Privacy

Privacy Policy

Information provided pursuant to Legislative Decree 196/03 and regulation (EU) 2016/679

We inform you that, pursuant to Article 13 of EU Regulation 2016/679 (General Data Protection Regulation – hereinafter “GDPR 2016/679”), which provides provisions for the protection of individuals and other subjects with regard to the processing of personal data, the personal data provided will be processed by our Company.

The processing of personal data by the Company will be carried out in compliance with the aforementioned regulations, in particular according to the principles of lawfulness, fairness, transparency, and protection of confidentiality and rights, with particular reference to integrity, confidentiality, personal identity, and the right to personal data protection.

1. Data Controller and Data Protection Officer

Data Controller: Agrumaria Corleone S.p.A.

Registered office: Via S. Corleone, 12 - Zona Ind. Brancaccio, 90124 Palermo

Email address for contacting the Data Controller:clcorleone@agrumariacorleone.com

2. Types of Data Processed

The data provided and processed by Agrumaria Corleone S.p.A. concern common personal identification data provided directly by the data subject.

“Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.”

The collected personal data include the following categories:

a) personal data submitted via the “Contact” page or the “Newsletter Subscription” form;
b) contact data submitted via the “Contact” page or the “Newsletter Subscription” form;
c) additional data voluntarily provided in the “Requests” section of the “Contact” page;
d) cookies and browsing data.

3. Purposes of Data Processing

User data are collected to allow the Data Controller to provide its Services, specifically to contact the User following an information request. In detail:

  • CONTACTS: by filling in the Contact form, the User provides data to the Data Controller and consents to their use for communication and receipt of requested information.

Personal data types: name, surname, company, email address, telephone number, free-text request.

  • NEWSLETTER: by voluntarily subscribing to the newsletter service, the User provides personal data to receive periodic updates, possibly also profiled, on products, services, events, promotions, and other relevant information related to the Data Controller’s activities.

Personal data types: name, surname, email address.

  • COOKIES AND BROWSING DATA: cookies are small text strings that a website may send during browsing to the User’s device (PC, laptop, smartphone, tablet, etc.). The same website can read and store cookies present on the device to obtain various types of information. These are not collected to be associated with identified users, but could, through processing and association with third-party data, allow user identification.

Personal data types: see Cookie Policy.

4. Processing Methods and Data Storage

Processing will be carried out in automated and/or manual form, in compliance with Article 32 of GDPR 2016/679 regarding security measures, by specially appointed persons and in accordance with Article 29 GDPR 2016/679. Appropriate security measures are used to ensure confidentiality and prevent unauthorized access by third parties and/or unauthorized personnel. The Controller adopts suitable measures to prevent unauthorized access, disclosure, alteration, or destruction of personal data.

5. Legal Basis of Processing

The personal data indicated are processed on the basis of User consent. Specifically, consent is given in the following cases:

a) voluntary submission via the “Contact” form;
b) voluntary subscription to the “Newsletter” via form or checkbox;
c) through the cookie banner and/or “Advanced cookie settings”, enabling or disabling specific cookie types (browsing data).

6. Place of Processing

Data are processed at the operational headquarters of the Data Controller. For further information, the User may contact the Controller at the above address. The Controller may transfer personal data to a country other than the User’s location, always adopting adequate security measures to ensure confidentiality and integrity.

7. Retention

In compliance with the principles of lawfulness, purpose limitation, and data minimization (Article 5 GDPR 2016/679), personal data are retained for no longer than necessary to achieve the purposes for which they were collected and processed, and in any case in compliance with legal requirements.

When processing is based on consent, data may be stored until consent is withdrawn. The Controller may also be required to retain data for a longer period to comply with legal obligations or authority orders.

At the end of the retention period, personal data will be deleted. After this period, rights of access, deletion, rectification, and portability can no longer be exercised.

8. Communication and Disclosure Scope

Your data will not be disseminated and may be communicated to companies or collaborators contractually linked to Agrumaria Corleone S.p.A. Data may be disclosed to:

a) public authorities required by law (social security bodies, tax offices, etc.);
b) public or private entities when necessary for operational purposes;
c) consultants, within the limits necessary for professional assignments.

Collaborators with access to data are appointed as Data Processors with specific instructions and security obligations. If these conditions are not met, the Data Controller may terminate the collaboration.

9. Data Transfer Outside the EU

The Data Controller does not transfer personal data outside the EU. However, cloud services may be used, in which case providers will be selected among those offering adequate safeguards in accordance with Article 46 GDPR 2016/679.

10. Rights of the Data Subject

At any time, the data subject may exercise the rights provided under Articles 15–22 GDPR 2016/679 by contacting the Data Controller:

  • confirmation of whether personal data exist;
  • information on:
    • data origin
    • processing purposes
    • categories of data
    • recipients
    • retention period
  • obtain:
    • rectification
    • deletion
    • restriction of processing
    • data portability
  • object:
    • to processing at any time, including direct marketing
    • to automated decision-making including profiling
  • lodge a complaint with the Supervisory Authority (Italian Data Protection Authority)

11. Additional Information

Further information may be requested at any time using the contact details above or via email: dfilippi@agrumaricorleone.com

No Data Protection Officer (DPO) has been appointed, as it is not mandatory for the company’s activities.

12. Changes to the Privacy Policy

The Data Controller reserves the right to modify, update, add, or remove parts of this policy at any time. Users are encouraged to review it periodically. The updated version date will always be indicated. Continued use of the website constitutes acceptance of changes.

13. Cybersecurity and NIS 2 Compliance

Agrumaria Corleone S.p.A., in compliance with Legislative Decree 138/2024 implementing EU Directive 2022/2555 (NIS 2), has adopted appropriate technical and organizational measures to ensure a high level of security of its information systems and networks.

These measures include risk management policies, business continuity procedures, incident management processes, and specific safeguards for confidentiality and integrity of processed data, including personal data.

The Company cooperates with the National Cybersecurity Agency (ACN) in compliance with applicable notification and reporting obligations.

This information notice was updated in May 2026.