Privacy Policy

Information on the processing of personal data (Article 13 of EU Regulation 2016/679)

Dear user ,
We would like to inform you about the methods and purposes of processing the personal data of those who interact with the website www.frantoiodorazio.it. , in accordance with the provisions of art. 13 of Regulation (EU) 2016/679 (“GDPR”).

Scope of application: This policy does not apply to other websites that may be accessed via links on the websites under the Data Controller's domain. The Data Controller is not responsible for third-party websites.

Data controller

D'Orazio Srl
Registered office: Via dell'Ulivo 1, 70014 – Conversano (BA)
VAT number: 07478250728
Tel: 080 4955442
PEC: doraziosrl@pec.it
Email: info@frantoiodorazio.it
Legal representative pro tempore .

Purpose of the processing – Legal basis – Nature of the provision

We process your personal data only if there is an appropriate legal basis . For the purposes set out below, we will generally process ordinary personal data , in compliance with Art. 6 GDPR .

Types of data processed

  • Personal data: name, surname, address, tax code, telephone number.

  • Browsing data: IP addresses, domain names of the computers used by users, URIs of requested resources, browser characteristics, device screen resolution , operating system and IT environment parameters.

a) Navigation on the site and technical management of connections

The computer systems used to operate the website acquire, during normal operation and solely for the duration of the connection, some personal data whose transmission is implicit in the use of internet communication protocols. This information, not collected to be associated with identified data subjects, could allow users to be identified through processing and association with data held by third parties.
The data is used exclusively to obtain anonymous statistics on site usage and to monitor its proper functioning , and is deleted immediately after processing. It may be used to determine liability in the event of hypothetical cybercrimes against the site.
Legal basis: legitimate interest of the Data Controller (Article 6, paragraph 1, letter f GDPR).
Nature of the provision: necessary to allow navigation.

b) “Login” registration ( Shop section) and “Become a reseller” form

  • Shop Login: data (email, name, surname, address) to allow the purchase of products, fulfill orders and manage shipping/billing addresses.

  • Become a reseller: data (name, surname, type of business, telephone number, email, city, postcode) to evaluate requests for commercial collaboration .
    Legal basis: performance of a contract or pre-contractual measures (Article 6, paragraph 1, letter b GDPR).
    Nature of the provision: necessary ; failure to provide data will prevent the provision of the requested service.

c) Information/contact requests ( Contacts and Give Puglia as a Gift areas)

Sending emails to the addresses indicated or completing the appropriate forms involves the acquisition of your name, surname, email address, telephone number, city, role (importer, distributor, retailer, restaurateur, wedding planner), and any other data entered, including that related to complaints management .
Legal basis: fulfillment of pre-contractual/contractual obligations (Article 6, paragraph 1, letter b GDPR).
Nature of the provision: necessary to follow up on requests; otherwise, it will not be possible to manage them.

d) Newsletter/direct marketing activities

Upon prior consent by registering in the appropriate box, the Data Controller may send newsletters , commercial offers , informational material (including for satisfaction surveys), promotional and advertising materials, as well as communications on events and initiatives , including via email and WhatsApp .
Legal basis: user consent (Article 6, paragraph 1, letter a) GDPR).
Nature of the provision: optional ; failure to consent does not affect other services.

e) Aggregate statistical analysis on an anonymous basis

To improve the performance and services offered through the site, processing occurs only on anonymous data .
Legal basis: legitimate interest of the Data Controller (Article 6, paragraph 1, letter f GDPR).
Nature of the provision: not required.

f) Publication of images and footage during activities/events

During company activities (events, demonstrations, tastings, guided tours, initiatives), the Data Controller may take photographs , videos and other audiovisual materials portraying the participants (individuals or groups).

Purpose:

  • Documentation of activities and events for promotional , advertising and marketing purposes;

  • Publication on information materials , brochures, catalogues and other paper/digital media;

  • Dissemination via website , social media (Facebook, Instagram, LinkedIn), newsletters and other digital channels;

  • Use in advertising campaigns across various media;

  • Transfer to journalists , newspapers , press agencies , bloggers , influencers and other information operators for reporting , information and territorial promotion purposes;

  • Participation in competitions , fairs , demonstrations and events in the agri-food and tourism sectors;

  • Creation of photographic and video archives for internal and commercial use.

Legal basis:

  • Free, specific, informed, and unambiguous consent (Article 6, paragraph 1, letter a ) and Article 7 of the GDPR).

  • Legitimate interest of the Data Controller (Article 6, paragraph 1, letter f GDPR) for events of public interest or demonstrations open to the public, in compliance with Article 97 of Law 633/1941 .

Nature of the contribution:

  • Consent is optional : failure to provide it does not preclude participation in the activities, but it does mean you will not be able to be filmed/photographed.

  • For public/public events, participation entails the possibility of being filmed as part of the general documentation of the event.

Automated decisions: Personal data will not be processed through automated decision-making processes pursuant to Art. 22 GDPR .

Treatment methods

The processing is carried out using IT and telematic tools , in compliance with the principles of correctness , lawfulness , transparency , relevance , completeness , non-excess and accuracy , according to organizational logic related to the purposes, adopting technical and organizational measures suitable for guaranteeing the security , integrity and confidentiality of the data.

Recipients or categories of recipients

For the purposes indicated or where required by law/authority, the data may be communicated to:

  • Entities that provide management services for the Data Controller's information system and telecommunications networks (including e-mail and website management);

  • The Data Controller's staff (workers and consultants) authorised to process data;

  • Public Bodies or Public Safety Authorities for legal obligations.

For images, the communication/transfer may concern:

  • Communication and marketing agencies ;

  • Photographers , video makers and professionals in charge;

  • Newspapers , journalists, bloggers, influencers and information operators;

  • Public/private bodies organizing events, fairs and demonstrations;

  • Protection consortia , trade associations, territorial promotion bodies;

  • Digital platforms and social media ;

  • Press agencies and mass media.

The transfer will take place in compliance with the purposes indicated and any limitations expressed by the interested party at the time of consent.

Storage times

In accordance with art. 5, paragraph 1, letter e) GDPR , personal data are retained for a period no longer than is necessary for the purposes:

  • Contact/information requests: up to 1 year ;

  • Newsletter/direct marketing: up to 2 years ;

  • Anonymous statistical analysis: up to 24 months ;

  • Tax obligations: up to 10 years ;

  • Images and videos: up to 10 years from the date of acquisition, unless otherwise indicated by the interested party or required for company historical archives .

After the deadline, the data will be deleted or anonymized , unless further storage is required due to subsequent contractual obligations, legal obligations or orders from Public Authorities .

Use of social networks

From the site, you can connect to the company's social media pages ( Facebook, Instagram, WhatsApp, LinkedIn ). The social networks independently manage their own privacy policies and are data controllers for the activities carried out on their platforms.

For more information:

When the user is on social media pages managed by D'Orazio Srl and provides personal data (e.g., private messages, comments, reviews) or when social media provides non-anonymous statistics, D'Orazio Srl becomes the Data Controller for such processing.

  • Purpose: ordinary management of pages, moderation of illegal content, response to public/private requests for services.

  • Legal basis: legitimate interest of the Data Controller in proposing and illustrating the services and in responding to questions.

  • Processing tools: those made available by social media platforms.

  • Private messages: kept for up to 6 months after last contact, then deleted .

  • The user is free to remove likes/comments/reviews directly on the platform.

Nature of provision: voluntary; failure to provide data may prevent the provision of the information requested via social media.

Data transfers to third countries

Your data will not be transferred to non-EU countries .

Data dissemination

Your data will not be disclosed .

Rights of the interested party

Pursuant to Articles 15–21 GDPR , the data subject may exercise the following rights (under the conditions set forth in the Regulation):

  • Right of access: obtain confirmation of processing and access to data, including a copy .

  • Right to rectification: obtain the rectification of inaccurate data and/or the integration of incomplete data.

  • Right to erasure (“right to be forgotten”): obtain the erasure of your data when it is no longer needed, in the event of withdrawal of consent (if there is no other legal basis), objection to processing, unlawful processing, or a legal obligation to erase it. (This does not apply where processing is necessary for legal obligations, tasks carried out in the public interest, or for the establishment, exercise, or defense of legal claims.)

  • Right to restriction: when (a) you contest the accuracy of the data; (b) the processing is unlawful and you oppose its erasure; (c) the data is required for the establishment/exercise/defense of a right.

  • Right to portability: receive data in a structured, commonly used and machine-readable format and transmit them to another Data Controller, if the processing is based on consent and is carried out by automated means .

  • Right to object: object at any time to processing for purposes other than those for which consent was given.

Complaint to the Authority: the interested party can lodge a complaint with the Italian Data Protection Authority ( www.garanteprivacy.it). ) pursuant to art. 77 GDPR .

Revocation of consent: the consent given can be revoked at any time , as easily as it was granted.

Free of charge: The exercise of these rights is free of charge (Article 12 of the GDPR). In the event of manifestly unfounded or excessive requests (including repetitive requests), the Data Controller may charge a reasonable fee or deny the request.

How to exercise your rights: You can exercise your rights by using the appropriate form and sending it by email or fax to the Data Controller's contact details indicated in this policy.

Information updates

This Policy was updated on August 28, 2025. Any updates will be posted on this page.

The Data Controller
D'Orazio Srl – Via dell'Ulivo 1, 70014 Conversano (BA)
PEC: doraziosrl@pec.it – Email: info@frantoiodorazio.it – Tel: 080 4955442