Privacy Policy – Cookie Policy

Information pursuant to art. 13 of the Regulation (EU) n. 679/2016 (“GDPR”)

SOCIANO Agricultural Company – Dr. Francesco Colesanti, Piazza San Francesco di Paola 6 – 01022 Bagnoregio (VT) P.IVA 01284860564 – CF: CLSFNC45H27A577M 
(hereinafter referred to as  OWNER ) protects the privacy of personal data and guarantees to them the necessary protection from any event that could put them at risk of violation.

As required by European Union Regulation n. 679/2016 (“GDPR”), and in particular to art. 13, below we provide the user (hereinafter referred to as  INTERESTED ) with the information required by law concerning the processing of his personal data.


Who we are and what data we treat (article 13, paragraph 1 letter a, article 15, lett. B GDPR)

AZIENDA AGRICOLA SOCIANO  , in the person of its legal representative pt, operates as OWNER of the treatment and can be contacted at  and collects and / or receives information regarding the person concerned, such as:

Category of data Examples of data types
Personal data Name, Surname, Physical Address, Nationality, Province and Municipality of Residence, Landline and / or Mobile Phone, Fax, Fiscal Code, Address / e-Mail
Banking data IBAN and bank / post office data (except credit card number)
Telematic traffic data Log, IP address of origin.


HOLDER  does not  require the data subject to provide so-called “special” data, or, according to the provisions of the GDPR (Article 9), personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data relating to health or sexual life or sexual orientation of the person. In the event that the service requested of the OWNER requires the processing of such data, the person concerned will receive a specific notice in advance and will be asked to provide appropriate consent.

The HOLDER appointed a  Head of the Protection of Personal Data  ( Data Protection Officer -DPO)  who can be contacted for all information and requirements:



For what purposes we need the data of the person concerned (art. 13, 1st paragraph GDPR)

The data are used by the OWNER to process the registration and the contract for the supply of the chosen Service and / or the Product purchased, to manage and execute the requests for contact forwarded by the person concerned, to provide assistance, to comply with legal and regulatory obligations where the OWNER is required to perform the activity performed. In  no event shall  HOLDER  resell  the personal data of the person concerned to third parties nor use them for undeclared purposes.

In particular, the data of the person concerned will be treated for:

  1. a) the registration and the requests for contact and / or information material

The processing of the personal data of the person concerned takes place in order to carry out the preliminary activities and consequent to the registration request, to the management of requests for information and contact and / or sending of informative material, as well as for the fulfillment of any other obligation arising.

The legal basis of these treatments is the fulfillment of the services inherent to the application for registration, information and contact and / or sending of informative material and compliance with legal obligations.

  1. b) management of the contractual relationship

The processing of personal data of the person concerned is carried out to carry out the preliminary activities and consequent to the purchase of a Service and / or a Product, the management of the relative order, the supply of the Service itself and / or the production and / or the shipment of the purchased Product, the relative invoicing and payment management, the handling of complaints and / or reports to the assistance service and the provision of assistance, fraud prevention and the fulfillment of any other obligation deriving from from the contract.

The legal basis of these treatments is the performance of the services relating to the contractual relationship and compliance with legal obligations.

  1. c) promotional activities on services / products  similar  to those purchased by the person concerned (Recital 47 GDPR )

The DATA CONTROLLER, even without your explicit consent, may use the contact details communicated by the person concerned, for the purpose of direct sales of their Services / Products, limited to the case in which they are Services / Products similar to those covered by the sale, unless the party concerned explicitly objects.

  1. d) commercial promotion activities on Services / Products  other  than those purchased by the person concerned

The personal data of the person concerned may also be processed for commercial promotion purposes, for market research and surveys with regards to Services / Products that the OWNER offers only if the person concerned has authorized the treatment and does not object to this.

This processing can be done in an automated way, with the following methods:

  • e-mail;
  • sMS;
  • telephone contact and can be carried out:
  1. if the person concerned has not withdrawn his consent for the use of the data;
  2. if, in the event that the processing is carried out through contact with a telephone operator, the party concerned is not registered in the register of oppositions as per PR n. 178/2010;

The legal basis of these treatments is the consent given by the person concerned prior to the treatment itself, which is revocable by the person concerned freely and at any time (see Section III).

  1. e) computer security

The HOLDER, in line with the provisions of Recital 49 of the GDPR, treats, even through its suppliers (third parties and / or recipients), the personal data of the interested party concerning traffic to a strictly necessary and proportionate extent to ensure the safety of networks and information, namely the ability of a network or information system to withstand, at a given security level, unforeseen events or unlawful or malicious acts that compromise availability, authenticity, or integrity and confidentiality of personal data stored or transmitted.

The OWNER will promptly inform the INTERESTED PARTIES, if there is a particular risk of violation of their data without prejudice to the obligations deriving from the provisions of art. 33 of the GDPR concerning notifications of personal data breach.

The legal basis of these treatments is the respect of legal obligations and the legitimate interest of the OWNER to carry out treatments pertaining to the purpose of protecting the corporate assets and the security of the offices and systems of the OWNER.

  1. f) profiling 

The personal data of the person concerned may also be processed for profiling purposes (such as analysis of the data transmitted and the chosen Services / Products, propose advertising messages and / or commercial proposals in line with the choices made by the users themselves) exclusively in the event that the person concerned has provided explicit and informed consent. The legal basis of these treatments is the consent given by the person concerned prior to the treatment itself, which is revocable by the person concerned freely and at any time (see Section III).

  1. g) fraud prevention (recital 47 and article 22 GDPR)
  • the personal data of the person concerned, with the exception of particular data (Art 9 GDPR) or judicial data (Art 10 GDPR) will be processed to allow checks with the purpose of monitoring and preventing fraudulent payments, by software systems that carry out a verification automated and preliminary to the negotiation of Services / Products;
  • overcoming these checks with a negative result will make it impossible to carry out the transaction; the INTERESTED PARTY may in any case express his opinion, obtain an explanation or contest the decision motivating his reasons to the Customer Assistance service or to the contact ;
  • personal data collected for anti-fraud purposes only, unlike the data necessary for the correct performance of the requested service, will be immediately canceled at the end of the control phases.
  1. h) the protection of minors

The Services / Products offered by the HOLDER are reserved to entities legally able, on the basis of the national legislation of reference, to conclude contractual obligations.

The OWNER, in order to prevent illegitimate access to its services, implements preventive measures to protect its legitimate interest, such as checking the tax code and / or other checks, when necessary for specific Services / Products, the correctness of the data identification of identity documents issued by the competent authorities.

Communication to third parties and categories of recipients (art. 13, 1st paragraph GDPR)

The communication of the personal data of the person concerned is principally against third parties and / or recipients whose activity is necessary for the performance of the activities pertaining to the relationship established and to respond to certain legal obligations, such as:


Categories of recipients Purposes
Company  FARM Sociano Administrative, accounting and contractual fulfillment obligations,
Third party suppliers and  SOCIAN AGRICULTURAL COMPANY * Provision of services (assistance, maintenance, delivery / shipment of products, provision of additional services, providers of electronic communication networks and services) connected to the requested service
Credit and payment institutions, banking institutions

/ post

Management of receipts, payments, reimbursements related to the contractual service
External professionals / consultants and consulting companies Fulfillment of legal obligations, exercise of rights, protection of contractual rights, recovery of credit
Financial administration, public bodies, judicial authorities, supervisory and control authorities Fulfillment of legal obligations, defense of rights; lists and registers kept by public Authorities or similar bodies based on specific legislation, in relation to the contractual service
Subjects formally delegated or with a recognized legal title Legal representatives, curators, guardians, etc.


 The OWNER obliges its third-party suppliers and data processors to comply with security measures equal to those adopted in relation to the person concerned by restricting the scope of action of the Data Supervisor to processing connected with the requested service.

The OWNER does not transfer your personal data to countries where the GDPR is not applied (countries outside the EU)  unless specific indications to the contrary for which the person concerned will be previously informed and if necessary your consent will be requested .

The legal basis of these treatments is the performance of the services inherent in the relationship established, compliance with legal obligations and the legitimate interest of the  SOCIAL AGRICULTURAL COMPANY  to carry out treatments necessary for these purposes.



What happens if the data subject does not provide his identified data as necessary for the purpose of performing the requested service? (Article 13, 2nd paragraph, lett. And GDPR)

The collection and processing of personal data is necessary to process the requested services as well as to provide the Service and / or supply the requested Product. If the person concerned does not provide the personal data expressly provided for as necessary within the order form or the registration form, the OWNER will not be able to process the procedures related to the management of the requested services and / or the contract and the Services / Products connected to it, nor to the obligations that depend on them.

What happens if the person concerned does not consent to the processing of personal data for commercial promotion activities on services / products  other  than those purchased?

In the event that the data subject does not consent to the processing of personal data for these purposes, such processing will not take place for the same purposes, without this having effects on the provision of the services requested, nor for those for which he already has given his consent, if requested.

In the event that the person concerned has consented and were subsequently to revoke it or oppose the processing for commercial promotion activities, his data will no longer be processed for such activities, without this having consequences or detrimental effects for the party concerned and for the services required.

How we treat the data of the person concerned (art. 32 GDPR) 

The OWNER provides for the use of adequate security measures in order to preserve the confidentiality, integrity and availability of personal data of the person concerned and imposes similar security measures on third-party suppliers and Managers.

Where we treat the data of the person concerned

The personal data of the data subject are stored in paper, computerized and telematic archives located in countries where the GDPR (EU countries) is applied.

How long are the data of the person concerned kept? (Article 13, 2nd paragraph, letter a GDPR)

Unless they explicitly express their will to remove them, the personal data of the data subject will be kept until they are necessary with respect to the legitimate purposes for which they were collected.

In particular, they will be kept for the entire duration of your registration and in any case no later than a maximum period of 12 (twelve) months of inactivity, or if, within that period, the Services and / or products purchased are not associated with the the registry itself.

In the case of data provided to the OWNER for the purposes of commercial promotion for services other than those already acquired by the person concerned, for which he initially gave consent, these will be kept for 24 months, unless revoked consent is withdrawn.

In the case of data provided to the OWNER for the purpose of profiling, these will be kept for 12 months, unless the consent given is always revoked.

It should also be added that, in the event that the INTERESTED PARTY forward to the OWNER personal data not requested or not necessary for the performance of the requested service or for the provision of a service closely connected to it, the OWNER shall not be held responsible for these data, and will cancel them as soon as possible.

Regardless of the determination of the person concerned at their removal, the personal data will in any case be kept in accordance with the terms established by the current legislation and / or national regulations, for the exclusive purpose of guaranteeing specific obligations, specific to certain Services.

In addition, personal data will in any case be kept for the fulfillment of the obligations (eg tax and accounting) which remain even after the termination of the contract (art. 2220 cc); for these purposes, the OWNER will keep only the data necessary for the related prosecution.

The cases in which the rights deriving from the contract and / or the registration of the personal data were to be enforced, in which case the personal data of the person concerned, exclusively those necessary for these purposes, will be processed for the time necessary for the their pursuit.

What are the rights of the person concerned? (Art. 15 – 20 GDPR)

The INTERESTED PARTY has the right to obtain from the DATA CONTROLLER the following:

  1. confirmation that the processing of personal data concerning him is being carried out and in this case, to obtain access to personal data and the following information: 
    -the purposes of the processing; 
    – the categories of personal data in question;
  2. the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if they are recipients of third countries or international organizations;
  3. when possible, the period of storage of personal data provided or, if this is not possible, the criteria used to determine this period;
  4. the existence of the data subject’s right to ask the DATA CONTROLLER to rectify or cancel personal data or limit the processing of personal data concerning him or to oppose their processing;
  5. the right to lodge a complaint with a supervisory authority;
  6. if the data is not collected from the person concerned, all information available on their origin;
  7. the existence of an automated decision-making process, including profiling, and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of this treatment for the person concerned.
  8. the appropriate guarantees provided by the third country (outside the EU) or an international organization to protect any data transferred
  9. the right to obtain a copy of the personal data subject to processing, provided that this right does not infringe the rights and freedoms of others; In the event of further copies required by the DATA SUBJECT, the DATA CONTROLLER may charge a reasonable fee based on costs
  10. the right to obtain from the OWNER of the processing the rectification of inaccurate personal data concerning him without unjustified delay
  11. the right to obtain from the OWNER of the treatment the deletion of personal data concerning him without unjustified delay, if the reasons provided by the GDPR in the art. 17, among which, for example, in the event that they are no longer necessary for the purposes of the processing or if this is assumed to be illegal, and always if the conditions established by law exist; and in any case if the treatment is not justified by another equally legitimate reason;
  12. the right to obtain the treatment limitation from the OWNER of the treatment, in the cases provided for by art. 18 of the GDPR, for example where you have disputed the accuracy, for the period necessary to the OWNER to verify its accuracy. The interested party must be informed, in due time, even when the suspension period has been completed or the reason for the limitation of the processing has ceased, and therefore the limitation itself revoked;
  13. the right to obtain communication from the HOLDER of the recipients to whom requests for corrections or cancellations or limitations of processing have been transmitted, unless this proves impossible or involves an effort
  14. the right to receive in a structured format, commonly used and readable by an automatic device, the personal data concerning him and the right to transmit such data to another HOLDER of the unimpeded processing by the HOLDER of the treatment to which he has provided them, in the cases provided for by art. 20 of the GDPR, and the right to obtain direct transmission of personal data from one OWNER of the processing to the other, if technically

For any further information and in any case to send your request you must contact the OWNER at . In order to ensure that the aforementioned rights are exercised by the person concerned and not by unauthorized third parties, the OWNER may request the same to provide any additional information necessary for the purpose.

How and when can the party concerned object to the processing of his personal data? (Art. 21 GDPR)

For reasons relating to the particular situation of the person concerned, the same may object at any time to the processing of his personal data if it is based on legitimate interest or if it occurs for commercial promotion activities, sending the request to the OWNER at  info @ agriturismosociano .com.

The person concerned has the right to the cancellation of his personal data if there is no legitimate prevailing reason of the OWNER with respect to the one that gave rise to the request, and in any case in the case in which the person concerned has opposed the treatment for commercial promotion activities.

Who can be the complainant? (Art. 15 GDPR)

Without prejudice to any other administrative or judicial action, the INTERESTED PARTY may submit a complaint to the competent control authority in the Italian territory (the Guarantor Authority for the protection of personal data) or to the one that carries out its tasks and exercises its powers in the Member State where the violation of the GDPR occurred.

Any update of this Statement will be communicated promptly and by appropriate means and will also be communicated if the OWNER carries out the processing of the data of the person concerned for purposes other than those referred to in this Information Notice before proceeding and following the manifestation of the relative consent of the ‘INTERESTED IF NECESSARY.



General information, deactivation and management of cookies 

Cookies are data that are sent by the website and stored by the internet browser in the computer or other device (for example, tablet or mobile phone) of the user. Technical cookies and third-party cookies may be installed from our website or related subdomains.

In any case, the user can manage, or request the general deactivation or cancellation of cookies, by changing the settings of his internet browser. However, this deactivation may slow down or prevent access to some parts of the site.

The settings to manage or disable cookies may vary depending on the internet browser used, therefore, to get more information on how to perform them

operations, we suggest the User to consult the manual of his device or the “Help” or “Help” function of his internet browser.

The following are links to users that explain how to manage or disable cookies for the most popular Internet browsers:

Technical cookies

The use of technical cookies, ie cookies necessary for the transmission of communications on the electronic communication network or cookies strictly necessary for the supplier to provide the service requested by the customer, allows the safe and efficient use of our site.

Session cookies may be installed in order to allow access and stay in the reserved area of ​​the portal as an authenticated user.

Technical cookies are essential for the proper functioning of our website and are used to allow users normal browsing and the possibility of using the advanced services available on our website. The technical cookies used are divided into session cookies, which are stored exclusively for the duration of the navigation until the browser is closed, and persistent cookies that are saved in the memory of the user’s device until their expiry or cancellation by the user same. Our site uses the following technical cookies:

  • Technical navigation or session cookies, used to manage normal browsing and user authentication;
  • Functional technical cookies, used to store user-selected customizations, such as, for example, the language;
  • Analytics technical cookies, used to know how users use our website so that we can evaluate and improve the service

Third-party cookies

Third-party cookies may be installed: these are cookies, analytics and profiling cookies, Google Analytics, Google Doubleclick, Criteo, Rocket Fuel, Youtube, Yahoo, Bing and Facebook. These cookies are sent by the websites of the aforementioned third parties external to our site.

Analytical cookies of third parties are used to collect information on the behavior of users on the site. The survey takes place anonymously, in order to monitor performance and improve the usability of the site. Third-party profiling cookies

parts are used to create user profiles, in order to offer advertising messages in line with the choices made by the users themselves.

The use of these cookies is governed by the rules established by the same third parties, therefore, users are invited to read the privacy information and instructions for managing or disabling cookies published in the following web pages:

For Google Analytics cookies:

For Google Doubleclick cookies:

For Criteo cookies:

For Facebook cookies:

For CrazyEgg cookies:

For Rocket Fuel cookies:

-privacy policy:

For Youtube cookies:

-privacy policy:  https: // www.

For Yahoo cookies:

– privacy policy and instructions to manage or disable cookies:

For Bing cookies:

– privacy policy and instructions to manage or disable cookies

Profiling cookies

Profiling cookies can be installed by the OWNER (s) by means of web analytics software  , which are used to prepare detailed, real-time analysis reports on information on: website visitors, search engines search of origin, keywords used, language of use, most visited pages.

The same can collect information and data such as IP address, nationality, city, date / time, device, browser, operating system, screen resolution, navigation source, pages visited and number of pages, duration of the visit, number of visits made.

These data can be transferred to each of the  AZIENDA AGRICOLA SOCIANO Companies , in compliance with and with the limitations imposed by the current legislation and by the provisions of this Information Notice  .