Privacy Policy

This page provides, pursuant to art. 13 Reg. 2016/679 (General Data Protection Regulation, hereinafter GDPR), the information on the processing of personal data carried out by the website www.basilicogenovese.it (hereinafter also “Site”).

1. Data Controller and Data Protection Officer

The data controller is Consorzio Basilico Genovese DOP, with registered office in via Prà n. 63 – 16157 Genoa, VAT number IT02171410992 and can be contacted at the postal address of the headquarters or at the e-mail address info@basilicogenovese.it .

2. Data collected and purpose of processing

A) Data for newsletter subscription
In order to send the newsletter, the Data Controller collects and processes the user’s email address.
The purpose of the processing is to register for the newsletter service and the data provided will not be processed for other purposes. The legal basis for the processing is the consent expressed by the interested party.

B) Data provided voluntarily by the user via post and e-mail
The optional and voluntary sending of emails to the addresses indicated on this site ( info@basilicogenovese.it and presidente@basilicogenovese.it ) or of postal mail to the headquarters address entails the subsequent acquisition of the sender’s address as well as all personal data contained in the message. The purpose of the processing is to fulfill the request for information and carry out any additional activities requested by the interested party; the legal basis for the processing is, therefore, the user’s interest in being contacted, as well as the execution of pre-contractual measures requested by the interested party.

C) Browsing data
The systems and procedures used to operate the www.basilicogenovese.it website acquire certain data that is implicitly transmitted using Internet communication protocols.
This information is not collected to be associated with identified natural persons, but by its very nature it could allow users to be identified through association with data held by third parties. This data includes the IP addresses or domain names of computers, the addresses and names relating to the URI (Uniform Resource Identifier) of the resources requested and some information about such requests (for example, time, method used to submit the request to the server, size of the response and numerical code of the response status).
This data is processed to monitor the correct functioning of the site, improve the quality of the services offered, and perform statistical analyses in anonymous and aggregate form. They are, therefore, processed to a strictly necessary and proportionate extent to guarantee the security of the site and the information.
The legal basis for the processing is the owner’s legitimate interest in the security of the site, including to prevent it from being used in a manner that harms the rights of others or for the purpose of committing illegal activities.
Furthermore, this data may be used to ascertain liability in the event of cybercrime against the site; the legal basis, in this case, is the Data Controller’s legitimate interest in protecting and defending its rights.

3. Data provision

Without prejudice to the provisions regarding the use of Internet technologies and communication protocols, the provision of data is voluntary by the interested party who wishes to contact the Data Controller via email or post. Therefore, providing your data is not mandatory, but refusal to do so will make it impossible to contact you and/or process your request.
Subscription to the newsletter service is entirely voluntary, and therefore there is no obligation to provide data. Refusal to provide your email address will result in the inability to subscribe to the service.

4. Methods of processing

Newsletter subscription data – The data will be processed using computerized tools and retained for the entire duration of the newsletter service, unless the interested party withdraws their consent;
Data provided voluntarily by the user via email – The data will be processed using both paper and electronic means and stored for as long as necessary to carry out the activities requested by the interested party;
Browsing data – The data will be processed using computerized tools and stored for the time necessary to achieve the purposes for which they were collected, for a maximum of 24 months.

Adequate physical and IT security measures have been implemented to ensure the integrity, availability, and confidentiality of the data.
All data is stored within the European Union.

The Data Controller does not adopt any automated or algorithmic decision-making process, including profiling, pursuant to Article 22, paragraphs 1 and 4, of the GDPR for sending targeted commercial communications.

5. Special categories of data

No data falling within what Articles 9 and 10 of the GDPR define as “special categories” (personal data revealing racial or ethnic origin, political opinions, philosophical or religious beliefs, trade union membership, genetic or biometric data, data concerning health or data concerning a person’s sex life or sexual orientation, judicial data or data relating to crimes or security measures) are collected.

6. Data confidentiality

The data will not be disclosed, but may be shared with parties who provide the Data Controller with legal advice and assistance, website development, marketing and communications consulting, as well as with parties whose right to access it is granted by law or by the authorities.

7. Rights of the interested party

At any time, the interested party may exercise the rights granted to him by Articles 15 to 22 of the GDPR and in particular:
a) request confirmation of whether or not personal data concerning you exists;
b) obtain information regarding the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be disclosed and, where possible, the retention period;
c) obtain the rectification and erasure of data, as well as, where technically possible, data portability, i.e., receive them from a data controller, in a structured, commonly used and machine-readable format, and transmit them to another data controller without hindrance;
d) obtain restriction of processing and object to processing at any time, including in the case of processing for direct marketing purposes;
e) to object to automated individual decision-making, including profiling;
f) withdraw any consent at any time without affecting the lawfulness of the processing based on the consent given before the withdrawal;
g) lodge a complaint with a supervisory authority, which in Italy is the Italian Data Protection Authority (at the email address garante@gpdp.it , at the fax number 06.696773785 or by post to the address piazza di Monte Citorio n. 121 – 00186 Rome)

You can exercise your rights by sending a written request to:
Genoese Basil DOP Consortium
via Prà n. 63 – 16157 Genoa
or by email to info@basilicogenovese.it

Last updated: August 2021