Privacy and cookie policy

Dear User,

Società Agricola Biologica "MicroCosmo" s.s., Tax Code and VAT number IT03528460540, represented by its legal representative, Giulio Massini, with registered office in Perugia (PG), Borgo XX Giugno n.8, email: biomicrocosmo@gmail.com, acting as Data Controller, protects the personal data provided by Data Subjects during browsing and use of the website civica.squarespace.com , ensuring confidentiality and guaranteeing compliance with current regulations, as well as the necessary level of protection against any event that may put them at risk of breach.

As required by Article 13 of the European Union General Data Protection Regulation (GDPR), before proceeding with processing, the user of the website civica.squarespace.com (hereinafter also referred to as "Data Subject") is informed that their personal data, collected through the website, are processed by the Data Controller as identified above, through electronic and/or telematic tools, for the purposes indicated below in this notice.

1. Types of Personal Data Processed

The IT systems and software procedures used to operate this page acquire, in the course of their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols.

The following personal data of the Data Subject may therefore be processed, by way of example:

Browsing data: this category includes IP addresses or domain names of computers and terminals used by users, URI/URL (Uniform Resource Identifier/Locator) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server's response (success, error, etc.) and other parameters relating to the user's operating system and IT environment. Such data, necessary for the use of web services, are also processed in order to: obtain statistical information on the use of services (most visited pages, number of visitors per hourly or daily time slot, geographic areas of origin, etc.); monitor the correct functioning of the services offered.

Data voluntarily provided by sending requests to the contact email address provided by the Data Controller or by filling in online forms: this category includes identifying and contact personal data, such as first name, last name, email address, telephone number, and/or any other information the Data Subject wishes to share with the Data Controller.

Cookies: a "cookie" is a text file created by a website on the user's computer when they access that website, with the purpose of storing and transporting information.

Cookies are sent by a web server (the computer running the visited website) to the user's browser (Internet Explorer, Mozilla Firefox, Google Chrome, etc.) and stored on the user's computer; they are then re-sent to the website on subsequent visits.

Many operations normally performed on a website could not be carried out without the use of cookies, which in such cases are therefore technically necessary. This type of cookie is called technical or functional. In other cases, the site uses cookies to facilitate and ease navigation for the user, or to allow them to enjoy specifically requested services.

Session cookies, stored in temporary memory and deleted when the browser is closed, used exclusively to "carry out the transmission of a communication over an electronic communications network, or to the extent strictly necessary for the provider of an information society service explicitly requested by the subscriber or user to provide that service," allow the website to be used efficiently, keeping track of page views so as not to request information already acquired and/or released by the user's browser during the same connection session.

Such cookies may be further divided into navigation or session cookies, which ensure normal browsing and use of the website (allowing, for example, a purchase to be made or authentication to access restricted areas); analytics cookies, equated with technical cookies where, as in this case, they use anonymisation tools and are used directly by the site manager to collect information, in aggregate form, on the number of users and how they visit the site; functional cookies, which allow the user to browse according to a set of pre-selected criteria (for example, language, products selected for purchase) in order to improve the service provided to them.

Cookies can also be classified by origin as: first-party cookies, i.e. cookies generated and managed directly by the operator of the website the user is browsing; third-party cookies, which are generated and managed by parties other than the operator of the website the user is browsing.

For the installation of technical or session cookies, prior consent from data subjects is not required, while the Data Controller remains obliged to provide, pursuant to Regulation (EU) 2016/679, the present mandatory information, which the site operator, if using only such devices, may provide in the manner it deems most appropriate.

This website uses only technical cookies.

Cookie Settings

By default, many browsers automatically allow the use of cookies, but also offer the ability to control most cookies, including the option to accept or decline them and the procedure for deleting them. For more information on controlling cookies, consult the "Tools" (or similar) section of your browser.

You can set your browser to receive a warning before accepting a cookie, with the option to decide whether to receive it or not. You can also disable cookies entirely.

How to disable cookies?

Most browsers (Internet Explorer, Firefox, Chrome, etc.) are configured to accept cookies. Cookies stored on your device's hard drive can be deleted, and it is also possible to disable cookies by following the instructions provided by the main browsers.

Social Buttons

The website civica.squarespace.com contains certain "buttons" (called "social buttons/widgets") displaying the icons of social networks (e.g., Facebook). These allow users browsing the Data Controller's webpage to access the relevant social networks with a single click. In this case, the social network acquires data relating to the user, while the Data Controller will not share any browsing information or user data acquired through its own site with the social network accessible via the social buttons/widgets. These services release "third-party cookies."

Below are links to the privacy policies of the most widely used social networks and websites to which the buttons refer:

Facebook: https://www.facebook.com/help/cookies

Instagram: https://privacycenter.instagram.com/policies/cookies/

LinkedIn: https://it.linkedin.com/legal/cookie-policy

X: https://help.x.com/it/rules-and-policies/x-cookie

2. Purposes and Legal Basis of Processing

Your personal data will be processed for the following purposes:

a) to enable browsing and use of this website, as well as to carry out maintenance and technical support necessary for its correct operation;

b) to be contacted by the Data Controller and/or to receive news from them through subscription to the CIVICA project's newsletter;

c) to assess collaboration opportunities through the "Contacts" section of the website.

The Data Controller processes User Personal Data when one of the following conditions applies:

the User has given consent for one or more specific purposes;

processing is necessary for the performance of a contract with the User and/or for the execution of pre-contractual measures;

processing is necessary to comply with a legal obligation to which the Data Controller is subject;

processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller;

processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party.

It is always possible to ask the Data Controller to clarify the specific legal basis of each processing activity, and in particular to specify whether processing is based on law, provided for by a contract, or necessary to conclude a contract.

3. Processing Methods

The personal data subject to processing are collected directly by the Data Controller or by third parties expressly authorised by them, or communicated by the Data Controller to such third parties appointed as processors for the purposes referred to in point 2 of this notice.

The processing of personal data will be carried out primarily using electronic tools by the Data Controller or by external parties duly appointed as data processors in accordance with the GDPR.

The Data Controller periodically carries out checks to ensure that personal data not necessary for the processing activities and related purposes as indicated in point 2 of this notice are not processed, collected, stored, or retained.

4. Recipients of Personal Data

The personal data processed for the purposes referred to in point 2 of this notice may be communicated to:

internal members of the Data Controller's organisation duly authorised for the relevant parts of processing;

external parties such as:

providers of IT infrastructure and solutions;

web service providers;

consultants and/or suppliers, to the extent necessary for the performance of their duties.

The communication concerns the categories of personal data whose transmission to the aforementioned third parties is necessary for the performance of activities and for the purposes referred to in point 2 of this notice. The updated list of External Processors is kept at the Data Controller's registered office and may be requested by the Data Subject.

For the processing carried out for the purpose referred to in point 2, letter a), the Data Subject's consent is not required, as it takes place for the performance of obligations arising from the Data Subject's own request.

With regard to the processing activities for the purposes referred to in point 2, letters b) and c), further information is contained in the specific notices set out on the site and prepared for the relevant services.

Under no circumstances will personal data relating to you be communicated to other categories of third parties (beyond those mentioned above), and they will not be subject to dissemination operations.

5. Extra-EU/EEA Transfers

The Data Controller does not transfer the Data Subject's personal data abroad (where "abroad" means all countries not belonging to the European Economic Area).

The management and storage of personal data will take place on servers of third-party companies duly appointed as External Data Processors, located within the European Union.

In some cases, your data may be processed abroad, and the transfer will take place on the basis of the principles and conditions set out in Chapter V of the GDPR, as well as on the basis of adequate security guarantees.

6. Retention Period / Data Retention

The personal data relating to you will be processed by the Data Controller for the entire duration of the relationship with the Data Controller and for the time necessary to achieve the purposes for which they were collected.

Upon reaching the above-mentioned deadlines, the Data Controller will proceed to delete the data relating to you.

Longer retention periods may apply in the presence of specific legal obligations or in cases where requests are received by the Data Controller from public authorities, or for further needs to protect the rights of the Data Controller or the Data Subject.

7. Rights of the Data Subject

Pursuant to EU Regulation 2016/679, the Data Subject has the right to:

obtain confirmation of the processing carried out by the Data Controller on personal data concerning them;

access their personal data and learn about its origin (when data is not obtained directly from the Data Subject), the purposes of processing, the details of parties to whom it is communicated (recipients), the data retention period or, in its absence, the criteria used to determine it;

obtain rectification of their personal data;

obtain erasure of their personal data from the Data Controller's databases where they are no longer necessary for the purposes for which they were collected, or if processing is unlawful, and in the other cases referred to in Article 17 of the GDPR;

restrict the processing of their personal data, for example where its accuracy is contested, for the period necessary for the Data Controller to verify its accuracy, and in all other cases referred to in Article 18 of the GDPR;

obtain their personal data in electronic format, including for the purpose of transmitting it to another Data Controller (portability).

The Data Subject may exercise their rights by contacting the Data Controller in writing at: biomicrocosmo@gmail.com

The Data Controller must act accordingly without undue delay and, in any event, no later than one month from receipt of the request. The deadline may be extended by two months, in which case the Data Controller will, within thirty days, inform the Data Subject of the reasons making such an extension necessary.

8. Complaints

The Data Subject has the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali).

In the event that the Data Subject resides in a different member state, or the breach of personal data protection legislation occurs in an EU country other than the one where the Data Controller is based, the Data Subject must lodge a complaint with the authority responsible for overseeing compliance with personal data protection legislation in that country.

Lodging a complaint does not prejudice the Data Subject's right to bring any other legal action.

9. Changes to This Notice

The Data Controller reserves the right to make changes to this Privacy Policy at any time, publicising them to users on the page.

Please therefore consult this page frequently, using the last modification date indicated at the end of the document as a reference. In the event of non-acceptance of changes made to this Privacy Policy, the Data Subject may request the Data Controller to delete their personal data. Unless otherwise specified, the previous Privacy Policy will continue to apply to personal data collected up to that point.

Notice last updated: 31/03/2026

Short Cookie Notice

Società Agricola Biologica "MicroCosmo" s.s., as data controller, informs the user that this website installs technical cookies in order to enable use of the website and a better browsing experience.

Closing this banner allows browsing of the website while maintaining default settings (technical cookies only). For more information about the cookies used by the site, please visit https://civica.squarespace.com/privacy-and-cookies-policy