Information on the protection of personal data.

Art. 13 EU Reg. 679 of 27 April 2016

Pursuant to article 13 of the “European Regulation 2016/679 concerning the protection of natural persons with regard to the processing of personal data, as well as the free movement of such data” (from now on “GDPR”), Costa D’Oro S.p.A. (hereinafter COSTA D’ORO) with registered office in Via Crispino Merini, 1 – 06049 – Spoleto – (PG), as Owner, is required to provide users who connect to the domain ( regardless of the purpose of the connection) some information relating to the processing of personal data carried out therein. This document constitutes the “Privacy Policy” (subject to any appropriate updates in the future) of this site. For the purposes of this information, without prejudice to the definitions referred to in art. 4 of the

GDPR means: domain: the domain, reachable through the world wide web service of the Internet, at the address, consisting of data, applications, technological resources, human resources, organizational rules and procedures for the acquisition, storage, processing, exchange, retrieval and transmission of information.

1. Warnings and Protection of Minors
The processing of personal data will apply the principles of lawfulness, correctness and transparency. Personal data will be collected for specified, explicit, legitimate purposes (purpose limitation) and will be adequate, relevant and limited in relation to the purposes for which they are processed (data minimisation). They will always be updated and accurate and kept for a period of time not exceeding what is necessary for the purpose of executing the Contract, without prejudice to the fulfillment of legal and tax obligations that set longer retention times (retention limitation). Personal data will be processed by adopting all the appropriate security measures to guarantee its integrity, confidentiality and unavailability by unauthorized third parties (integrity and confidentiality). Unless expressly indicated, the provision of personal data through the collection points on the site is reserved for adults.

2. Reference standards and legal bases of the treatment.
The processing operations, which we will explain to you in detail below, have their legal basis in the rules governing your right to the protection of your personal data, your right to privacy, and finally in those that allow you to express or withdraw , at any time, your informed consent to the processing operations, namely: the EU General Regulation 679 of 27 April 2016 relating to the protection of natural persons with regard to the processing of personal data, as well as the free movement of such data; Informed consent, expressed in accordance with the current provisions of the law (Art. 6 GDPR). Fulfillment of obligations or orders to which the Data Controller is required by law or by order of the Authority (Article 6 GDPR).

III. – Nature of the data being processed.

III.1. – The optional, explicit and voluntary sending of e-mails to the addresses indicated on this site involves the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the message. Specific summary information will be progressively reported or displayed on the pages of the site set up for particular services on request. In any case – where required by law – you will be asked from time to time for your consent to the processing of your personal data. Only after your consent, where necessary, will or may be processed, for the purposes indicated, the following categories of personal data concerning you.

(a). – Common personal data, identification data.
Like e.g. Name and Surname, Year of birth, Gender, Address, City, Province, E-mail address, Telephone number, ZIP code

(b). – Technical treatments.
The IP number and the type of browser you use to connect to the domain (non-identifying data) are also processed, automatically recorded by the logical protection and access control devices to the domain (LOG FILES). Such personal data will be used exclusively for the purpose of controlling network traffic towards the domain. This information is not collected to be associated with identified interested parties, but which by its very nature could, through processing and association with data held from third parties, allow you to identify users. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are canceled immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the site: except for this eventuality, at present, the data on web contacts do not persist for more than seven days.

(c). – Cookies.
Furthermore, COSTA D’ORO carries out the anonymous processing and analysis procedures of the data relating to the pages of the domain that you visit, found through cookie files. By means of these technologies (which make it possible to understand your navigation preferences, by checking the areas of the domain already visited previously) COSTA D’ORO can customize its services to your needs, without making unauthorized registrations necessary. (A cookie consists of a series of data that a website sends to the browser. The aforementioned data can also be stored on the computer through an anonymous tag that identifies the computer but not the user.
Some COSTA D’ORO pages use cookies, sent by COSTA D’ORO or by third parties, and other technologies to offer better navigation of the website. You can set your browser to receive a warning before receiving a cookie, offering thus the possibility of accepting it or not. It is also possible to disable cookies completely. By disabling cookies, some websites may not work properly).

(d). – Particular categories of personal data.
In the event that particular categories of personal data are collected through the COSTA D’ORO domain pursuant to art. 9 EU Reg. 679/2016, you will be informed in advance and put in a position to express – in accordance with the law – the relative consent.

1. – Nature of the contribution, data sources.
The provision of your personal data is usually not mandatory but, in some cases, it is necessary, and therefore mandatory, to allow you to benefit from the site’s services and features.

IV.1. – Data whose provision is necessary.

IV.1.1. – The provision of certain personal data is necessary, and therefore mandatory, to process your specific requests; you are always free not to provide your personal data, but in this case it could be impossible for the Data Controller to satisfy your requests, meet your needs or make you use, in their entirety, all the functions available on the site – These identification data will be processed both with paper and electronic media, and will be kept by COSTA D’ORO exclusively for the necessary time. After these storage times, the personal identification data will be automatically deleted.

IV.1.2. – Data sources.
We will collect your data, from you directly, through your interactions with the site

1. Purpose of the Processing.
COSTA D’ORO, in addition to the necessary processing in relation to legal obligations, regulations, or deriving from the order of the Authority, will carry out, exclusively with your consent, if necessary, the operations necessary to allow you to benefit from the services and functions of the site and the services indicated therein.

1. – Methods of processing your personal data.
In relation to all the purposes indicated in the previous paragraphs, your personal data will be subject to computer and paper processing and processed by specific computer procedures for the purpose of personalizing the services that COSTA D’ORO is able to offer you. The data will be processed in such a way as to guarantee its logical and physical security and confidentiality, and may be carried out using manual, IT and telematic tools designed to memorize, transmit and share the data. The logic of the treatment will be strictly related to the aims pursued.

VI.1. – Data security and retention.

VI.1.1. – Your personal data will be stored within the European Union, the related security policies are reviewed in accordance with the relevant Best Practices.

VI.1.2 – Profiling, automated decision-making process.
Beyond what is necessary to allow us to perform the services that allow you to use the services offered on the site, with the exception of what is specified in our cookie policy, we do not carry out profiling operations in relation to the data collected through this website.

VII. – Data recipients and transfers abroad.

VII.1. – Managers and persons in charge of data processing.
The following may become aware of the personal data referred to in this disclosure, as Managers or Persons in charge of processing: within COSTA D’ORO, qualified personnel, each limited to their own skills and duties and on the basis of the tasks assigned and of the instructions given. outside COSTA D’ORO third parties, also specifically designated as Data Processors or persons in charge of the treatment – of which COSTA D’ORO uses for various services and exclusively to carry out these services – each limited to their own competences and duties and on the based on the tasks assigned and the instructions given.

VII.2. – Communication (to specific external subjects) of the data.
COSTA D’ORO, for ordinary management, accounting and administrative activities, may communicate your personal data, after obtaining your consent in accordance with the law, where required, in compliance with security measures, to third party service providers for the sole purpose to perform the service requested by you, such as: – postal service companies, – law firms and notaries, – consultants, also in associated form, – other service companies, as well as other subjects in compliance with any legal obligations (such as institutions insurance companies, police forces, judicial authorities, etc.). The list of such subjects to whom the data may be communicated is available at the headquarters of the Data Controller.

VII.3. – Transfer of personal data abroad.
COSTA D’ORO does not transfer personal data abroad on its own initiative. However, some third parties, service providers, may have their servers physically located abroad (as in the case of e-mail providers). In such cases, the transfer of data abroad will take place exclusively within and in compliance with EU Reg. 679/2016 Art. 44 ss.

VII.4. – Dissemination (to unspecified external subjects) of the data.
Under no circumstances may personal data be disclosed.

VIII. – Rights of the interested party.
Articles 15 to 22 of the GDPR grant the interested parties the exercise of specific rights. The art. 15 GDPR recognizes the interested parties the right to access their personal data and to obtain a copy. The right to obtain a copy of the data must not harm the rights and freedoms of others. With the request for access, the interested party has the right to obtain confirmation from COSTA D’ORO whether or not their personal data is being processed and to know the purposes and categories of data processed, the third parties to whom the data are communicated and if the data are transferred to a non-EU country with adequate guarantees. The interested party also has the right to know the retention time of their personal data and has the right to request the rectification of inaccurate data and the integration of incomplete ones, the cancellation (right to be forgotten) under the conditions indicated by art. 17, GDPR, limitation of treatment, withdrawal of consent, data portability and the right to object, at any time and without having to provide justifications, to treatment for direct marketing purposes. The rights may be exercised by e-mail to the COSTA D’ORO address, or by ordinary mail to the address indicated below. The Data Controller may need to identify the interested party by requesting to provide a copy of his identity document. The interested party who believes that the processing of their personal data violates the provisions of the GDPR or of the internal legislation on the protection of personal data has the right to lodge a complaint with the Guarantor Authority for the Protection of Personal Data based in Rome, pursuant to of the art. 77 GDPR and/or to appeal to the Judicial Authority. To exercise these rights, or to obtain any other information regarding them and, more generally, the processing of personal data, requests can be sent via e-mail to the following address:; – by ordinary mail to COSTA D’ORO, Via Crispino Merini, 1 – 06049 – Spoleto – (PG).

1. – Revocation Of Consent Privacy Questions Access and Feedback.
If you have questions or wish to have more information on the processing of your personal data or exercise the rights referred to in the previous n. VI, you can send an e-mail to the administrator of the COSTA D’ORO website, writing to You can also contact us at the same address for answers regarding the management of information by COSTA D’ORO. Before COSTA D’ORO can provide you or modify any information, it may be necessary to verify your identity and answer some questions. Our reply will be provided as soon as possible.

1. – Data Controller.
The data controller is COSTA D’ORO with headquarters in Via Crispino Merini, 1 – 06049 – Spoleto – (PG).

1. – Responsible for the Protection of Personal Data.
COSTA D’ORO has not proceeded to appoint the Personal Data Protection Officer as it was not required to do so pursuant to art. 37 of EU Reg. 679/2016.

XI.1. – Data processors.
The complete list of data processors is available at the headquarters. This mandatory information is subject to updating, depending on any changes in the applicable legal provisions.