Zambonina white logo
Explore
Zambonina white logo
Explore
Zambonina white logo

Privacy Policy

Information on the processing of Personal Data collected through this website
Last revised: 4 April 2026

1. Foreword and regulatory references
This policy explains the processing of personal data collected through this website, including those acquired through cookies, tracking technologies and - where present - contact forms, restricted areas, digital services and economic transactions that take place electronically .
This notice is addressed to anyone who accesses or uses this site, describing the methods of collection, use and protection of the user's personal data, as well as the rights recognised by law.
These provisions do not apply to other sites, pages or online services accessible via external links that may be present on the site, in respect of which you are invited to consult the relevant privacy notices.
This information is provided in compliance with the main national and international data protection regulations, including:

  • Regulation (EU) 2016/679 (GDPR)
  • UK General Data Protection Regulation (UK GDPR) and Data Protection Act (UK)
  • Swiss Federal Act on Data Protection (nFADP / FADP)
  • Canadian Personal Information Protection and Electronic Documents Act (PIPEDA)
  • Brazilian General Data Protection Law (LGPD)
  • California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
  • Colorado Privacy Act (CPA)
  • Connecticut Data Privacy Act (CTDPA)
  • Delaware Personal Data Privacy Act (DPDPA)
  • Minnesota Consumer Data Privacy Act (MCDPA)
  • Montana Consumer Data Privacy Act (MTCDPA)
  • Nebraska Data Privacy Act (NDPA)
  • Nevada Privacy Law (NRS 603A)
  • New Hampshire Privacy Act (NHPA)
  • New Jersey Data Privacy Act (NJDPA)
  • Oregon Consumer Privacy Act (OCPA)
  • Tennessee Information Protection Act (TIPA)
  • Texas Data Privacy and Security Act (TDPSA)
  • Utah Consumer Privacy Act (UCPA)
  • Virginia Consumer Data Protection Act (VCDPA)
  • Other regulations that may apply.

2. Who manages your data and how can you contact us?
Your personal data are processed by:
M.Cicogna Società Agricola Semplice
 Via Zambonina 68 - 37068 Vigasio VR
 info@zambonina.it

For any information on the processing of personal data or to exercise their rights under the law, data subjects may contact the Data Controller.

3. On what legal basis do we process your data?
The processing of personal data collected through this site (including through cookies, similar technologies, contact forms, restricted areas, digital services and transactions, where present) is based on one or more of the following legal bases:

  1. Performance of a service or pre-contractual activity requested by the user via the contact forms provided;
  2. Fulfilment of legal, regulatory or statutory obligations;
  3. Consent given concerning the user's regarding commercial communications;

A further legal basis, the legitimate interest of the Controller, may be used for specific purposes (e.g. ensuring IT security, preventing fraud, protecting the holder's rights in court).

Additional legal bases for US and similar jurisdictions:
In countries subject to laws like the CCPA/CPRA (California), CPA (Colorado), CTDPA (Connecticut), DPDPA (Delaware), MCDPA (Minnesota), MTCDPA (Montana), NDPA (Nebraska), NRS 603A (Nevada), NHPA (New Hampshire), NJDPA (New Jersey), OCPA (Oregon), TIPA (Tennessee), TDPSA (Texas), UCPA (Utah), VCDPA (Virginia) and other US regulations, the following principles also apply:

  • Opt-out and right to objectThe user has the right to opt out at any time from the use, sale or sharing of their personal data for marketing, profiling or behavioural advertising purposes, by means of specific functions (Browser Settings, "Reject" button, "Unsubscribe" link or similar).

Additional legal bases for Brazil (LGPD):
When processing falls under the jurisdiction of the LGPD, the following specific legal bases provided by Brazilian legislation are added:

  • Credit protectionThe data can be processed for credit management and protection purposes, such as creditworthiness assessments, financial fraud prevention, or granting financing.
  • Public policy implementationIn the cases provided for, the Public Administration may process personal data for the implementation of initiatives provided for by laws, public programmes or agreements.
  • Research by research bodiesThe data may be used by scientific or statistical research bodies, preferably in an anonymised form, for study or analysis purposes.

Not accepting or withdrawing consent may reduce or limit certain personalised features or services.

4. What data do we collect when you visit the site?
When browsing this site, the following data may be collected, including through cookies and similar technologies such as pixel tags, web beacons, local storage and equivalent technologies:

  • Browsing and technical data: information such as IP address, device identifiers, operating system and browser data, requested URLs, connection times, technical logs, technical preferences, usage data collected via cookies and tracking technologies (pixel tags, web beacons, local storage and equivalent tools).

  • Voluntarily provided identifying details: information entered into the digital forms on the website (e.g. name, surname, email, telephone) and/or provided by sending emails or other contact channels, used to respond to requests, provide services, potential consultations, and – with consent – for sending information and commercial communications.

  • Data communicated via social integrations and third-party platforms: data transmitted through social functionalities (logins, plugins, shares, etc.), processed according to the rules of the relevant platforms in addition to this policy.

5. How do we process your data, how do we protect them and how long do we keep them?
Personal data collected through this site are processed mainly by electronic and digital means according to principles of lawfulness, correctness, data minimisation, integrity and confidentiality.

Appropriate technical and organisational measures are taken to prevent unauthorised access, loss, alteration or unauthorised disclosure of data, including:

  • Encryption of communications (https): Communications between your browser and the website are protected by HTTPS encryption, which prevents the interception or manipulation of data exchanged during browsing.;
  • Log monitoring: the system records and monitors access and activities in order to identify suspicious or unauthorised attempts and ensure data security;
  • Periodic backups The data is periodically copied and stored to protect it from accidental loss or technical incidents.;
  • Security audits and checks Regular security checks and tests are carried out to identify and correct any system vulnerabilities.;
  • Limitation of access to data to authorised subjects only Access to personal data is exclusively permitted to authorised and trained personnel, in compliance with internal security policies.

Data are stored according to the following timeframe:

  • Cookie preferences and consensus: stored for 180 days, as per the Cookie Policy on this site.
  • Browsing and technical data: retained only for as long as necessary to ensure the security, integrity and functionality of the site and subsequently anonymised or aggregated.
  • Data collected for contractual and transactional purposes: retained for as long as required by applicable laws (e.g. tax or accounting regulations).
  • Data processed for marketing purposes: retained until consent is revoked or cancellation is requested. In the absence of such requests, data will be retained for a maximum period of 24 months from the last significant interaction (e.g., opening a communication, opening/clicking on a communication, making a request from the website).
  • Data entered via forms or specific requests: retained for the time necessary to reply or fulfil the relevant purpose.

6. Who can receive your data?
They may access personal data collected through this site, within the limits of their respective competences and purposes:

  • Internal authorised parties by the Controller, duly trained in privacy and security;
  • Suppliers and third parties appointed as data processors (e.g. technical providers, IT companies, customer service companies, consultants, payment service providers and logistic providers, where applicable);
  • Business partners, third parties and affiliates, exclusively for promotional/marketing purposes if you have given specific consent or exercised your opt-out where applicable;
  • Parties providing plugins, social networks and services for interaction with external platforms, which may process personal data according to their own logic in their capacity as independent data controllers (in this case, please also refer to the individual policies of these third parties);
  • Competent public authorities and supervisory bodies, to the extent required by law or to comply with requests by judicial authorities;

The updated list of external addressees can be made available on request by writing to the Holder's contact details.

7. Where can your data be transferred?
Personal data collected through this site may be processed and transferred - for the purposes indicated - to the following countries:

  • to countries belonging to the European Economic Area (EEA), Switzerland or other countries recognised by the competent authorities as “adequate” for the level of protection provided by law;

Updated list of "reliable" countries":

8. What are your rights with regard to the data collected?
The user, according to the applicable legislation, has the right to:

  • To obtain confirmation as to whether or not personal data concerning him/her are being processed and, if so, to obtain access to such data and related information (right of access).
  • Request the rectification, updating or deletion of inaccurate or no longer required data (right of rectification and deletion).
  • Request the restriction or object to the processing of data, including for promotional/profiling purposes, where applicable.
  • Request the portability of data in a structured and interoperable format (where technically possible).
  • Withdraw consent given to the use of non-technical cookies, to the processing of data collected via tracking tools.
  • Exercise the right to opt-out of the “sale/sharing” of personal data, where provided for by US and Canadian laws.
  • Report any irregularities or abuses to the competent control authorities.

Notice for users residing in the United States

Users residing in the United States have, based on local legislation, the following additional and specific rights regarding data collected via cookies, tracking technologies, and similar tools:

  • The right to know the categories of personal data collected, sold, or shared with third parties, as well as the purposes of such processing;
  • Right to request erasure, where applicable, of personal data collected through tracking tools;
  • Right to opt-out from the “sale” or “sharing” of personal data;
  • Right not to be discriminated against as a consequence of the exercise of such rights.

To exercise these rights, simply send a request to the contact details of the Controller, who will respond within the timeframe provided for in the applicable local regulation.

9. How are children's data processed?
Child protection is a key priority.

The services and contents of this site are not intended for persons under the age of 18.

We do not knowingly collect personal data from minors without the verifiable consent of a parent or guardian.

If a parent or guardian believes that a child has provided personal data without authorisation, he or she may request its removal, update or restriction by writing to the contact details given in this notice.

10. How to make reports or complaints to the authorities?
If you believe that the processing of your personal data through this site does not comply with the applicable legislation, you may lodge a complaint free of charge with the competent supervisory authorities, including:

  • The Garante or the Data Protection Authority of your State of citizenship or residence;
  • Swiss Authority (IFPDT)
  • European Data Protection Supervisor
  • California Authority
  • Attorney General of Colorado
  • Connecticut Attorney General
  • Attorney General of Delaware
  • Attorney General of Minnesota
  • Department of Justice of Montana – Office of Consumer Protection
  • Attorney General of Nebraska
  • Attorney General of Nevada
  • New Hampshire Department of Justice – Consumer Protection
  • New Jersey Division of Consumer Affairs
  • Department of Justice of Oregon – Oregon Consumer Privacy Act
  • Attorney General of Tennessee
  • Attorney General of Texas – Texas Data Privacy and Security Act
  • Attorney General of Utah
  • Virginia Authority
  • Office of the Privacy Commissioner of Canada https://www.priv.gc.ca/en/report-a-concern/file-a-formal-privacy-complaint/
  • National Data Protection Authority (Brazil) https://www.gov.br/anpd/pt-br

How do we inform you about changes to this policy?
This policy is subject to periodic review for regulatory compliance or changes to the services offered through the site. Any significant changes will be communicated via this page.
Last revised: 4 April 2026

en_GBEN
it_ITIT en_GBEN