Privacy policy

Pursuant to Regulation (EU) 2016/679 (General Data Protection Regulation – hereinafter “GDPR”), this page describes the methods for processing the personal data of the user (hereinafter the “data subject”) who consults the “Il Borro” website, accessible electronically at the following address: Il Borro

These current provisions do not apply to other sites, pages, or online services reachable via hypertext links that may be published on the sites but refer to resources external to the Co-owners’ domain.
We inform you that, with regard to the processing of Personal Data, the aforementioned legislation governs the obligations placed on those who “process” information related to other individuals in order to guarantee its confidentiality in compliance with the general principles of fairness, lawfulness, and transparency. Among the obligations provided is that of informing the data subject about the purposes and methods of use of the relevant information, the security measures adopted to protect and safeguard the collected data, as well as the procedures for exercising the rights recognized by current legislation.
“Processing” of Data means its collection, recording, organization, storage, consultation, erasure, and destruction, or the combination of two or more of these operations.

1. JOINT DATA CONTROLLERS

The Joint Data Controllers process Personal Data within the scope of the website usage as well as the data used for the provision of information related to the services provided by:

• Il Borro S.r.l.;
• Il Borro Tuscan Bistro S.r.l.
• Dal Borro S.r.l.;
• Osteria del Borro S.r.l.;
• Pinino S.r.l.

2. PURPOSES AND LEGAL BASIS OF THE PROCESSING

Your Data are processed for the following purposes:

• To allow you to access the services made available by the Joint Data Controllers through their website (e.g., accessing available informational material, learning about products, subscribing to the Newsletter);
• To allow you to subscribe to the “Il Borro Wine Club” and to access the benefits and exclusive promotions dedicated to wine lovers who subscribe to the Club through the dedicated registration form on the Website;
• To access the “Shop” section of the website to proceed with the online purchase of products offered by the Joint Data Controllers;
• To access your Reserved Area to discover the advantages of joining the Club, access promotions and articles reserved for Club Members, and subscribe to a membership (e.g., “Tangled Wines,” “Il Borro Lovers”);
• Navigation on this website;
• In order to comply with obligations established by laws, regulations, contracts, and Community legislation, as well as by provisions issued by authorities legally authorized to do so and by supervisory and control bodies, and which, therefore, according to the Privacy Code and the GDPR, do not require consent for their processing;
• Where consent is given, for Marketing purposes, relating to the sending of promotional material or communications concerning the goods and services offered by the Joint Data Controllers;
• Profiling activities, meaning the analysis of your preferences, inclinations, and behavior, in order to offer you products or services in line with your needs.

Specifically, for the purposes listed above, the data are processed on the basis of the following legal bases for processing:

• Art. 6, para. 1. Lit. b) of the GDPR, given that, with reference to purposes a), b), c), d) and e) of the previous paragraph, the processing is necessary for the performance of contractual or pre-contractual measures;
• Art. 6, para. 1. Lit. c) of the GDPR, given that, in relation to the purpose referred to in letter f), the processing is necessary for compliance with a legal obligation to which the Joint Data Controllers are subject;

It follows that, in relation to the aforementioned purposes, the processing is mandatory. Your failure to provide, or the inaccurate or incomplete provision of the data, will result in the Joint Data Controllers being unable to allow you to access the purchase of products and the expected informational services.

• Art. 6, para. 1. Lit. a) of the GDPR, as, regarding the marketing and profiling purposes referred to in letters g) and h), processing is only possible where you give your consent.

It follows that, for these purposes, the provision of data is optional and the failure to provide it does not affect the ability to access the services offered by the Website.

3. TYPES OF DATA PROCESSED

Navigation Data

The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.

This category of data may include technical data (e.g., the IP addresses or domain names of the computers and terminals used by users, the URI/URL addresses of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server) and other parameters related to the user’s operating system and IT environment.

Data Communicated by the User

The optional, explicit, and voluntary sending of messages to the contact addresses, as well as the compilation and submission of the forms present on the website, entails the acquisition of the sender’s contact data, necessary to reply, as well as all the personal data included in the communications.

Cookies and Other Tracking Tools Regarding which we recommend viewing the Cookie Policy.

4. PROCESSING METHODS

Your Data will be processed:

• both manually and electronically, and will be stored in both a paper archive and through the use of a digital database;
• by subjects authorized to carry out these tasks, who are constantly identified, appropriately instructed, and made aware of the constraints imposed by the GDPR and the Privacy Code;
• with the employment of appropriate security measures (technical and organizational) aimed at ensuring a level of security appropriate to the risk of the processing, pursuant to Art. 32 of the GDPR.

The purchasing platform in the “Shop” section is managed by an external provider, designated as a Data Processor pursuant to Art. 28 of the GDPR. Payment is made through a dedicated tool for receiving online payments to protect the users’ personal and payment data.

5. DATA RETENTION PERIOD

In compliance with the provisions of Art. 5, paragraph 1, letter e) of the GDPR, the personal data collected will be stored in a form that permits the identification of data subjects for a period no longer than is necessary for the purposes for which the personal data are processed. The retention of the personal data provided depends on the purpose of the processing referred to in point 2.
All other terms for data retention are set by current legislation or existing best practices on the matter. For any questions, you may contact the Joint Data Controllers.

6. PARTIES TO WHOM THE DATA MAY BE DISCLOSED

The Data, for exclusive functional, managerial, tax, and legal reasons, within the scope of carrying out the purposes referred to in point 3, may be communicated to entities and companies related to the activity. Such entities will operate as Data Processors pursuant to Art. 28 GDPR, whose names may be disclosed to the data subject upon express request to be forwarded to ilborro@ilborro.it .
The data will not be transferred to Non-EU countries.

7. DATA SUBJECT’S RIGHTS

We inform you that, in relation to the aforementioned processing activities, you may exercise the rights referred to in Articles 15-21 of the GDPR, and specifically, you have the right to obtain from the Joint Data Controllers confirmation as to whether or not personal data concerning you are being processed and, where that is the case, access to the personal data and the following information:

• the purposes of the Processing;
• the categories of personal data concerned;
• the recipients or categories of recipients to whom the personal data have been or will be disclosed;
• the envisaged personal data retention period;
• the existence of the data subject’s right to request from the Joint Data Controllers the rectification or erasure of personal data, or restriction of processing concerning the data subject, or to object to such processing;
• where the personal data are not collected from the data subject, any available information as to their source;
• the existence of automated decision-making, including profiling and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

METHOD FOR EXERCISING RIGHTS

You may exercise the rights referred to in Articles 15-21 of the GDPR at any time (also by using the specific request form made available by the Data Protection Authority on www.garanteprivacy.it) by sending an e-mail to the address:
ilborro@ilborro.it .

9. COMPLAINT

We remind you that, should you consider that the processing of data concerning you has infringed the provisions of the GDPR Regulation, you may always lodge a complaint with the Data Protection Authority, or with the supervisory authority of the country where you habitually reside, work, or the place where the alleged violation occurred.

9. AMENDMENT

This policy is subject to amendments and updates. The published version is the one in force at the specified update date. Please, therefore, periodically check this policy to be informed of any changes.

Last updated: October 2025.