Information about the processing of personal data belonging to visitors browsing the website of OL.MA Collegio Toscano Olivicoltori s.a.c., in accordance with Articles 13 et seq of Regulation (EU) 679/2016

Why this information?

This page describes how the website of OL.MA Collegio Toscano degli Olivicoltori s.a.c. is managed in terms of the processing of personal data belonging to users and visitors browsing the site. This policy has been provided in accordance with article 13 et seq of Regulation EU 679/2016 (GDPR or General Data Protection Regulation) for persons interacting with the website of the Data Controller, which is accessible online at:,
the landing page of the official website of the Data Controller. The policy is
provided only for the Data Controller and does not relate to any other
websites, pages or online services which may be reached by the user through any hypertext links published on the website, referring to resources external to the domain of the Data Controller.

1. Data Controller

After visiting the website, users are informed that data relative to identified or identifiable persons may be processed. The Data Controller is OL.MA Collegio Toscano Olivicoltori s.a.c., headquartered in Grosseto, Loc. Madonnino, 3, VAT no./tax code 00127960532, certified email: Certain data processing operations may be carried out by third parties to whom OL.MA Collegio Toscano Olivicoltori s.a.c. has entrusted such activities or parts of them, where necessary to fulfil the services. In such cases, the third parties will be appointed as Data Processors or Authorised Persons. The Data Controller will provide adequate operational instructions to the data processors or authorised persons, with particular reference to the adoption of the minimum security measures necessary to guarantee the confidentiality and security of the personal data. Your data will
be processed by the Data Controller in its role as data processor and also by
Iride srl, which provides maintenance and management services to upgrade the information systems on behalf of the data controller and also provides hosting
and website management for e-commerce activity. With regard to the use, management and maintenance of information systems, these functions are
performed by in-house personnel authorised for the purpose with a specific letter of engagement. If required by a competent Authority, your data may also be disclosed in order to comply with mandatory provisions of law.

2. Purpose and legal basis for the data processing

OL.MA Collegio Toscano degli Olivicoltori s.a.c. (the Data Controller) processes the personal data of users/visitors (the Data Subjects) for the following purposes:
a) to comply with obligations deriving from a contract for the sale or purchase
of products retailed on its website and to resolve any disputes relative to
such transactions; b) to fulfil legal obligations as provided for in
administrative, accounting or fiscal regulations, including requirements
pertaining to anti-money-laundering legislation; c) in the pursuit of a
legitimate interest of the data controller including the correct functioning of
its website, the provision of updates on changes to the website or related
services or to give notice of security issues or updates; d) in order to fulfil
a legal obligation, consisting of a communication to the competent authorities concerning any fraudulent activity perpetrated through its website.

3. Categories of personal data processed


The computer systems and software procedures that operate this website acquire some personal data during normal use, which is transmitted using Internet communication protocols. Specifically, within this category, the following types of data will be saved: pages viewed, origin, duration of visit, provenance of the visitor and the type of device used.


If emails are sent voluntarily to the addresses indicated on this website, the sender’s email address will then be stored together with any other personal data in the email, in order to reply to the request or query. Specific summary information notices will be shown or displayed on the website pages that are used for providing services on demand. In order to make purchases on the website, the data subject
is required to register and send the relevant information. To create an account the following data are required: name, surname, email address, password, date of birth, address (street name and number, postcode, town/city, province and country), and for billing purposes the tax code (date and place of birth), or VAT ID number and telephone contact details. The provision of such data is mandatory in order to purchase products retailed on the website of the Data Controller. If the above data are not provided, the Data Controller will not be
able to provide the user with what was requested. Users must also provide their
payment data. In this regard, please note that OL.MA Collegio Toscano degli
Olivicoltori s.a.c. uses third-party payment services providers, who allow
payment by cash on delivery, bank transfer and credit card on various bank
circuits. Credit card payments are secure and guaranteed by the Consorzio
Triveneto circuit, of which Banca Monte dei Paschi di Siena is a member. These
service providers will collect and process the data of the data subjects, in
order to complete the financial transactions. To view the privacy policies of the bank used for the transaction, the data subject can visit the bank’s
website in order to obtain more detailed information. The links to the
third-party privacy policies are given below. - Consorzio Triveneto circuit: - Banca Monte dei
Paschi di Siena: E-commerce transactions on
the website are protected by SSL certificate and server-to-server payments through Consorzio Triveneto.


OL.MA Collegio Toscano degli Olivicoltori s.a.c. receives information about users and visitors to the site through social media (Facebook), until the “like” is
“unliked” by the user or data subject on the Facebook page of the Data
Controller. The Facebook page is managed directly by in-house personnel, by means of a letter of engagement.

4. Provision of data

The provision of the personal data indicated in point 3, paragraphs a) to d), is mandatory. If the above data are not provided, or are partially missing or
incomplete, the Data Controller will not be able to fulfil its legal and
contractual obligations.

5. Disclosure of data to third parties

The personal data of individual users may be disclosed to external parties in order to fulfil administrative, accounting and tax obligations, and to system
administrators in cases where a crime has been committed against the competent Authorities, or to the lawyers of the Data Controller in order to resolve
disputes with users relative to non-payments or breach of contract. The
information collected by the Data Controller is not provided to third parties,
except in order to utilise the services necessary to support the Data
Controller's activities. These services include, by way of example only: -
email services; - information technology/web development assistance; - telephone operator (IT); Users’ data is collected by third parties when they
make payments to buy the Data Controller’s products retailed on its website. For details of these processing operations, see point 3 of this policy. Cookies are tracking technologies used by suppliers and third parties and may also provide information about the data subjects’ browsing preferences. Please note that the users’ personal data are not circulated nor transferred abroad.

6. Where and how we store personal data

Personal data are stored on the servers of our hosting providers, who are based in Italy. The server which hosts the data of visitors to the website is managed by Iride s.r.l. at the premises of
Aruba. Access to personal data is restricted only to the technical personnel
specifically authorised and instructed for that purpose, and to OL.MA employees
who use and update the e-commerce service. Authenticated access measures are adopted, with the use of passwords, FTP/WEB servers and SSL certificates on SSH connections. SSL (Secure Sockets Layer) secure transmission technologies are used in order to protect financial transactions. Printed documents containing personal data collected from the website are kept in rooms with restricted access and can only be viewed by persons authorised to process personal data. Transport notes and invoices containing personal data are kept at the offices of OL.MA in a local archive of filing cabinets.

7. How long do we store personal data?

Browsing data will be erased after 30 days and immediately after the browsing session has been closed, except where legal authorities need to investigate criminal offences. For data communicated by the user, the data processing operation is the same as the one indicated above. For data stored through cookies, the data processing operation is the same as the one indicated above. For product orders, information is kept for a period of 10 years after the end of the financial year. E-mails and correspondence are kept for the time necessary to reply to the data subject and for 30 days thereafter, after which time they will be erased. In all other cases, personal data will be kept for the time strictly necessary to complete the requested services or to fulfil the
obligations imposed by law.

8. Cookies and other tracking systems

Cookies are small strings of text used to store certain information about the user,
their preferences or Internet devices (PC, tablet or phone). They are mainly
used to adapt the functioning of the website to the user’s expectations, offer
a personalised browsing experience and remember the user's previous browsing
decisions. A cookie is a limited set of data transferred to the user’s browser
by a web server. It can only be read by the server that made the transfer. It
is not an executable code and does not transmit viruses. The Data Controller’s
website uses access cookies to manage the browsing session, in order to ensure
normal browsing and use of the website. It is possible to prevent some or all
cookies from being stored. However, in this case the use of the website and of
the products displayed may be compromised. See the Cookie Policy:
( on the
website The Data Controller only installs
technical and analytical cookies through the site, in order to optimise its
functioning. Technical cookies are necessary for the proper functioning of a
website, and to allow the use of all its functions. The installation of this
type of cookie does not require the user’s consent, only the privacy policy.
Analytics cookies collect anonymous information about the activities of the
website users, how they reached the site and which pages they visited.
Non-technical cookies are only installed or activated with the express consent
of the user, which is given by interacting with the banner on the home page of
the website, or by continuing to browse. Cookies may be
used either by the owner of the website that the user is browsing, or by third
parties. The cookies used by the Data Controller’s website are listed below:

-Shopify: the owner is OLMA Collegio Toscano degli Olivicoltori s.a.c.,
purpose of use: User name/password;

– session;

-Google Analytics: the owner is Google Inc., purpose of use: to identify
individual users and verify the pages viewed;

- social network cookies: this website makes it easy to share and like posts on
social media, view the number of shares and other content on social networks.
Specific cookies may be installed for this purpose. For more detailed
information, see the privacy policy on the social network you are using. As
mentioned, this website uses third-party cookies, the installation of which
requires the consent of the user/data subject as indicated above. Below are the links to the third-party privacy policies and details of how to manage or
disable the cookies published on their web pages: -; - In relation to the Newsletter
service, see the policy on the website, available at the
following link:

9. Rights of minors

If the website is browsed by a child aged under 14, the supervision of a parent or
guardian is required before they can register on the site. The parent or
guardian remains responsible for any use of the website in the name or on
behalf of the minor.

10. Rights of the data subjects

Articles 13 et seq of the GDPR give the data subject numerous rights, such as:

Right of access (Art. 15 GDPR): Confirmation as to whether or not the processing of data
relating to the data subject is taking place and, in that case, to obtain
access to the personal data and information indicated in the above article;

Right to rectification (Art. 16 GDPR): The rectification of any
inaccurate personal details without unjustified delay; the integration of
incomplete personal data of the data subject, taking into account the purposes
of the data processing;

Right of erasure (‘right to be forgotten’) (Art. 17 GDPR): Erasure
of personal details relative to the data subject, without unjustified delay.
The Data Controller has the obligation to erase personal data without unjustified
delay, in the cases provided for in Art. 17 of the Regulation;

Right to limitation of processing (Art. 18 GDPR) Limitation
of the processing in the cases set out in Article 18 of the Regulation;

Right to portability of data (Art. 20 GDPR): The right
to receive personal data provided to the Data Controller, in a structured,
commonly used and machine-readable format; the right to transmit those data to another Data Controller without hindrance from the controller to whom the personal data were provided, in the cases indicated in Art. 20 of the

Right to object (Art. 21 GDPR): The right of the data subject to object at any time, for reasons relating to their particular situation, to the processing of their personal data which is based on points (e) or (f) of Article 6(1), including
profiling based on those provisions.

You may exercise your rights by sending a request to the following certified email
address: You may also make a complaint to
the Data Protection Authority if you believe that the processing that concerns you breaches Regulation (EU) 2016/679.

11. Updating of the policy

This document is the Privacy Policy for this website. It may be updated following
changes in the law that provide for new and/or different methods for the
processing of personal data.

12. How to contact us?

OL.MA Collegio Toscano degli Olivicoltori s.a.c. takes the protection of your data
very seriously. This website processes users’ data in accordance with the
Regulation (EU) 679/2016 (GDPR). Proper security measures have been taken to prevent unauthorised access, theft, disclosure, editing or unauthorised
destruction of your data. The email addresses below may be used to exercise the rights of the data subjects (users and visitors) and to obtain information about the data processed on the website of the Data Controller: