto del Perugino srl, with headquarters in via Trasimeno 48, Castiglione del Lago (PG), P.I. 02387790542 E-mail: Telephone: 075 835 9196

2. What data we process

The Data Controller collects and / or receives information concerning the Data Subject, such as:

Personal data

Name, surname, physical address, nationality, province and municipality of residence, landline and / or mobile telephone, social security number, e-mail address (s), social network contacts

Social data of companies, associations, public bodies, freelancers

Company name or name of the VAT number, VAT number, tax code, registered and administrative office, name and surname of the contact persons, address / s, email of the contact persons, telephone number / s, social network contacts

Data relating to traceable traffic

Log, IP address of origin, generic statistical data, social network connection data

The Data Controller does not require the Data Subject to provide so-called data “Particular”, or, according to the provisions of the GDPR (Article 9), personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data relating to the health or sexual life or sexual orientation of the person.

3. Why we need your data

The data we ask you for are used for these purposes:

follow up on the request for registration and the supply contract for the chosen Service and / or the purchased Product

The processing of the personal data of the interested party, in this case, is used by us to register you on our customer list and to comply with the legal obligations to which we must comply. These data will also be used to send invoices or other documents necessary for the correct performance of our task as suppliers of services or products. These data will be entered in our management database and will be used only and exclusively to follow up our collaboration relationship with the interested party

manage and execute contact requests forwarded by the interested party and provide assistance

The processing of such data takes place upon your explicit request and consent to answer your questions. These are data that are processed only following the request of the interested party.The legal basis of these treatments is the fulfillment of the services related to the request for registration, information and contact and / or sending information material and compliance with legal obligations .

provide suggestions on further activities regarding the Services / Products similar or complementary to those purchased by the interested party (Article 47 of the GDPR)

The data controller, even without the explicit consent of the interested party, may use the contact details communicated only for Services / Products similar to those being sold, unless the interested party explicitly objects.

provide suggestions on additional activities other than the services / products purchased

In this case the data will be processed only and exclusively if the interested party has not given consent. The processing can take place through automatic systems for sending emails, text messages or telephone contact

— !!! Identification data not provided (Article 13 GDPR) !!! —

If the interested party does not provide the identification data necessary to follow up on the requests received or following the completed form, the Data Controller will not be able to proceed with the processing related to the management of the requested services and / or the contract and the Services / Products connected to it. , nor to the obligations that depend on them.

— Consent denied for other uses other than those relating to the management of the contractual relationship —

If the interested party does not give his consent to the use of the data in order to receive information or specifications on promotional activities, the consent remains for the performance of those activities necessary for the management of the contractual relationship

The data provided by the interested party will not be disclosed to third parties

4. How we collect data

The Data Controller collects personal data in several ways:

  • Through automatic data collection systems that track information on the navigation of our website in an aggregate manner. We need this to carry out statistics and analyzes on all those who are interested in our services. This information can also be collected through software or plugins external to our website ( so-called “Cookies” – & gt; See point 9. of this text </ strong>)
  • Through forms that the user of the site can freely decide to leave in order to be contacted or informed
  • Through the modules necessary for our ecommerce to be able to better carry out our online sales activity
  • Through the request for quotation forms
  • Through one-to-one meetings at trade fairs, events, initiatives or contacts

In all these modes, explicit consent is required. In the case of offline data retrieval, the consent will be countersigned, in the case of online data retrieval, the consent occurs when you click on the “Send” link (or similar words)

5. Where this data is stored

The data being processed are stored in two ways:

  • The data collected through our website will be entered into a database within the website and on servers provided by Aruba Business srl (Read the Aruba Business privacy policy here )
  • The data collected offline will be stored in special folders stored within the legal or operational headquarters of our company

6. How this data is protected

Data collected from the website The data collected by us through the website is protected by the access password of the website administrators only. The website has two protection systems in it. The first is an Internet site encryption system through the https protocol. The security certificate is provided by Let’s Encript, provided by the company Aruba Business Spa. The second is a website protection system provided by WordFence, which:

  1. Prevents entry to any unauthorized person
  2. Blocks access if “banned” passwords are used because they are considered “hacked”

The data are all located on the servers of Aruba Business Spa Data collected offline The data collected offline are all located within special folders located within the company headquarters. The company is always manned during the appropriate working hours, while during closing hours it remains closed and accessible only with an access key. The folder in which the data is stored is anonymized

7. How long do we keep the data

In general, the personal data of the interested party will be kept as long as they are necessary with respect to the legitimate purposes for which they were collected, except for legitimate and specific requests for cancellation. In particular, they will be kept for 20 years in the case of personal data collected for the purpose of carrying out activities related or similar to the services or products sold.Instead, in the case of data provided to the Data Controller for the purposes of commercial promotion for services other than those already acquired by the interested party, for which he initially gave his consent, these will be kept for 48 months, always subject to revocation of the consent given. Regardless of the determination of the interested party to remove them, personal data will in any case be stored according to the terms provided for by current legislation and / or national regulations, for the exclusive purpose of guaranteeing the specific obligations of some Services (by way of example but not exhaustive, Certified Electronic Mail, Digital Signature, Substitutive Conservation – in this regard, see the relevant section). In addition, personal data will in any case be kept for the fulfillment of obligations (eg tax and accounting) that remain even after the termination of the contract (Article 2220 of the Civil Code); for these purposes, the Data Controller will only keep the data necessary for its prosecution. The cases in which the rights deriving from the contract and / or from the registration in the registry are valid, in which case the personal data of the interested party, exclusively those necessary for these purposes, will be processed for the time indispensable to their pursuit.

8. Rights of the interested party (articles 15 – 20 GDPR)

The interested party has the right to obtain from the data controller, if requested, the data available to the Data Controller regarding the interested party (so-called right to data “portability”). Furthermore, the interested party can request to be deleted from any database or other place of storage of the data, or the possible correction of some of these data, at any time and without having to provide any justification for this request. For any information or need, however, the interested party can directly contact the Data Controller or Data Processor at the addresses referred to in point 1. of this document. The maximum times established by the legislation for the Data Controller to carry out requests in this sense are 1 month.The interested party can also lodge a complaint with the competent supervisory authority on the Italian territory (Authority for the protection of personal data) or to the one that carries out its duties and exercises its powers in the Member State where the violation of the GDPR has occurred.

9. Cookies and services provided by third parties

The Data Controller uses third parties for the performance of some functions and activities specifically requested by third parties.In particular, our Hosting, Database and Email service associated with the purchase of domains and Internet sites is provided to us by Aruba Business srl. These services are therefore carried out through this supplier whose Privacy Policy is visible at this link .pdf This operator was chosen for its particular characteristics of reliability, safety and service. In other cases we may use servers and services (hosting, database and email) provided by other suppliers. In this case, the Data Controller will inform the Data Subject of the specific choice of the supplier.If the Data Subject wishes to assert his rights on the information present on these servers, he has the right and can directly contact the contact persons indicated in point 1. of this Policy Privacy. The cookies present on our website are the following

General information on managing cookies

Cookies are data that are sent from the website and stored by the internet browser on the user’s computer or other device (for example, tablet or mobile phone). The interested party can manage and disable the management of cookies directly from the browser they use. Below you can see how to manage the cookies of the main most popular browsers on the net:

Technical cookies and third-party cookies may be installed from our website or its subdomains. In any case, the user can manage or request the general deactivation or deletion of cookies by changing the settings of their internet browser. This deactivation, however, may slow down or prevent access to some parts of the site.

Three types of cookies: technical cookies , third-party cookies , profiling cookies

Technical cookies

These are all those cookies that allow the safe and efficient use of our site. Technical cookies, in fact, are essential for the proper functioning of our website and are used to allow users to navigate normally and to take advantage of the advanced services available on our website. The technical cookies used are divided into session cookies, which are stored exclusively for the duration of the navigation until the browser is closed, and persistent cookies that are saved in the user’s device memory until their expiration or cancellation by the user. same.

Third party cookies

  • Introduction: Other types of cookies or third-party tools that could use them

Some of the services listed below collect statistics in aggregate form and may not require the consent of the User or could be managed directly by the Owner – depending on what is described – without the help of third parties. If among the tools indicated below there are services managed by third parties, these could – in addition to what is specified and even without the knowledge of the Owner – perform User tracking activities. For detailed information on this, it is advisable to consult the privacy policies of the services listed.

  • Interaction with social networks and external platforms

These services allow interaction with social networks or other external platforms directly from the pages of this Application. The interactions and information acquired by this Application are in any case subject to the User’s privacy settings relating to each social network. In the event that an interaction service with social networks is installed, it is possible that, even if the Users do not use the service, it collects traffic data relating to the pages in which it is installed.

+1 button and Google+ social widgets (Google Inc.)

The +1 button and Google+ social widgets are interaction services with the Google+ social network, provided by Google Inc. Personal data collected: Cookies and Usage data. Place of processing: USA –

Like button and Facebook social widgets (Facebook, Inc.)

The “Like” button and Facebook social widgets are services for interacting with the Facebook social network, provided by Facebook, Inc. Personal data collected: Cookies and Usage data. Place of processing: USA –

Tweet button and Twitter social widgets (Twitter, Inc.)

The Tweet button and Twitter social widgets are services for interacting with the Twitter social network, provided by Twitter, Inc. Personal data collected: Cookies and Usage data. Place of processing: USA –

Google Analytics (Google Inc.)

Google Analytics is a web analysis service provided by Google Inc. (“Google”). Google uses the Personal Data collected for the purpose of tracking and examining the use of this Application, compiling reports and sharing them with other services developed by Google. Google may use the Personal Data to contextualize and personalize the advertisements of its own advertising network. Personal data collected: Cookies and Usage data. Place of processing: USA – The user can selectively disable the action of Google Analytics by installing the opt-out component provided by Google on your browser. To disable the action of Google Analytics, please refer to the link below dlpage / gaoptout? hl = en

Widget Google Maps (Google Inc.)

Google Maps is a map viewing service managed by Google Inc. that allows this application to integrate such content within its pages. Personal data collected: Cookies and Usage data. Place of processing: USA – it

YouTube (Google Inc)

YouTube is a map viewing service managed by Google Inc. that allows this application to integrate such content within its own web pages. Personal data collected: Cookies and Usage data. Place of processing: USA – / yt / about / policies / # community-guidelines Directions to manage or disable cookies: https : // hl = en

Facebook Pixel (Facebook Ireland Limited)

The Facebook Pixel is a widget that allows the tracking of visits and activities carried out by the user within the website, when access to the Facebook APP is open. This widget allows you to analyze data in an aggregate manner and create targeted advertising campaigns Personal data collected: Cookies and Usage data. Place of processing: Ireland To set your privacy on Facebook in a different way, just click here 325807937506242

Profiling cookies

They can be installed by the Owner (s), using the so-called software. web analytics, profiling cookies, which are used to prepare detailed and real-time analysis reports relating to information on: visitors to a website, search engines of origin, keywords used, language of use, most visited pages. They can collect information and data such as IP address, nationality, city, date / time, device, browser, operating system, screen resolution, navigation source, pages visited and number of pages, duration of the visit, number of visits made.

Notwithstanding the foregoing, the Owner informs that the User can use Your Online Choices from this link http: // www. . Through this service it is possible to manage the tracking preferences of most advertising tools. The Owner, therefore, advises Users to use this resource in addition to the information provided in this document.

& nbsp;