Privacy Policy

Last updated: 4 September 2025

Who We Are (Data Controller)

Fattoria il Bell Casolino Società Semplice Agricola
VAT (P.IVA): IT 01780020705

Registered Office

Via Oberdan, 13 – Portocannone
86045 (CB) – Italy

Operational Office

Contrada Ramitelli snc – Nuova Cliternia
86042 (CB) – Italy

Email: [email protected]  ·  Tel: +39 0874 xxx xxx
Websites covered: bellcasolino.eu and linked shop shop.bellcasolino.eu (OpenCart).

Summary

1) Data We Process

  • Browsing data: technical logs, IP address, device/browser info, anti-abuse/security data (including via Cloudflare).
  • Data submitted via forms: name, email, message content, reason for contacting us.
  • Orders/Order support (shop): identification/contact details, shipping/billing address, order details, returns/support where applicable.
  • Communications: emails/replies, CRM tickets (Dolibarr).
  • Cookies and similar technologies: see Cookie Policy.
  • Third-party content: Google Maps (only after consent / “click-to-load”).
  • Responding to enquiries (forms/email) – contract or pre-contractual measures (Art. 6.1.b GDPR) and legitimate interests in internal organisation (Art. 6.1.f).
  • Managing orders, payments, deliveries, returns and support (shop) – contract (Art. 6.1.b) and legal obligation for tax/accounting compliance (Art. 6.1.c).
  • Site security and abuse prevention (logs, firewall, rate-limiting, anti-spam/Turnstile) – legitimate interests (Art. 6.1.f).
  • Interactive maps (Google Maps) – loaded only after your explicit action/consent; consent (Art. 6.1.a).
  • Direct marketing/newsletters (if enabled and with explicit opt-in) – consent (Art. 6.1.a), revocable at any time.

3) Nature of Provision

Providing data marked as “required” is necessary to handle your request/order. Failure to provide such data may prevent us from delivering the requested service.

4) Processing Methods and Security Measures

We use electronic and paper means with appropriate technical and organisational measures (server hardening, TLS, access control, logging, data minimisation, retention policies). Data are handled by authorised staff and by appointed processors (service providers) where applicable.

5) Recipients / Categories of Recipients

  • Hosting & infrastructure: VPS with HestiaCP (Italy/EU).
  • CDN/proxy & security: Cloudflare (possible international transfers under provider safeguards).
  • E-commerce: OpenCart at shop.bellcasolino.eu.
  • CRM/ERP: Dolibarr (contacts/orders).
  • Email / SMTP: email service provider(s) for communications.
  • Maps: Google Maps as an independent controller for data collected via the embed.
  • Payments (if enabled): e.g., PayPal/Stripe as independent controllers.

6) Transfers outside the EEA

Some providers (e.g., Cloudflare/Google) may process data in non-EEA countries. Transfers take place in accordance with Chapter V GDPR (e.g., SCCs/other transfer tools) with supplementary measures where required.

7) Retention Periods

  • Contact enquiries: up to 24 months from the last meaningful interaction (unless needed for legal claims).
  • Orders/invoicing: per statutory tax/accounting retention periods.
  • Security logs: typically 30–180 days, unless an incident requires longer.
  • Marketing: until consent is withdrawn or you unsubscribe.
  • Cookies: see the Cookie Policy.

8) Your Rights

You may request access, rectification, erasure, restriction, portability, objection, and withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal (Arts. 15–22 GDPR). You also have the right to lodge a complaint with the Italian Data Protection Authority (Garante).

To exercise your rights, email [email protected].

9) Google Maps (User-Activated Embed)

Our map uses a “click-to-load” mechanism: it loads only after your action/consent. Once activated, your browser connects to Google servers and personal data (e.g., IP, user-agent) may be processed. For these processing operations, Google and this site act as independent controllers. Please refer to Google’s terms and privacy information.

10) Cookies and Tracking Tools

We use technical cookies and, subject to consent, third-party cookies (e.g., for maps or analytics) in line with the Italian DPA's Cookie Guidelines. Via the banner you may accept/decline non-essential categories and change preferences at any time.

Read the Cookie Policy

11) Children

Our online services are not intended for children under 14. Any data sent by minors without parental consent will be deleted as soon as we become aware of it.

12) Automated Decision-Making

We do not make decisions based solely on automated processing that produce legal effects or similarly significant effects on you (Art. 22 GDPR).

13) How to Exercise Your Rights / Privacy Contact

For any privacy request, email [email protected]. We aim to respond within 30 days, unless the matter is complex.

14) Changes

We may update this notice to reflect legal/technical developments. Updates will be published on this page with the revised date.

Annex A – Specific Notices for Forms

“Contact us” form (bellcasolino.eu)

  • Data: name, email, message content, reason for contacting us; technical metadata (IP/timestamp).
  • Purposes: responding to your request; abuse/spam prevention.
  • Legal bases: Art. 6.1.b (pre-contractual measures) and 6.1.f (legitimate interests – security/organisation).
  • Recipients: email/SMTP provider; Dolibarr (if a CRM ticket is opened).
  • Retention: up to 24 months from the last meaningful interaction.

“Order Support” (shop.bellcasolino.eu)

  • Data: account/order data, support communications, returns where applicable.
  • Purposes: after-sales customer support; legal compliance.
  • Legal bases: Art. 6.1.b (contract), 6.1.c (legal obligation).
  • Recipients: couriers, payment systems, accounting, Dolibarr.
  • Retention: per statutory periods and for the establishment, exercise or defence of legal claims.