top of page

Privacy Policy

Information on Privacy pursuant to art. 13 of the European Regulation EU 2016/679 (GDPR)

This page has been automatically translated into English to facilitate its consultation for foreign audiences.

Azienda Agricola Attilio Ghisolfi is not responsible for translation errors or misleading phrases present in the English text. For legal validity, always refer to the original text in Italian by changing the language of the website through the appropriate button.

1) Data controller
The Data Controller is Attilio Ghisolfi Vignaiolo v with registered office in Località Bussia, 27, 12065, Monforte d'Alba (CN) - VAT/Tax Code: 02151830045, contactable at, RPD email address:
The Data Protection Officer (RPD or DPO) can be contacted at the following email address:
The Data Controller processes the data according to the principles established by the GDPR (EU General Data Protection Regulation 2016/679), of lawfulness, correctness, transparency, purpose and storage limitation, data minimization, accuracy, integrity and confidentiality.


2) Purpose of the Processing
The personal data provided to the Data Controller by the interested party will be processed for the following purposes:

  1. provide responses to the request that the user has made via the contact channel;

  2. provide a quote to the user who has requested it via the contact channel;

  3. provide the information that the user has requested through the contact channel (for example a customer requesting information to use a purchased product);

  4. send your curriculum vitae or a request for collaboration with the Data Controller;

  5. fulfill obligations established by law, by a regulation, by community legislation or by an order from the Authority;

  6. exercise the rights and legitimate interests of the Owner or third parties, such as, for example, the right of defense in court;


3) Legal bases of the processing
The legal bases of the Processing are the following:
with regard to the purposes referred to in points 2a), 2b), 2c), 2d), 2e) and 2f):

  • need to fulfill a contract of which the interested party is a party, or in any case to fulfill what is requested by the user (including any pre-contractual measures);

  • need to fulfill any legal obligations or requests from the Authority

  • need to pursue a legitimate interest of the data controller or third parties (such as, for example, defense in court);


4) Mandatory and optional nature of the communication of Personal Data
The communication of data for the purposes referred to in points 2a), 2b), 2c), 2d), 2e) and 2f) is optional: but failure to provide it will make it impossible for the Data Controller to provide the interested party with what the interested party requests.


5) Rights of the interested party
The interested party has the right to

  • access your Personal Data held by the Owner;

  • request rectification and/or cancellation ("oblivion");

  • request the Limitation or object to the Processing;

  • request data portability;

  • oppose the processing, under the conditions set out in the art. 21;

  • lodge a complaint with a Supervisory Authority.


6) Communication to recipients, transfers to third countries and dissemination
The data acquired through the site will not be disclosed.
The data is communicated to the recipients to the extent strictly necessary in relation to the aforementioned purposes.

The possible categories of recipients are the following:

  • appointees and other subjects authorized by the Owner;

  • any third parties, to whom the Data Controller uses for the Processing and appointed by it as Managers pursuant to art. 28 GDPR, with a specific contract

  • other subjects (public or private), to whom communication is necessary to fulfill legal obligations, comply with orders from authorities, or defend a legitimate interest of the Data Controller or third parties.

It is not the Data Controller's intention to transfer the data processed to a country outside the European Union, nor to an international organisation.


7) Data retention period
The Data Controller retains the data for the time necessary for the aforementioned purposes.
In any case, the Data Controller undertakes not to keep the data for longer than 2 years.


8) Changes to this information
This information is in force from 04/09/2018.
The Owner reserves the right to modify its content, in part or completely, also due to changes in the Privacy Law.
The Data Controller will publish the updated version of this document on the Site, and from that moment it will be binding: the interested party is therefore invited to visit this section regularly.

bottom of page