Extended information on privacy management
This section contains information relating to the processing of data of Nepeta.it Users.
This information is also valid for the purposes of Article 13 of Legislative Decree no. 196/2003, the Personal Data Protection Code, and for the purposes of Article 13 of EU Regulation no. 2016/679, relating to the protection of natural persons with regard to the processing of personal data and the free movement of such data, for those who interact with Nepeta.it and can be reached at the address corresponding to the home page: www.nepeta.it
This information applies only to Nepeta.it and not to other websites that may be accessed by the User via links contained therein.
The purpose of this document is to provide information on the methods, timing, and nature of the information that data controllers must provide to the User when connecting to the Nepeta.it web pages, regardless of the purpose of the connection itself, in accordance with Italian and European legislation.
If the User is under 16 years of age, pursuant to art. 8, paragraph 1 of EU Regulation 2016/679, he or she must legitimize his or her consent through the authorization of his or her parents or legal guardians.
Ownership of data processing
The data controller is the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. It also deals with security aspects.
With regard to this website, the Data Controller is: Nepeta SRL; for any clarification or to exercise their rights, the User may contact them at the following email address: info@nepeta.it .
The data controller is the natural or legal person, public authority, agency, or other body that processes personal data on behalf of the Data Controller. Unless otherwise specified in this document, pursuant to Article 28 of EU Regulation No. 2016/679, the data controller for the Nepeta.it website is: Nepeta SRL.
Subjects or categories of subjects who can access the data or become aware of it
Direct access to the User's data is, in principle, permitted to the Data Controller indicated above.
In some cases, however, categories of persons involved in the organization of the site (administrative, commercial, marketing, legal, system administrators) or external parties (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communications agencies) may have access to the User's data.
The hosting service provider is Aruba SpA, with registered office at Via San Clemente, 53 – 24036 Ponte San Pietro (BG). It may potentially have access to the data exclusively for technical reasons of necessity and urgency that require intervention in order not to compromise the functionality and security of the Site.
Other services are or may be offered by other companies: please refer to the following sections where the aforementioned services are discussed in relation to the other parties who may access the User's data.
Place of treatment
The data processing generated by the use of Nepeta.it takes place at the Data Controller’s operational headquarters, i.e. in Contrada Sarculla – SP24 -96017 Testa Dell’acqua, Noto, Siracusa.
Specific services used by this Site may collect the User's personal data outside the Data Controller's operational headquarters. Please refer to the following sections where the aforementioned services are discussed regarding the location of data storage.
Data transfer to non-EU countries
This site may share some of the data collected with services located outside the European Union. This transfer is authorized and strictly regulated by Article 45, paragraph 1 of EU Regulation 2016/679, so no further consent is required. The companies mentioned above guarantee their adherence to the Privacy Shield.
Data will never be transferred to third countries that do not comply with the conditions set out in Article 45 et seq. of the EU Regulation.
Processed data
Like all websites, this site also uses log files to store information collected automatically during the User's visits. The information collected may include the following:
– Internet Protocol (IP) address;
– Browser type and device parameters used to connect to the site;
– Name of the Internet Service Provider (ISP);
– Date and time of visit;
– Web page from which the visitor originates (referral) and exits;
– Possibly the number of clicks.
The aforementioned information is processed automatically and collected exclusively in aggregate form to verify the correct functioning of the site and for security reasons. This information will be processed based on the legitimate interests of the data controller.
For security purposes (spam filters, firewalls, virus detection), automatically recorded data may also include personal data such as the IP address, which could be used, in accordance with applicable laws, to block attempts to damage the site itself or other Users, or otherwise engage in harmful or criminal activities. This data is never used to identify or profile the User, but only to protect the site and its visitors. This information will be processed based on the legitimate interests of the data controller.
Any information that the Site User deems appropriate to make public through the services and tools made available to them is provided by the User knowingly and voluntarily, exempting this Site from any liability for any violations of law. It is the User's responsibility to ensure they have permission to enter third-party personal data or content protected by national and international laws.
The data used for security purposes (blocking attempts to damage the site) are retained for the time strictly necessary to achieve the purpose indicated above.
As indicated above, the optional, explicit, and voluntary sending of emails to the addresses indicated on this site entails the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data included in the message.
Comments
When the User leaves a comment, the Site automatically detects and records some identifying data shown in the form, such as the email address, as well as the IP address and browser user agent string to facilitate spam detection. This data is voluntarily provided by the User when requesting the service. By entering a comment or other information, the User expressly accepts the privacy policy, and in particular consents to the content entered being freely disseminated to third parties. The data received will be used exclusively to provide the requested service and only for the time necessary to provide the service.
An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After your comment is approved, your profile picture, if any, is visible to the public in the context of your comment.
Personal data collected: Name (and possibly Surname), Email and optionally Website.
Account
For users who register on this website, all the personal information they provide in their profile is stored. All users can view, edit, or delete their personal information at any time (except their username, which cannot be changed). Website administrators can also view and edit this information.
Media
If you upload images to the website, you should avoid uploading images that include embedded location data (EXIF GPS). Website visitors can download and extract any location data from images on the website.
Contact forms
By filling out the contact forms on the Site with their Data, the User consents to the owner using them for the sole purpose of responding to requests for information, job applications, or any other type of request indicated in the form header.
Personal data collected: Name and Surname, Email, Telephone.
Mailing list or newsletter
By registering for the mailing list or newsletter, the User's email address is automatically added to a contact list to which email messages containing information, including commercial and promotional information, relating to this site may be sent. The User's email address may also be added to this list as a result of registering on this site or after making a purchase.
The data is processed through the platform and IT tools offered by the "MailChimp" service, operated by the American company The Rocket Science Group, LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, Georgia 30308. Therefore, if you subscribe to the newsletter service, your data may be transmitted to and accessed by this American company providing the service, which adheres to the European Commission's adequacy decision called "Privacy Shield," thereby guaranteeing the respect of the personal data being processed and acting as data controller for this service. The data is retained until the interested party requests to object to the sending of newsletters or opts out of receiving them, and in any case for no longer than five years from the date of registration of the personal data. Any defensive needs are reserved, for which the data may be retained even beyond the indicated terms.
Mailchimp is an email address management and message sending service provided by the American company The Rocket Science Group, LLC.
Personal data collected: Name, Email
Place of processing: USA – Privacy Policy.
SPAM Protection
This type of service analyzes the traffic of this site, potentially containing Users' Personal Data, in order to filter it from parts of traffic, messages and contents recognized as SPAM.
Selling goods and services online
The Personal Data collected is used to provide services to the User or to sell products, including payment and possible delivery. The Personal Data collected to complete the payment may include the credit card, the bank account used for the transfer, or other payment instruments. The payment data collected by this Application depends on the payment system used.
Payment Management
Payment management services allow this site to process payments by credit card, bank transfer, or other means. The payment data is acquired directly by the payment service provider without being processed in any way by this site.
Some of these services may also allow the scheduled sending of messages to the User, such as emails containing invoices or notifications regarding payment.
PayPal is a payment service provided by PayPal Inc., which allows the User to make online payments.
Personal data collected: various types of Data as specified in the service's privacy policy.
Place of processing: See the PayPal privacy policy.
Stripe is a payment service that allows the User to make online payments using credit cards.
Personal data collected: various types of Data as specified in the service's privacy policy.
Place of processing: See the Stripe privacy policy.
Embedded content from other websites
Articles on this site may include embedded content (e.g., videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with them, including tracking your interaction with embedded content if you have an account and are logged in to those websites.
Google Fonts (Google Inc.) is a font display service managed by Google Inc. that allows this website to integrate such content within its pages.
Personal data collected: usage data and various types of data as specified in the service's privacy policy.
Place of processing: USA – Privacy Policy.
Statistics (Analytics)
The services contained in this section allow the data controller to monitor and analyze traffic data and are used to track User behavior.
Google Analytics is a web analytics service provided by Google Inc. (“Google”). Google uses the personal data collected to track and examine the use of this website, compile reports, and share them with other Google services. Google may use personal data to contextualize and personalize the ads of its own advertising network.
In order to function, Google Analytics requires the presence of a so-called tracking code on the pages of the Site. The purpose of this code is to identify, for the purposes outlined below, the pages you visit during your browsing session on the Site.
In addition to the pages visited, the data collected may also include, by way of example and not limited to, the domain names and browser type of the computers used to connect to the Site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, and parameters relating to the operating system and IT environment you use.
This data, however, does not allow us to identify the User due to its nature and the methods of its processing and is therefore considered anonymous. Anonymization works by shortening the IP address of users within the borders of the member states of the European Union or in other countries participating in the Agreement on the European Economic Area. Only in exceptional cases will the IP address be sent to Google servers and shortened within the United States.
Personal data collected: cookies and usage data.
Place of processing: USA – Privacy Policy – Opt Out.
Tag Management
This type of service is functional to the centralized management of the tags or scripts used on this site. The use of these services involves the flow of User Data through them and, if applicable, their retention.
Google Tag Manager (Google LLC) is a tag management service provided by Google LLC.
Personal Data collected: Cookies and Usage Data.
Place of processing: USA – Privacy Policy.
Data retention period
The data are processed and stored for the time strictly required by the purposes for which they were collected and in any case no longer than 5 years.
At the end of the retention period, personal data will be deleted. Therefore, upon expiration of this period, the rights to access, erasure, rectification, and data portability can no longer be exercised.
If you have an account and log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is deleted when you close your browser.
When you log in, we will set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If "Remember Me" is selected, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If the user edits or publishes an article, an additional cookie will be saved in the browser. This cookie includes no personal data and simply indicates the post ID of the article just edited. It expires after 1 day.
If a user leaves a comment, the comment and its metadata are retained indefinitely so that any subsequent comments can be automatically recognized and approved instead of being held in a moderation queue. Furthermore, if you leave a comment on the site, you can choose to save your name, email address, and website in cookies. These are used for your convenience, so that you don't have to re-enter your information if you leave another comment. These cookies will last for one year.
The User may request the interruption of the Processing or the deletion of the Data at any time.
Purpose of processing the collected data
The User's data is collected to allow the Owner to provide its Services, as well as for the following purposes: access to accounts on third-party services, interaction with social networks and external platforms, viewing content from external platforms, and traffic optimization and distribution.
The IP address may, in some cases, be used for the exclusive purpose of blocking attempts to damage the Site itself, as well as activities constituting a crime under applicable laws.
Data processing methods
This site processes User data lawfully and correctly, adopting appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of data. Processing is carried out using computerized and/or electronic means, using organizational methods and logic strictly related to the purposes indicated above.
Specific processing methods are set out in this document in relation to particular services offered by the Site or software used by it for its correct functioning.
User Rights
Article 13, paragraph 2 of EU Regulation 2016/679 lists the User's rights.
In particular, the User of the Nepeta.it website has the right to:
- revoke consent at any time. The User may revoke consent to the processing of their Personal Data previously expressed.
- object to the processing of your Data. The User may object to the processing of their Data when it occurs on a legal basis other than consent. Further details on the right to object are provided in the section below.
- access your Data. The User has the right to obtain information on the Data processed by the Owner, on certain aspects of the processing and to receive a copy of the processed Data.
- verify and request rectification. The User can verify the accuracy of their Data and request its updating or correction.
- obtain restriction of processing. When certain conditions apply, the User may request that the processing of their Data be restricted. In this case, the Data Controller will not process the Data for any purpose other than its storage.
- obtain the deletion or removal of their Personal Data. Under certain conditions, the User may request that the Data Controller delete their Data.
- receive your Data or have it transferred to another controller. The User has the right to receive his or her Data in a structured, commonly used, and machine-readable format and, where technically feasible, to have it transferred to another controller without hindrance. This provision applies when the Data is processed by automated means and the processing is based on the User's consent, on a contract to which the User is a party, or on contractual obligations related to it.
- file a complaint. The User may file a complaint with the competent data protection supervisory authority or take legal action.
When Personal Data is processed in the public interest, in the exercise of public authority vested in the Data Controller, or to pursue a legitimate interest of the Data Controller, Users have the right to object to the processing for reasons related to their particular situation.
Requests can be addressed to the Data Controller without formalities or, alternatively, using the form provided by the Italian Data Protection Authority, or by sending an email to: info@nepeta.it .
For a more in-depth examination of the User's rights, see Articles 15 et seq. of EU Regulation 2016/679 and Article 7 of Legislative Decree 196/2003.
Response to “Do Not Track” requests
This website does not support "Do Not Track" requests. To find out whether any third-party services it uses support them, please consult their respective privacy policies.
Cookie Policy
This site uses cookies and other identifiers. To learn more, the user can consult the Cookie Policy.
Changes to this Policy
This document may be subject to changes or updates. Users are encouraged to consult this page periodically to stay up-to-date on the latest legislative developments.
Il documento è stato aggiornato in data 30/11/2025 per essere conforme alle disposizioni normative in materia, ed in particolare al Regolamento UE 2016/679.
Information not contained in this Policy
Further information regarding the processing of Personal Data may be requested from the Data Controller at any time using the contact details.