GDPR
Privacy and Personal Data Processing Policy
1. Introduction
This Privacy Policy describes the rules for the collection, processing, and protection of personal data by Vivilio società semplice Agricola (hereinafter referred to as the “Controller”, “we”, “our”, or “us”). The Controller processes personal data in accordance with applicable data protection legislation, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR”). This Policy applies to all visitors, customers, partners, and users of the Website and related services.
2. Controller Information
Controller: Vivilio società semplice Agricola
Representative: Dario Greco
Address: Via Umberto I, 15, 73020 Nociglia (LE), Italy
VAT Number (P.IVA): 05427220750
Email: info@vivilio.it
Phone (Italy): +39 347 507 9815
Phone (International): +420 724 776 248
Website: https://vivilio.it
3. Purposes of Processing
Personal data may be processed for the following purposes:
• Responding to inquiries submitted through contact forms, email, or telephone;
• Managing communication with customers, suppliers, partners, and website visitors;
• Providing requested information, consultations, or cooperation opportunities;
• Managing orders, bookings, or contractual relationships;
• Complying with legal, tax, and accounting obligations;
• Improving Website functionality and user experience;
• Measuring Website traffic and performance;
• Marketing and remarketing activities, where consent is required.
4. Categories of Personal Data
The Controller may process:
• Identification data (name, surname, company name);
• Contact details (email address, telephone number, address);
• Content of communications submitted through forms or emails;
• Technical data such as IP address, browser type, operating system, and Website interaction data;
• Cookie and analytics data;
• Data necessary to fulfill contractual or legal obligations.
5. Legal Basis for Processing
Personal data is processed on the following legal grounds pursuant to Article 6 GDPR:
• Performance of a contract or pre-contractual measures (Art. 6(1)(b) GDPR);
• Compliance with legal obligations (Art. 6(1)(c) GDPR);
• Legitimate interests pursued by the Controller, including Website security and communication management (Art. 6(1)(f) GDPR);
• Consent provided by the user for marketing, analytics, or non-essential cookies (Art. 6(1)(a) GDPR). When users voluntarily submit a contact form, processing is necessary to respond to the request and therefore based on pre-contractual measures under Art. 6(1)(b) GDPR.
6. Data Retention
Personal data will be retained only for as long as necessary to fulfill the purposes described in this Policy and as required by applicable laws. Typical retention periods include:
• Contact form inquiries: up to 12 months;
• Accounting and tax records: 10 years;
• Marketing data: until consent withdrawal or maximum 24 months;
• Analytics data: maximum 14 months. After the applicable retention period expires, personal data will be securely deleted or anonymized.
7. Third-Party Services
The Website may use third-party services including:
• Google Analytics 4 provided by Google Ireland Limited;
• Meta Platforms Ireland Ltd. (Facebook / Instagram advertising tools);
• Hosting and infrastructure providers;
• Email communication providers. Where required by law, analytical and marketing services are activated only after user consent through the cookie banner.
8. International Data Transfers
Some third-party providers may process data outside the European Economic Area (EEA). Where personal data is transferred outside the EEA, the Controller ensures appropriate safeguards pursuant to Articles 44–49 GDPR, including Standard Contractual Clauses approved by the European Commission where applicable.
9. Sharing of Personal Data
Personal data may be shared only where necessary and in accordance with applicable laws, including with:
• Hosting and IT service providers;
• Legal, accounting, and tax advisors;
• Marketing and analytics providers;
• Public authorities where required by law;
• Other parties with explicit consent. The Controller does not sell personal data to third parties.
10. User Rights
Under the GDPR, users have the right to:
• Access personal data;
• Rectify inaccurate or incomplete data;
• Request erasure of data;
• Restrict processing;
• Object to processing based on legitimate interest;
• Withdraw consent at any time;
• Request data portability;
• Lodge a complaint with a supervisory authority.
11. Supervisory Authority
Users may lodge a complaint with the competent supervisory authority. In Italy: Garante per la protezione dei dati personali https://www.garanteprivacy.it
12. Data Security
Appropriate technical and organizational measures are implemented to protect personal data against unauthorized access, misuse, loss, disclosure, alteration, or destruction.
13. External Links
The Website may contain links to external websites. The Controller is not responsible for the privacy practices of third-party websites.
14. Mandatory or Voluntary Nature of Data
Providing personal data is voluntary; however, failure to provide certain information may prevent the Controller from responding to inquiries or providing requested services.
15. Changes to This Policy
The Controller reserves the right to update this Privacy Policy at any time. The latest version will always be available at: https://vivilio.it/privacy-policy
Last updated: 18.05.2026
This Privacy Policy describes the rules for the collection, processing, and protection of personal data by Vivilio società semplice Agricola (hereinafter referred to as the “Controller”, “we”, “our”, or “us”). The Controller processes personal data in accordance with applicable data protection legislation, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR”). This Policy applies to all visitors, customers, partners, and users of the Website and related services.
2. Controller Information
Controller: Vivilio società semplice Agricola
Representative: Dario Greco
Address: Via Umberto I, 15, 73020 Nociglia (LE), Italy
VAT Number (P.IVA): 05427220750
Email: info@vivilio.it
Phone (Italy): +39 347 507 9815
Phone (International): +420 724 776 248
Website: https://vivilio.it
3. Purposes of Processing
Personal data may be processed for the following purposes:
• Responding to inquiries submitted through contact forms, email, or telephone;
• Managing communication with customers, suppliers, partners, and website visitors;
• Providing requested information, consultations, or cooperation opportunities;
• Managing orders, bookings, or contractual relationships;
• Complying with legal, tax, and accounting obligations;
• Improving Website functionality and user experience;
• Measuring Website traffic and performance;
• Marketing and remarketing activities, where consent is required.
4. Categories of Personal Data
The Controller may process:
• Identification data (name, surname, company name);
• Contact details (email address, telephone number, address);
• Content of communications submitted through forms or emails;
• Technical data such as IP address, browser type, operating system, and Website interaction data;
• Cookie and analytics data;
• Data necessary to fulfill contractual or legal obligations.
5. Legal Basis for Processing
Personal data is processed on the following legal grounds pursuant to Article 6 GDPR:
• Performance of a contract or pre-contractual measures (Art. 6(1)(b) GDPR);
• Compliance with legal obligations (Art. 6(1)(c) GDPR);
• Legitimate interests pursued by the Controller, including Website security and communication management (Art. 6(1)(f) GDPR);
• Consent provided by the user for marketing, analytics, or non-essential cookies (Art. 6(1)(a) GDPR). When users voluntarily submit a contact form, processing is necessary to respond to the request and therefore based on pre-contractual measures under Art. 6(1)(b) GDPR.
6. Data Retention
Personal data will be retained only for as long as necessary to fulfill the purposes described in this Policy and as required by applicable laws. Typical retention periods include:
• Contact form inquiries: up to 12 months;
• Accounting and tax records: 10 years;
• Marketing data: until consent withdrawal or maximum 24 months;
• Analytics data: maximum 14 months. After the applicable retention period expires, personal data will be securely deleted or anonymized.
7. Third-Party Services
The Website may use third-party services including:
• Google Analytics 4 provided by Google Ireland Limited;
• Meta Platforms Ireland Ltd. (Facebook / Instagram advertising tools);
• Hosting and infrastructure providers;
• Email communication providers. Where required by law, analytical and marketing services are activated only after user consent through the cookie banner.
8. International Data Transfers
Some third-party providers may process data outside the European Economic Area (EEA). Where personal data is transferred outside the EEA, the Controller ensures appropriate safeguards pursuant to Articles 44–49 GDPR, including Standard Contractual Clauses approved by the European Commission where applicable.
9. Sharing of Personal Data
Personal data may be shared only where necessary and in accordance with applicable laws, including with:
• Hosting and IT service providers;
• Legal, accounting, and tax advisors;
• Marketing and analytics providers;
• Public authorities where required by law;
• Other parties with explicit consent. The Controller does not sell personal data to third parties.
10. User Rights
Under the GDPR, users have the right to:
• Access personal data;
• Rectify inaccurate or incomplete data;
• Request erasure of data;
• Restrict processing;
• Object to processing based on legitimate interest;
• Withdraw consent at any time;
• Request data portability;
• Lodge a complaint with a supervisory authority.
11. Supervisory Authority
Users may lodge a complaint with the competent supervisory authority. In Italy: Garante per la protezione dei dati personali https://www.garanteprivacy.it
12. Data Security
Appropriate technical and organizational measures are implemented to protect personal data against unauthorized access, misuse, loss, disclosure, alteration, or destruction.
13. External Links
The Website may contain links to external websites. The Controller is not responsible for the privacy practices of third-party websites.
14. Mandatory or Voluntary Nature of Data
Providing personal data is voluntary; however, failure to provide certain information may prevent the Controller from responding to inquiries or providing requested services.
15. Changes to This Policy
The Controller reserves the right to update this Privacy Policy at any time. The latest version will always be available at: https://vivilio.it/privacy-policy
Last updated: 18.05.2026
stay rooted
Inquiries
Whether you want to know more about our cultivars or wish to bring Puglia to your table, we’d love to hear from you.
Send
© 2026 VIVILIO
All rights reserved
All rights reserved
Vivilio Società Semplice Agricola
Via Umberto I, 15
73020 Nociglia
Salento - Italia
VAT (P.IVA): 05427220750
Via Umberto I, 15
73020 Nociglia
Salento - Italia
VAT (P.IVA): 05427220750
design: iuntsevich.cz
Site map
Our oils
Privacy
design: iuntsevich.cz
© 2026 VIVILIO
All rights reserved
All rights reserved
