Privacy Policy
INFORMATION PURSUANT TO ARTICLES 13–14 OF EU REGULATION NO. 2016/679 (GDPR) ON THE
PROCESSING OF PERSONAL DATA
Dear Visitor,
Podere Ema hereby informs you that, pursuant to and for the purposes of Articles 13 and 14 of
European Regulation No. 2016/679 (GDPR), the data collected and/or provided by you will be processed
in compliance with the regulations referred to below.
ROLES
The Data Controller is: Podere Ema, Strada Regionale 222 Chiantigiana, 339, Bagno a Ripoli 50012 (FI),
Italy – email: cantina@podereema.it
PURPOSES OF MANDATORY PROCESSING
Processing of personal data for registration purposes
The mandatory information required for registration is highlighted in the relevant input fields. Failure to
provide such mandatory information will prevent completion of the registration process. During
registration, you may also provide additional information on a voluntary basis; such information is not
mandatory and submission is at your discretion.
The personal data you provide during registration will be used by us to create your profile and to
identify you upon each subsequent access.
The legal basis applicable to these processing activities is Article 6(1)(b) of the GDPR. We will carry out all
the data processing activities described in this section based on your consent and/or to perform our
contract with you and/or on the basis of our legitimate interests.
Processing of personal data for e-commerce purposes
The personal data provided by the user during the checkout process will be used for the execution and
processing of the order and of payment transactions carried out through the online shop.
In the event of payment by credit card, the card number, expiration date, cardholder name, and
verification number (CVC) will also be collected.
The legal basis applicable to these processing activities is Article 6(1)(b) of the GDPR. In order to process
payment transactions, we may transmit the relevant data to our appointed payment service provider,
which will process such data on our behalf and solely for payment processing purposes.
We will retain information relating to each purchase made on the e-commerce platform for 10 years, in
order to comply with legal obligations regarding taxation and the retention of business records.
The personal data contained in your account will be retained until you decide to close your account.
PURPOSES OF NON-MANDATORY PROCESSING
Processing of personal data for profiling purposes
With your free and optional consent (Article 6(1)(a) of the GDPR), given by selecting the relevant consent
box on the website, Podere Ema will process your personal data for profiling purposes, in order to send
you personalized promotional communications consistent with your profile, to carry out statistical
analyses and processing relating to your personal characteristics for “clustering” activities, i.e., the
creation of target groups for internal analysis and monitoring of market and consumption trends, and
for the creation of new user clusters based on similar browsing habits and interests.
If you do not consent to the processing of your personal data for profiling purposes, your ability to
browse the website and benefit from its features will not be affected in any way, nor will you suffer any
other adverse consequences. You may, in any case, freely and at no cost withdraw your consent to the
processing of your personal data for profiling purposes at any time by contacting us through the
appropriate contact section.
Processing of personal data for marketing purposes
With your free and optional consent (pursuant to Article 6(1)(a) of the GDPR), we will process your
personal data for marketing purposes, including direct sales, sending of advertising material, market
research, commercial communications, and assessment of customer satisfaction levels.
We will send information and offers relating to Podere Ema products and services that we believe may
be of interest to you via mail, email, SMS, fax, landline/mobile phone calls with or without an operator,
WhatsApp, or social media (such as Facebook, Instagram, and Twitter).
Consent to the processing of your personal data for marketing purposes is free and optional. If you do
not provide consent, you will not suffer any adverse consequences. You may withdraw your consent to
the processing of data for marketing purposes at any time and free of charge, without any
consequences, using the methods indicated in the relevant section. You may also choose to withdraw
consent selectively, specifying which contact methods you no longer wish to receive.
You are therefore invited to inform us whether you wish to consent to the processing of your personal
data for marketing purposes by selecting the appropriate consent box.
Other processing activities
In all other cases in which you provide us with personal data in any other manner, such provision will
always be voluntary. Your information will be processed by us in order to handle your request pursuant
to Article 6(1)(b) of the GDPR (if your request relates to a possible contract to be entered into with us or
to a contract already entered into with us) or Article 6(1)(f) of the GDPR (for any other type of request).
In this context, such data may also be transmitted to third parties solely for the purpose of fulfilling
your request.
METHODS OF PROCESSING
Processing includes, by way of example, the collection, recording, organization, storage, extraction,
consultation, use, communication, and deletion of personal data. Processing is carried out, for the
purposes described above, in accordance with the principles (pursuant to Article 5 of GDPR No.
2016/679) of lawfulness, fairness, transparency, data minimization, and accuracy.
Data are processed using telephone, paper-based, IT, and electronic means. Processing is carried out
using appropriate tools and adequate technical and organizational measures to ensure security,
integrity, and confidentiality, in particular to prevent the risk of loss, unauthorized access, unlawful use,
or disclosure, in compliance with Article 32 of GDPR No. 2016/679, by authorized persons and in
accordance with Article 29 of GDPR No. 2016/679 and Article 2-quaterdecies of the Italian Privacy Code.
NATURE OF DATA PROVISION AND CONSEQUENCES OF REFUSAL
Provision of data for mandatory purposes does not require explicit consent. Without such data, we will
not be able to provide our services. Provision of data for other purposes is optional and requires your
explicit consent. In the absence of consent, you will not receive newsletters, informational material, or
commercial communications regarding the services offered by the Data Controller or third-party
companies. However, you will still be able to access our services.
We process your personal information only when there is a legal basis for such processing. Legal bases
include:
Your consent to the relevant processing activities
Compliance with legal obligations to which we are subject
Compliance with rules set out by laws or regulations, or by contracts, agreements, or other legal
instruments
Studies conducted by research entities, preferably on anonymized personal information
Performance of a contract and related pre-contractual obligations, where you are a party to such
contract
Exercise of our rights in judicial, administrative, or arbitration proceedings
Protection of your or a third party’s physical safety
Protection of health in the context of procedures implemented by healthcare entities or
professionals
Our legitimate interest, provided that your fundamental rights and freedoms do not prevail over
such interests
Credit protection
ACCESS TO DATA
Your data may be made accessible for the purposes described above to:
Employees and collaborators of the Data Controller, in their capacity as authorized data
processors and/or system administrators;
Third-party companies or other entities (by way of example: professional firms, consultants,
software houses providing management systems, banks, insurance companies, etc.) that carry out outsourced activities on behalf of the Data Controller, in their capacity as external data
processors.
Among the Personal Data collected by this Website, either independently or through third parties, are:
Tracking Tools; Usage Data; name; email; website; unique device identifiers for advertising (such as
Google Advertiser ID or IDFA); number of Users; city; device information; session statistics; browser
information; responses to questions; clicks; keypress events; motion sensor events; mouse movements;
scrolling position; touch events.
COMMUNICATION OF DATA
The Data Controller may communicate your data to Public Authorities, Supervisory Bodies and/or
Judicial Authorities, as well as to all other entities to whom communication is mandatory or necessary
by law. Your data will not be disclosed.
TRANSFER OF DATA TO THIRD COUNTRIES
Your data have been transferred to an external data processor whose headquarters or data processing
location is not located within a Member State of the European Union. Prior to the transfer, we ensured
that the recipient guarantees an adequate level of data protection through an adequacy decision of the
European Commission pursuant to Article 45 of the GDPR, through appropriate safeguards such as the
recipient’s self-certification pursuant to Article 45 of the GDPR, and through the execution of the so-
called EU Standard Contractual Clauses with the data importer pursuant to Article 46(2)(c) of the GDPR,
or where you have given your consent to such data transfer pursuant to Article 49(1)(a) of the GDPR.
DATA RETENTION
All personal data provided will be processed in compliance with the principles of lawfulness, fairness,
relevance, and proportionality, exclusively using the methods necessary, including IT and electronic
means, to pursue the purposes described above.
Personal data will be retained for a period of 6 years following the last contact with the data subject or
until a deletion request is made by the data subject. In such cases, data related to the Data Controller’s
legitimate interest or necessary to comply with legal obligations may still be retained. Information
systems used to manage collected data are configured, from the outset, to minimize the use of
personal data.
RIGHTS OF THE DATA SUBJECT
In your capacity as a data subject, you have the rights set out in Articles 15 et seq. and Article 77 of the
GDPR, including the right to:
Obtain confirmation from the Data Controller as to whether or not personal data concerning you
are being processed and, where that is the case, access to the personal data and related
information; Obtain rectification of inaccurate personal data concerning you without undue delay and, taking
into account the purposes of processing, obtain completion of incomplete personal data;
Obtain erasure of personal data without undue delay where one of the grounds provided by law
applies;
Obtain restriction of processing where one of the conditions provided by law applies;
Receive your personal data in a structured, commonly used, and machine-readable format and
transmit those data to another controller without hindrance;
Object at any time, on grounds relating to your particular situation, to the processing of personal
data concerning you, including profiling;
Not to be subject to a decision based solely on automated processing, including profiling, which
produces legal effects concerning you or similarly significantly affects you;
Lodge a complaint with a supervisory authority pursuant to Article 77 of the GDPR.
EXERCISE OF RIGHTS
You may exercise your rights at any time by contacting the Data Controller at the following email
address: cantina@podereema.it
EXTERNAL DATA PROCESSORS AND AUTHORIZED PERSONS
The updated list of external data processors and authorized persons is kept at the registered office of
the Data Controller.
AMENDMENTS TO THIS PRIVACY NOTICE
This privacy notice was drafted on 07/04/2025 and may be subject to changes over time, including as a
result of legislative or regulatory updates. Data subjects are invited to consult this page regularly.
Icons by Athlantic S.r.l., licensed under CC BY 4.0. Free use permitted provided this notice is not
removed.
