Privacy Policy

This information is provided in compliance with the obligations imposed by the laws on the protection of personal data – EU Regulation no. 2016/679 (hereinafter, “GDPR”), Legislative Decree 196/2003, as amended by Legislative Decree 101/2018 (hereinafter, “Personal Data Protection Code”) in addition to the relevant provisions of the Italian Data Protection Authority.

The purpose of this document is to provide you with all useful information for the protection of your privacy and to enable you to have control over the processing of your personal data when you browse the site (hereinafter, “Website” or “Site“).


Personal Data

According to Article 4 of the GDPR, personal data means any information concerning an identified or identifiable natural person, defined as a ‘data subject’ (hereinafter, “User”).


Data Controller

The data controller, the person who determines the purposes and means of the processing of personal data to whom one can address to exercise the rights recognised by the GDPR, is Società Agricola Case Basse di Gianfranco Soldera S.R.L., with registered office in Loc. Case Basse, Montalcino (SI) – 53024, P.IVA/CF 01483450522 (hereinafter, “Data Controller”).

The Data Controller can be contacted by sending an e-mail to or by sending a communication by regular mail to the above address.


Sources and categories of data processed, nature of data provision and processing methods

The personal data being processed are mainly collected directly from the User, at the time the latter navigates on the Site or uses the services made available by the Website.

This statement refers to the processing of personal data covered by the various sections made available on the Website and governs exclusively the personal data processing activities carried out on the Website and not for other websites to which the User is redirected.

The data collected through the Website are processed (mainly) electronically with the help of software and IT procedures that guarantee adequate technical and IT security measures (e.g. implementation of the secure transmission protocol “https” for the transfer of information entered by the User within the Website).


Browsing data

Type of data processed and nature of provision

The computer systems and software procedures used to operate the Website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.

This information is not collected in order to be associated with identified Users, but may allow Users to be identified (through processing and association with data held by third parties).

This category of data includes the IP addresses or domain names of the computers used by the Users who connect to the Website, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server and other parameters relating to the User’s operating system and computer environment (for example, the name and type of device connecting to the Website).


Data provision

The provision of such data is not mandatory; if the User decides not to provide such data, he/she will not be able to navigate on the Website and will not be able to access the functionalities made available by it.


Purpose of the processing

This data is used in order to obtain anonymous statistical information on the use of the Website, to check its correct functioning and to improve the quality of the services offered (including the optimisation of the Website’s functionalities).

Furthermore, this data is processed to the extent strictly necessary and proportionate to guarantee the security of the networks and information passing through the Website.


Legal basis of the processing

Art. 6(1)(f) of the GDPR: legitimate interest of the data controller in maintaining the security of the Website and that it is not used in ways that infringe the rights of others or as a channel for the commission of unlawful acts or fraud (see recital 47 of the GDPR).


Data retention period

The personal data referred to in this section shall be retained for up to 6 months from the date of collection, unless the data subject objects, which may be exercised at any time in the manner set out in the ‘Rights of the data subject’ section of this information notice.


Cookie policy

The cookie policy with details of the information processed by these tools can be accessed by clicking here.


Who will process the data

The data may only be accessed by parties authorised by the Data Controller pursuant to Article 29 of the GDPR.

In addition, the data may be accessed by subjects in their capacity as autonomous data controllers (for example: Authorities) or data processors pursuant to Article 28 of the GDPR (for example: companies that support the Data Controller in the Site administration activities; professionals and consultants appointed by the Data Controller).

To obtain an updated list of the subjects who may become aware of your personal data, you may send a communication by e-mail to, taking care to specify the reason for the request.

The Controller guarantees that personal data will not be disclosed in any way other than as described above.

The personal data being processed may also be transferred to third countries or sites outside the European Economic Area (EEA). In these cases, should it be necessary to transfer the data to a third country located outside the European Economic Area, the Data Controller guarantees that the transfer of the data will only take place in the presence of an adequacy decision by the European Commission or of other appropriate guarantees provided for by the laws on the protection of personal data (for example: by stipulating standard contractual clauses).


Persons under 18 years of age

Persons under the age of 18 must not provide information or personal data to the Data Controller without the consent of those exercising parental responsibility over them. Therefore, the Data Controller invites all those exercising parental responsibility over minors to inform them of the safe and responsible use of the Internet and to put in place any procedures indicated from time to time in relation to the initiatives in which the Company intends to process the data of minors.


Rights of the data subject

The exercise of the rights indicated in this section is not subject to any formal constraints and is to be considered as totally free of charge (with the exception of all those requests that can be considered as manifestly unfounded or excessive, as provided for in Article 12(5) of the GDPR).

In relation to the processing described in this notice and pursuant to the GDPR, the User may exercise the following rights

– right of access to their personal data and to all the information referred to in Article 15 of the GDPR,

– the right to rectification of one’s own inaccurate personal data and integration of incomplete data,

– the right to the deletion of one’s own data, except for those contained in documents that must be compulsorily kept by the Company and unless there is an overriding legitimate reason to proceed with processing

– the right to restriction of processing where one of the cases referred to in Article 18 of the GDPR applies.

– the right to object to the processing of one’s personal data, without prejudice to what is provided with regard to the necessity and obligatory nature of the processing for the purposes of establishing the relationship

– the right to revoke consent (if given) for non-compulsory data processing, without prejudice to the lawfulness of the processing based on the consent given before revocation.

The Data Subject also has the right to lodge a complaint with the Garante per la Protezione dei Dati Personali ( or with the Garante Authority of the EU country in which the Data Subject normally resides or works, or of the place where the alleged infringement occurred, in relation to any processing that he or she considers non-compliant.

With reference to the aforementioned requests, the User may contact the Controller directly by sending an e-mail to, or by sending a communication by traditional mail to Loc. Case Basse, Montalcino (SI) – 53024.


Amendments to this policy

This notice shall be deemed updated as of 28 February 2024.

Any changes made to this policy will be published on this page. Users are, therefore, invited to view this web page in order to be updated on how their personal data will be processed.

Should it prove necessary, changes to this policy will be notified directly to the User by e-mail.