Privacy policy
Privacy policy for the processing of personal data
Pursuant to Article 13 of Regulation (EU) 2016/679
RIGONI DI ASIAGO SRL provides the following information regarding the processing of personal data carried out, in compliance with Regulation (EU) 2016/679 (hereinafter also the "GDPR"), by the Company in its capacity as Data Controller.
Data Controller
The Data Controller, pursuant to Article 4 of Regulation (EU) 679/2016, is RIGONI DI ASIAGO SRL, with registered office at Via Oberdan 28, 36012 Asiago (VI), Tax Code and VAT No. 03722320243, represented by its pro tempore legal representative. The Data Controller may be contacted at the following email address: privacy@rigonidiasiago.com.
Data Protection Officer
Pursuant to Article 37 of Regulation (EU) 679/2016, the Data Controller has appointed a Data Protection Officer (also "DPO"), who may be contacted at the following email address: dpo@scuadra.it.
Purposes of the processing and legal basis
The collected data (relating to Suppliers, Customers and the natural persons connected with them) are necessary for the following purposes:
| Purpose of the processing | Data subjects and categories of data | Legal basis | Nature of data provision | Storage period | ||
|---|---|---|---|---|---|---|
| Processing related to online sales | A) | execution and performance of the online sales contract, as well as related and ancillary services (e.g. shipping, receipt of payments, management of returns, etc.) | Purchasing users: first name, last name, tax no., residence/billing/shipping address, contact details (email address, telephone number), IBAN, details of the chosen payment method | Article 6(1)(b) GDPR ("processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract") | Mandatory: the provision of data is necessary to provide and manage the requested service | Without prejudice to legal obligations, personal data will be stored for the time necessary to achieve the purposes for which it is processed. In particular, data relating to commercial transactions and online sales are stored for 10 years. However, the Data Controller may continue to store the data for a longer period in order to manage any disputes relating to the established relationship. |
| B) | Administrative, accounting and tax management of sales | Article 6(1)(c) GDPR ("processing is necessary for compliance with a legal obligation to which the controller is subject") | ||||
| C) | To receive customer satisfaction communications and promotional communications regarding the Data Controller's products and services similar to those contractually requested, without prejudice to the data subject's right to object to such communications on the occasion of each sending. | Customer user: email address | Article 6(1)(f) GDPR (pursuit of the Data Controller's legitimate interest, also pursuant to Recital 47 GDPR and Article 130(4) of Legislative Decree No. 196/2003) | |||
| D) | Management of requests addressed to customer service | Article 6(1)(b) GDPR ("processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract") | ||||
| Form | E) | Management of requests submitted through the contact form or by direct request sent by email to the Data Controller's addresses, including those available on the website | ||||
| F) | Sending newsletters by email or WhatsApp, as well as communications on occasions such as the user's birthday | Website visitors: date of birth, email address, telephone number | Express consent | Optional | 24 months | |
| Cookies | G) | Management of the website and collection of data through cookies | Website visitors: browsing data – please refer to the cookie policy | On the basis of the Data Controller's legitimate interest (technical cookies) consent (other cookies such as profiling cookies) |
Please refer to the cookie policy | Please refer to the cookie policy (for profiling cookies, 12 months) |
| Careers | H) | Management of unsolicited applications or applications submitted in response to job openings | Applicant: data voluntarily included in the CV (personal details, contact details, information relating to work experience and education, and any special categories of data) | Performance of a contract / pre-contractual measures | In order to assess the application, the provision of data is mandatory | 1 year from the application |
Processing methods
In relation to the purposes indicated above, the Data Controller hereby informs you that the data are processed both in paper form and by electronic and/or automated means.
In any event, the processing will be carried out by means of tools suitable to guarantee the security and confidentiality of the data, in addition to compliance with the specific obligations laid down by the applicable legislation.
The data will be processed in accordance with the principles of lawfulness, fairness, relevance and data minimisation, as provided for under the personal data protection legislation.
The processing will also be carried out by persons authorised pursuant to Article 29 GDPR, bound by confidentiality obligations, formally appointed and adequately trained, or by Data Processors formally appointed pursuant to Article 28 GDPR.
Scope of communication, disclosure or transfer of data
Personal Data may be communicated to the personnel authorised pursuant to Article 29 GDPR in the performance of their job duties.
In addition, the data may be transmitted to entities appointed as Data Processors pursuant to Article 28 GDPR (or, where applicable, communicated to entities appointed as Joint Controllers), by means of a specific contract or other legal act imposing confidentiality and security obligations with respect to the processing of personal data. In any case, the processing will be limited to what is necessary for the performance of their professional engagement (by way of example, banks, insurance companies, providers of services strictly necessary for the business activity – such as shipping and transport companies, company consultants – where this proves necessary for tax, administrative or contractual reasons and for needs protected by applicable laws and regulations).
The data may also be shared with authorities, bodies and/or entities to which they must be disclosed pursuant to legal provisions or orders of competent authorities. The data will not, in any case, be disseminated.
The periodically updated and complete list of entities appointed as Data Processors may be requested from the Data Controller by sending an email to the Data Controller's email address.
Transfer of data abroad
Within the framework and performance of the relationship(s) established, the Data Controller informs you that it does not transfer data to countries outside the EU or to international organisations.
Should this occur in the future, the processing will be carried out in accordance with one of the mechanisms permitted by the applicable legislation, such as, for example, the data subject's consent, the adoption of standard contractual clauses approved by the European Commission, the selection of entities adhering to international data free-flow programmes, or entities operating in countries deemed safe by the European Commission.
Rights of the data subject
In order to ensure fair and transparent processing, please be informed that data subjects are entitled to exercise the rights set out in Articles 15 to 21 of the GDPR.
You have the right to withdraw your consent at any time with respect to all processing activities whose legal basis is your consent, as indicated in the purposes described above. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
You also have the right, at any time, to request from the Data Controller access to your personal data, rectification or erasure of such data, restriction of processing and data portability. In addition, you have the right to object, at any time, to the processing of your data and to lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it).
To exercise the above rights, you may contact the Data Controller at the following email address: privacy@rigonidiasiago.com, or by registered letter addressed to RIGONI DI ASIAGO SRL, represented by its pro tempore legal representative, Via Oberdan 28, 36012 Asiago (VI).
Further processing of data
Any further processing of personal data that differs from what is indicated in this privacy policy will be promptly communicated before such processing takes place and, where required by applicable legislation, will be subject to the collection of the relevant consent.
Minors
Rigoni di Asiago does not knowingly use its website to request data from minors.
Amendments to this privacy policy and future notices
This privacy policy may be subject to amendments, which will be adequately communicated.
Furthermore, if this privacy policy is not sufficient for the purpose, additional suitable privacy notices will be provided.
Last updated: 27/03/2026
