Copyright Page
Azienda Agricola Serpolla S.S.
Voc. Greppeppe 38, 06066 Piegaro PG, Italia
P.IVA: 03982000543
Iscritto alla Camera di Commercio Industria Artigianato e Agricoltura dell'Umbria
Numero REA: PG - 369702
CIR: 054040B501036701
CIN: IT054040B501036701
Telefonnummer: +39 376 255 3451 Emailadresse: [email protected]
Piattaforma europea per la risoluzione delle controversie online (ODR): https://ec.europa.eu/consumers/odr/
Privacy Policy
We are delighted that you are interested in our organisation. The protection of your personal data is of particular importance to our management. You may use our websites without disclosing any personal data to us. However, should you wish to make use of more specialised services via our websites, or other internet presences, applications, and social media pages operated by us, it may be necessary for us to process your personal data. Where we wish to process data about you and cannot rely on any other legal basis, we will always first request your consent (e.g. via a cookie banner).
When handling your personal data (such as your name, address, e-mail address, or telephone number), we always comply with applicable data protection legislation. This Privacy Policy informs you about what data we process. You will also find information in this Privacy Policy about the rights you hold as a data subject.
We have implemented various technical and organisational measures to protect your data on our websites as effectively as possible. Nevertheless, there are always risks inherent in the internet, and complete protection is not possible. You are therefore welcome to transmit your personal data to us by other means, for example by telephone, if you prefer.
This Privacy Policy is not intended solely to fulfil obligations arising from the GDPR and to comply with the law of the Member States of the European Union (EU) and the European Economic Area (EEA). It is also intended to comply with legal provisions such as those of the United Kingdom (UK GDPR), the Swiss Federal Act on Data Protection and the Swiss Data Protection Ordinance (FADP, DPO), the California Consumer Privacy Act (CCPA/CPRA), China's Personal Information Protection Law (PIPL), the Delaware Personal Data Privacy Act (DPDPA), the Tennessee Information Protection Act (TIPA), the Minnesota Consumer Data Privacy Act (MCDPA), the Iowa Act Relating to Consumer Data Protection (ICDPA), the Maryland Online Data Privacy Act (MODPA), the Nebraska Data Privacy Act (NDPA), the New Hampshire Consumer Data Privacy Law (SB255), the New Jersey Data Privacy Law (SB332), the South Carolina Consumer Privacy Bill (House Bill 4696), and other global data protection regulations, and is to be interpreted accordingly. The Privacy Policy set out below is to be construed for each country, state, or federal state in such a way that the terminology and legal bases used correspond to those used in the respective state or federal state.
In the interest of readability, our websites, publications, communications, and this Privacy Policy refrain from simultaneously using masculine, feminine, diverse, and other gender identities (m/f/d/other). All formulations used apply equally to all genders.
For suggestions regarding the wording of this Privacy Policy, or if you require an external Data Protection Officer, please contact the author of these texts: Prof. Dr. h.c. Heiko Jonny Maniero, LL.B., LL.M. mult., M.L.E.
1. Definitions
In our Privacy Policy, we use specific terms drawn from various data protection laws. We aim to ensure that our Policy is easy to understand, and therefore explain these terms in advance.
The following definitions are to be interpreted or expanded, where required for the application of law in individual cases, by reference to the case law of the General Court of the European Union (GC), the Court of Justice of the European Union (CJEU), the Swiss Federal Supreme Court (BGE), the Supreme Court of the United Kingdom (UKSC), or by reference to national data protection laws or national case law of a state or federal state, including but not limited to California, including judge-made law under common law.
In this Privacy Policy, we use, amongst others, the following terms:
a) Personal data
Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to where applicable as the "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person, or who must be regarded as such pursuant to national data protection laws or the national case law of a state or federal state, including judge-made law under common law.
b) Data subject
A data subject is any identified or identifiable natural person whose personal data are processed by the controller, a processor, an international organisation, or another recipient of data, as well as persons who must be regarded as such pursuant to national data protection laws or the national case law of a state or federal state, including judge-made law under common law.
c) Processing
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
d) Restriction of processing
Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.
e) Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location, or movements.
f) Pseudonymisation
Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
g) Controller
The controller means the natural or legal person, public authority, agency, or other body which, alone
h) Processor
A processor is a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
i) Recipient
A recipient is a natural or legal person, public authority, agency, or other body to whom personal data are disclosed, regardless of whether they are a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
j) Third Party
A third party is a natural or legal person, public authority, agency, or body other than the data subject, the controller, the processor, and the persons who, under the direct authority of the controller or the processor, are authorised to process personal data.
k) Consent
Consent is any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.
2. Name and Address of the Controller
The controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and the European Economic Area, the data protection laws of the United Kingdom, the Swiss data protection laws (FADP, DPO), the Californian data protection laws (CCPA/CPRA), Chinese data protection law (PIPL), as well as other international legislation and provisions of a data protection nature, is:
Azienda Agricola Serpolla S.S. Voc. Greppeppe 38 06066 Piegaro
Tel.: +393762553451
E-Mail: [email protected]
Website: https://serpolla.com/
3. Collection of General Data and Information
Each time our websites are accessed by a data subject or an automated system, a series of general data and information is collected. This general data and information is stored in the server log files. The data collected may include (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our websites (known as the referrer), (4) the sub-pages navigated to on our websites via an accessing system, (5) the date and time of access to the website, (6) an Internet Protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) other similar data and information which serve to avert danger in the event of attacks on our information technology systems.
When using this general data and information, we draw no conclusions about the data subject. This information is instead required in order to (1) deliver the content of our websites correctly, (2) optimise the content of our websites and the advertising thereof, (3) ensure the long-term functionality of our information technology systems and the technology of our websites, and (4) provide law enforcement authorities with the information necessary for prosecution in the event of a cyberattack. This anonymously collected data and information is therefore evaluated by us both statistically and with the aim of enhancing data protection and data security within our organisation, in order ultimately to ensure an optimal level of protection for the personal data we process. The server log file data is stored separately from all personal data provided by a data subject.
The purpose of processing is the prevention of risk and the safeguarding of IT security, as well as the aforementioned purposes. The legal basis is Article 6(1)(f) GDPR. Our legitimate interest is in particular the protection of our information technology systems. Log files are deleted once the stated purposes have been achieved.
4. Contact Options via the Website and Other Data Transmissions, and Your Consent
Our websites contain details that enable quick electronic contact with our organisation and direct communication with us, including a general electronic mail address (e-mail address) and, where applicable, a telephone number. Where a data subject contacts us by e-mail, via a contact form, via an input form, or by any other means, the personal data transmitted by the data subject are automatically stored. Such personal data transmitted to us voluntarily by a data subject are processed for the purposes of handling the enquiry or contacting the data subject.
For the transmission, storage, and processing of your contact details and enquiries, and for the purposes of contacting you, we obtain your consent pursuant to Article 6(1)(a) GDPR and Article 49(1)(1)(a) GDPR as follows:
By submitting your personal data, you freely consent to the processing of the personal data you have entered or transmitted for the purposes of handling the enquiry and being contacted. By transmitting your data to us, you also freely give your explicit consent pursuant to Article 49(1)(1)(a) GDPR to the transfer of data to third countries to and through the companies named in this privacy policy and for the purposes stated therein — in particular for transfers to third countries for which an EU/EEA adequacy decision exists or does not exist, as well as to companies or other bodies not covered by an existing adequacy decision by virtue of self-certification or other accession criteria, and in which or for which there are significant risks and no appropriate safeguards for the protection of your personal data (e.g. due to Section 702 FISA, Executive Order EO12333, and the Cloud Act in the USA). At the time of giving your voluntary and explicit consent, you were aware that third countries may not provide an adequate level of data protection and that your data subject rights may not be enforceable. You may withdraw your data protection consent at any time with effect for the future. Withdrawal of consent shall not affect the lawfulness of processing carried out on the basis of that consent prior to its withdrawal. By a single action (entering and submitting data), you grant multiple consents. These comprise consents under EU/EEA data protection law as well as under the CCPA/CPRA, ePrivacy and electronic media law, and other international legal provisions, which are required, amongst other things, as the legal basis for any intended further processing of your personal data. By your action, you also confirm that you have read and taken note of this privacy policy.
5. Routine Erasure and Restriction of Personal Data
We process and store personal data for the period necessary to achieve the purpose of processing, or for as long as provided for by the European legislator or another legislature in laws or regulations to which we are subject, or for as long as a legal basis for processing exists.
Where the purpose of processing no longer applies, or where a storage period prescribed by the European legislator or another competent legislature expires, or where the legal basis for processing ceases to exist, the personal data are routinely restricted or erased in accordance with statutory requirements.
6. Rights of the Data Subject under the GDPR
a) Right to Confirmation
Every data subject has the right to obtain from the controller confirmation as to whether personal data concerning them are being processed.
Should a data subject wish to exercise this right, they may contact us at any time.
b) Right of Access
Every data subject has the right to obtain from the controller, free of charge, information about the personal data stored in relation to them and a copy of that data at any time. Furthermore, the European legislator has granted the data subject access to the following information:
- the purposes of processing;
- the categories of personal data being processed;
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- the existence of the right to request rectification or erasure of personal data or restriction of processing by the controller, or to object to such processing;
- the existence of the right to lodge a complaint with a supervisory authority;
- where the personal data are not collected from the data subject: all available information as to their source;
- the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
The data subject also has the right to be informed as to whether personal data have been transferred to a third country or to an international organisation. Where this is the case, the data subject shall furthermore have the right to obtain information about the appropriate safeguards in connection with the transfer.
Should a data subject wish to exercise this right, they may contact us at any time.
c) Right to Rectification
Every data subject has the right to obtain from the controller the immediate rectification of inaccurate personal data concerning them. The data subject also has the right, taking into account the purposes of processing, to request the completion of incomplete personal data — including by means of a supplementary statement.
Should a data subject wish to exercise this right, they may contact us at any time.
d) Right to Erasure (Right to be Forgotten)
Every data subject has the right to obtain from the controller the erasure of personal data concerning them without undue delay, where one of the following grounds applies and insofar as processing is not necessary:
- The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
- The data subject withdraws their consent on which the processing was based pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR, and there is no other legal basis for the processing.
- The data subject objects to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) GDPR.
- The personal data have been unlawfully processed.
- The erasure of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
- The personal data have been collected in relation to the offer of information society services pursuant to Article 8(1) GDPR.
Where one of the above grounds applies and a data subject wishes to request the erasure of personal data stored by us, they may contact us at any time.
Where we have made personal data public and our organisation is obliged as controller to erase the personal data pursuant to Article 17(1) GDPR, we shall, taking account of available technology and the cost of implementation, take reasonable steps, including technical measures, to inform other controllers which are processing the published personal data that the data subject has requested the erasure by those other controllers of any links to, or copies or replications of, those personal data, insofar as processing is not necessary.
e) Right to Restriction of Processing
Every data subject has the right to obtain from the controller restriction of processing where one of the following conditions is met:
- The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
- The processing is unlawful and the data subject opposes erasure of the personal data and requests restriction of their use instead.
- The controller no longer needs the personal data for the purposes of processing, but they are required by the data subject for the establishment, exercise, or defence of legal claims.
- The data subject has objected to processing pursuant to Article 21(1) GDPR and it has not yet been determined whether the legitimate grounds of the controller override those of the data subject.
Where one of the above conditions is met and a data subject wishes to request restriction of personal data stored by us, they may contact us at any time.
f) Right to Data Portability
Every data subject has the right to receive the personal data concerning them which they have provided to a controller, in a structured, commonly used, and machine-readable format. They also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR, and the processing is carried out by automated means, provided the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Furthermore, when exercising their right to data portability pursuant to Article 20(1) GDPR, the data subject has the right to have personal data transmitted directly from one controller to another, where technically feasible and provided this does not adversely affect the rights and freedoms of other persons.
Should a data subject wish to exercise this right, they may contact us at any time.
g) Right to Object
Every data subject has the right to object, on grounds relating to their particular situation, at any time to the processing of personal data concerning them which is based on Article 6(1)(e) or (f) GDPR. This also applies to profiling based on those provisions.
In the event of an objection, we shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject, or the processing serves the establishment, exercise, or defence of legal claims.
Where we process personal data for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data for the purposes of such marketing. This also applies to profiling insofar as it is related to such direct marketing. Where the data subject objects to processing for direct marketing purposes, we shall no longer process the personal data for those purposes.
In addition, the data subject has the right, on grounds relating to their particular situation, to object to the processing of personal data concerning them carried out by us for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.
Should a data subject wish to exercise this right, they may contact us at any time. The data subject is also free, in the context of the use of information society services and notwithstanding Directive 2002/58/EC, to exercise their right to object by automated means using technical specifications.
h) Automated Individual Decision-Making, Including Profiling
Every data subject has the right not to be subject to a decision based solely on automated processing — including profiling — which produces legal effects concerning them or similarly significantly affects them, provided the decision (1) is not necessary for the conclusion or performance of a contract between the data subject and the controller, or (2) is not authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, or (3) is not based on the data subject's explicit consent.
Where the decision (1) is necessary for the conclusion or performance of a contract between the data subject and the controller, or (2) is based on the data subject's explicit consent, we shall implement suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, including at minimum the right to obtain human intervention on the part of the controller, to express their point of view, and to contest the decision.
Should a data subject wish to exercise this right, they may contact us at any time.
i) Right to Withdraw Data Protection Consent
Every data subject has the right to withdraw their consent to the processing of personal data at any time.
Should a data subject wish to exercise this right, they may contact us at any time.
7. General Purpose of Processing, Categories of Personal Data Processed, and Categories of Recipients
The general purpose of processing personal data is the handling of all matters relating to the controller, customers, prospective customers, business partners, or other contractual or pre-contractual relationships between the aforementioned groups (in the broadest sense), as well as the controller's statutory obligations. This general purpose applies where no more specific purposes have been stated for a particular processing activity.
The categories of personal data processed by us are customer data, prospective customer data, employee data (including applicant data), and supplier data. The categories of recipients of personal data are public authorities, external bodies, internal processing, intra-group processing, and other entities.
A list of our processors and recipients of personal data in third countries, as well as any international organisations where applicable, is either published on our website or may be requested from us free of charge.
8. Legal Bases for Processing
Article 6(1)(a) GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. Where the processing of personal data is necessary for the performance of a contract to which the data subject is a party — as is the case, for example, with processing operations required for the delivery of goods or the provision of a service or other consideration — processing is based on Article 6(1)(b) GDPR. The same applies to processing operations necessary for the implementation of pre-contractual measures, such as enquiries regarding our products or services. Where we are subject to a legal obligation that requires the processing of personal data, such as for the fulfilment of tax obligations, processing is based on Article 6(1)(c) GDPR.
In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our premises were to be injured and their name, age, health insurance details, or other vital information had to be passed on to a doctor, hospital, or other third party. In such circumstances, processing would be based on Article 6(1)(d) GDPR.
Where processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, the legal basis is Article 6(1)(e) GDPR.
Finally, processing operations may be based on Article 6(1)(f) GDPR. This legal basis applies to processing operations not covered by any of the aforementioned bases, where processing is necessary for the purposes of a legitimate interest pursued by our organisation or by a third party, provided that the interests, fundamental rights, and fundamental freedoms of the data subject do not override those interests. Such processing operations are permitted in particular because they have been specifically mentioned by the European legislator, who took the view that a legitimate interest may be assumed where the data subject is a customer of the controller (Recital 47, sentence 2, GDPR).
9. Legitimate Interests Pursued by the Controller or a Third Party, and Direct Marketing
Where the processing of personal data is based on Article 6(1)(f) GDPR and no more specific legitimate interests have been stated, our legitimate interest is the conduct of our business operations for the benefit of the wellbeing of our staff and shareholders.
We may send you direct marketing communications regarding our own goods or services that are similar to those you have enquired about, commissioned, or purchased. You may object to direct marketing at any time (e.g. by e-mail), and no costs other than transmission costs at basic rates will be incurred by you. The processing of personal data for the purposes of direct marketing is based on Article 6(1)(f) GDPR. The legitimate interest is direct marketing.
Our messages and newsletters may also constitute communications for the purposes of direct marketing within the meaning of Article 13(2) of EU Directive 2002/58/EC (the Privacy and Electronic Communications Directive) and the national legislation resulting therefrom, where we have obtained your electronic or other contact details in connection with the sale of a service or product — including the creation of a free user account through which you are permitted, amongst other things, to access free content on our websites and publications (newsletters, etc.) — provided that we advertise similar products or services through such direct marketing, such that direct marketing is permissible without consent (cf. ECJ, judgment of 13 November 2025, Case C-654/23). In such cases, you may object to the use of your contact details at any time, free of charge.
10. Duration for Which Personal Data Are Stored
The criterion for determining the duration of storage of personal data is the applicable statutory retention period. Where no statutory retention period exists, the criterion is the contractual or internal retention period. Upon expiry of that period, the corresponding data are routinely deleted, provided they are no longer required for the performance or initiation of a contract. This applies in particular to all processing activities for which no more specific criteria have been established.
11. Statutory or Contractual Requirements to Provide Personal Data; Necessity for the Conclusion of a Contract; Obligation of the Data Subject to Provide Personal Data; Possible Consequences of Failure to Provide
We inform you that the provision of personal data is in some cases required by law (e.g. tax regulations) or may arise from contractual provisions (e.g. information relating to a contractual partner). In some instances, it may be necessary for the conclusion of a contract that a data subject provides us with personal data which must subsequently be processed by us. For example, a data subject is obliged to provide us with personal data where our organisation concludes a contract with them. Failure to provide personal data would result in the contract with the data subject not being able to be concluded. Before providing personal data, the data subject should contact us. We will inform the data subject on a case-by-case basis whether the provision of personal data is required by law or by contract, or is necessary for the conclusion of a contract, whether there is an obligation to provide personal data, and what the consequences of failing to do so would be.
12. Existence of Automated Decision-Making
As a responsible organisation, we do not ordinarily engage in automated decision-making or profiling. Should we exceptionally carry out automated decision-making or profiling, we will inform the data subject either separately or via a subsection of our privacy policy (here on our website). In such cases, the following applies:
Automated decision-making, including profiling, may occur where this (1) is necessary for the conclusion or performance of a contract between the data subject and us, or (2) is authorised by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, or (3) is based on the data subject's explicit consent.
In the cases referred to in Article 22(2)(a) and (c) GDPR, we shall implement suitable measures to safeguard the data subject's rights and freedoms and legitimate interests. In such cases, you have the right to obtain human intervention on the part of the controller, to express your point of view, and to contest the decision.
Meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject, will be set out in this privacy policy where applicable.
13. Recipients in a Third Country and Suitable or Adequate Safeguards, and How to Obtain a Copy or Where They Are Available
Pursuant to Article 46(1) GDPR, a controller or processor may only transfer personal data to a third country where the controller or processor has provided suitable safeguards and on condition that enforceable data subject rights and effective legal remedies are available. Suitable safeguards may, without requiring any specific authorisation from a supervisory authority, be provided by way of standard data protection clauses, pursuant to Article 46(2)(c) GDPR.
Prior to any initial transfer of personal data, standard contractual clauses or other suitable safeguards will be agreed with all recipients in third countries, or transfers will be based on adequacy decisions. This ensures that appropriate safeguards, enforceable rights, and effective legal remedies are guaranteed for all processing of personal data. Any data subject may obtain a copy of the standard contractual clauses or adequacy decisions from us. In addition, the standard contractual clauses and adequacy decisions are available in the Official Journal of the European Union.
Article 45(3) GDPR empowers the European Commission to decide, by means of an implementing act, that a non-EU country ensures an adequate level of protection — that is, a level of protection for personal data that is essentially equivalent to that within the EU. The effect of adequacy decisions is that personal data may flow from the EU (as well as from Norway, Liechtenstein, and Iceland) to a third country without further restriction. Similar provisions apply to the United Kingdom, Switzerland, and certain other countries.
In all cases where the European Commission, or the government or competent authority of another country, has determined that a third country ensures an adequate level of protection and/or where a valid framework exists (e.g. the EU–U.S. Data Privacy Framework, the Swiss–U.S. Data Privacy Framework, the UK Extension to the EU–U.S. Data Privacy Framework), all transfers by us to members of such frameworks (e.g. self-certified organisations) are based solely on that organisation's membership of the relevant framework or on the applicable adequacy decisions. Where we or one of our group companies are a member of such a framework, all transfers to us or to our group company are based solely on the relevant company's membership of that framework. Where we or one of our group companies are established in a third country with an adequate level of protection, all transfers to us or to our group company are based solely on the applicable adequacy decisions.
Any data subject may obtain a copy of the frameworks from us. The frameworks are also available in the Official Journal of the European Union, in published legislative materials, or on the websites of data protection supervisory authorities or other authorities and institutions.
14. Right to Lodge a Complaint with a Data Protection Supervisory Authority
As controller, we are obliged to inform data subjects of their right to lodge a complaint with a supervisory authority. This right is governed by Article 77(1) GDPR. Pursuant to that provision, without prejudice to any other administrative or judicial remedy, every data subject has the right to lodge a complaint with a supervisory authority — in particular in the Member State of their habitual residence, place of work, or place of the alleged infringement — if they consider that the processing of personal data relating to them infringes the GDPR. The Union legislator has restricted this right solely to the extent that it may only be exercised before a single supervisory authority (Recital 141, sentence 1, GDPR). This provision is intended to prevent duplicate complaints on the same matter by the same data subject. Accordingly, data subjects wishing to lodge a complaint against us are requested to contact only one supervisory authority.
This privacy policy was generated using a tool developed through collaboration between specialists in e-commerce law, an external data protection officer, and an ISO 9001 certification body.
Cookie Policy
This page describes our cookie policy for https://serpolla.com/. If you do not agree to this cookie policy, please do not use this website.
1. How We Use Cookies
This website uses cookies for various reasons, which you (the web user) can read more about below.
By using the website, you consent to the use of cookies and other technologies in accordance with this policy. We understand that some users prefer greater individual control over their visit to our website and may adjust their settings accordingly. All relevant information can be found in the section "How to Control and Delete Cookies" below. If you do not agree to this use, please refrain from using the website.
2. What Are Cookies?
In order for almost any modern website to function properly, it must collect certain basic information about its users. For this purpose, a website creates so-called cookies — small text files — on its users' computers. These cookies enable the website to recognise its users on subsequent visits, or to allow other specific websites to recognise those users for a particular purpose.
Cookies may be classified in various ways. For example:
Session cookies are temporary cookies stored in the browser's memory only until the browser is closed. They are used to control the page elements displayed to a user during a single multi-page visit to a website, as well as for other short-term storage purposes.
Persistent cookies are longer-term cookies to which the issuer assigns an expiry date. Persistent cookies can track your activity not only on the website that issued the cookie, but also on any website that contains a resource issued by that same website.
First-party cookies are cookies created by the website you are currently visiting.
Third-party cookies are cookies added by a domain other than the one you are currently visiting. The most common use of third-party cookies is to track users who click on advertisements and attribute them to the referring domain.
3. Cookies We Use
We use both first-party and third-party cookies. All cookies used by us are listed below.
Strictly Necessary — First Party
Host | Name | Description |
lodgify.com | __cfuid | Description: A cookie associated with websites using CloudFlare, used to speed up page load times. According to CloudFlare, it is used to override any security restrictions based on the visitor's IP address. It contains no information for identifying the user. Duration: one month |
checkout.lodgify.com | .ASPXANONYMOUS | Description: Used by websites running Microsoft's .NET technology platform. It enables the website to maintain an anonymous user ID in order to track individual users within a session without requiring them to log in or otherwise identify themselves Duration: two months |
checkout.lodgify.com | ASP.NET_SessionId | Description: A general platform session cookie used by websites written using Microsoft .NET-based technologies. Typically used by the server to maintain an anonymised user session. Duration: Session |
Third Party
Host | Name | Description |
icdbcdn.com | __cfduid | Description: A cookie associated with websites using CloudFlare, used to speed up page load times. According to CloudFlare, it is used to override any security restrictions based on the visitor's IP address. It contains no information for identifying the user. Duration: one month |
Performance
First Party
Host | Name | Description |
lodgify.com | _ga | Description: Associated with Google Universal Analytics. Used to distinguish individual users by assigning a randomly generated number as a client identifier. It is included in each page request on a website and is used to calculate visitor, session, and campaign data for the website's analytics reports. Set to expire after two years by default, though this may be adjusted by website operators. Duration: two years |
checkout.lodgify.com | _gid | Description: Associated with Google Universal Analytics. Appears to be a newer cookie about which Google has provided no information since spring 2017. It appears to store and update a unique value for each page visited. Duration: one day |
checkout.lodgify.com | _ga | Description: Associated with Google Universal Analytics. Appears to be a newer cookie about which Google has provided no information since spring 2017. It appears to store and update a unique value for each page visited. Duration: two years |
Functional
First Party
Host | Name | Description |
_ldgfy_c6y | Description: Used to store currency values for the visitor in order to personalise the website. Duration: Session | |
_ldgfy_c5e | Description: Used to store language values for the visitor in order to personalise the website. Duration: Session | |
_ldgfy_e5e | Description: Used to store date search values for the visitor in order to personalise the website. Duration: Session | |
_ldgfy_g4s | Description: Used to store search values for the visitor in order to personalise the website. Duration: Session | |
_ldgfy_l6n | Description: Used to store search values for the visitor in order to personalise the website Duration: Session | |
_ldgfy_s6e | Description: Used to store date search values for the visitor in order to personalise the website. Duration: Session | |
ngx_geoip_cc | Description: Stores the visitor's country based on their IP address in order to personalise website content. Duration: Session | |
checkout.lodgify.com | _ldgfy_XXXX_XX_defaults | Description: Used to store certain default values for the visitor's country (such as currency or language) in order to personalise the website. Duration: one year |
checkout.lodgify.com | ngx_geoip_cc | Description: Used to store certain default values for the visitor's country (such as currency or language) in order to personalise the website. Duration: Session |
checkout.lodgify.com | _ldgfy_XXXX_currency | Description: Used to store currency values for the visitor in order to personalise the website. Duration: one year |
Third Party
Host | Name | Description |
websites-static.lodgify.com | _ldgfy_c6y | Description: Used to store currency values for the visitor in order to personalise the website. Duration: Session |
websites-static.lodgify.com | _ldgfy_c5e | Description: Used to store language values for the visitor in order to personalise the website. Duration: Session |
cdn.lodgify.com | _ldgfy_XXXX_XX_defaults | Description: Used to store certain default values for the visitor's country (such as currency or language) in order to personalise the website. Duration: one year |
Targeting
First Party
Host | Name | Descripton |
.lodgify.com | _gat_gtag_xxxxxxxxxxxxxxxxxxxxxxxxxx | Description: Google Analytics Duration: a few seconds |
checkout.lodgify.com | _gat_xxxxxxxxxxxxxxxxxxxxxxxxxx | Description: Google Analytics Cookies Duration: a few seconds |
Third Party
Host | Name | Description |
.google.com | _GRECAPTCHA | Duration: 6 Months |
4. How to Control and Delete Cookies
Most browsers accept cookies automatically, but you can change your browser settings to delete cookies or prevent automatic acceptance if you prefer. In general, you have the option to view which cookies you have received and delete them individually, block third-party cookies or cookies from specific websites, accept all cookies, be notified when a cookie is set, or reject all cookies. To change your settings, access the "Options" or "Settings" menu of your browser, and click the following links for further browser-specific information.
Cookie settings in Internet Explorer Cookie
settings in Firefox Cookie
settings in Chrome Cookie
settings in Safari