Data Protection Speck Alto Adige PGI

Privacy Policy

Version 1.1 | Date: 27.03.2026

The following section provides information on the processing of your personal data collected during your navigation on this website and when using the services we offer. Your personal data is always processed in accordance with the principles of lawfulness, fairness and transparency, in compliance with all applicable regulations and EU Regulation 2016/679 (GDPR).

1. Data Controller

South Tyrolean Speck Consortium
Portici 71, I-39100 Bolzano | South Tyrol / Italy
Tel.: +39 0471 300 381 | Fax: +39 0471 302 091
E-Mail: info@speck.it | VAT No.: IT01468880214

For any questions regarding data protection, please contact us at any time.

2. Data Protection Officer (DPO pursuant to Art. 37 GDPR)

Attorney Gianluigi Muscas
Dentons Europe Studio Legale Tributario
Piazza degli Affari 1, 20123 Milan, Italy
E-Mail: Gianluigi.Muscas@dentons.com
PEC: gianluigi.muscas@milano.pecavvocati.it

3. Categories of Personal Data Processed

The South Tyrolean Speck Consortium processes the following categories of personal data (non-exhaustive list):

Identification data: first name, last name, salutation
Contact data: e-mail address, telephone number, postal address
Technical data: IP address, browser type and version, operating system, referrer URL, date and time of access
Communication data: content of enquiries submitted via the contact form
Consent data: timestamp and type of consent given or withdrawn

Only ordinary personal data is processed. No special categories of data within the meaning of Art. 9 GDPR are processed.

4. Purposes of Processing, Legal Bases and Retention Periods

Personal data is processed for the purposes listed below. For each purpose, the applicable legal basis pursuant to Art. 6 GDPR and the corresponding retention period are specified.

a) Operation and security of the website (Art. 6(1)(f) GDPR – Legitimate Interest): When accessing the website, technical connection data (IP address, browser data, timestamps) is automatically recorded in server log files. This serves to ensure system security, troubleshoot errors and analyse misuse. Data is stored for a maximum of 30 days and then deleted.

b) Processing contact and information requests (Art. 6(1)(b) GDPR – Performance of a contract / pre-contractual measures): Data submitted via the contact form is used exclusively to process your enquiry. Provision of data in mandatory fields is required to process your request; without this information we cannot respond to you. Optional fields may be filled in voluntarily. Data is deleted after processing is complete and any statutory retention periods have expired.

c) Newsletter and marketing communications (Art. 6(1)(a) GDPR – Consent): With your explicit consent, we send you our newsletter containing information about South Tyrolean Speck PGI, recipes, events and news. Registration uses a double opt-in procedure; the time and confirmation of registration are recorded. Data is stored for the duration of the newsletter subscription. Provision of this data is voluntary; without consent we cannot send you a newsletter. You may withdraw your consent at any time with future effect, e.g. via the unsubscribe link in the newsletter or by e-mail to info@speck.it.

d) Profiling and personalised advertising (Art. 6(1)(a) GDPR – Consent): With your separate consent, we analyse your browsing behaviour on the website to provide you with information and advertising tailored to your interests. Provision of this data is voluntary. Profiling data is stored for a maximum of 12 months from the date of consent. After this period, data is deleted or anonymised. You may withdraw your consent at any time (see Section 8).

e) Registration for events and courses, purchase of course tickets (Art. 6(1)(b) GDPR – Performance of a contract): When registering for free events or purchasing paid course tickets (e.g. Speckakademie, seminars), your data is processed to execute and manage the contract. Mandatory fields are indicated as such. For payment processing of paid courses, we use the payment service provider Stripe (see Section 11). Accounting-relevant data is retained in accordance with statutory retention periods (in Italy max. 10 years).

f) Compliance with legal obligations (Art. 6(1)(c) GDPR – Legal obligation): To the extent required by law (e.g. tax and commercial record-keeping obligations), we process your data to fulfil these obligations. Retention periods are governed by applicable legal provisions (in Italy generally 10 years under tax and commercial law).

5. Automated Decision-Making and Profiling (Art. 22 GDPR)

The South Tyrolean Speck Consortium does not make decisions based solely on automated processing – including profiling – that produce legal effects concerning you or that similarly significantly affect you.

If you have given your consent to profiling (see Section 4d), this is carried out exclusively for the purposes of personalised communication and advertising. The results of this analysis have no legally binding consequences for you. You may object to profiling at any time (see Section 8).

6. Recipients of Data and Data Disclosure

Your personal data may be made accessible to the following categories of recipients:

a) Internal personnel (Art. 29 GDPR): Employees and staff of the South Tyrolean Speck Consortium who are authorised to process data, as well as system administrators where necessary for their duties.

b) Processors (Art. 28 GDPR): External service providers acting on our behalf under a data processing agreement, including IT service providers, hosting providers, newsletter dispatch service providers, web analytics providers (e.g. Google Analytics), marketing platforms and the payment service provider Stripe. An up-to-date list of processors is available upon request.

c) Independent Controllers: Credit institutions (for payment processing), tax and legal advisors, courts and chambers of commerce, as well as public authorities – to the extent required to fulfil legal obligations. These recipients act as independent controllers within the meaning of Art. 4(7) GDPR.

Your data is not disclosed to unauthorised parties or shared for purposes other than those stated.

7. Data Transfers to Third Countries (Art. 44 et seq. GDPR)

In the context of using third-party services (in particular Google Analytics, Google AdWords, YouTube, Facebook, Stripe), your data may be transferred to countries outside the European Union or the European Economic Area (EEA) – in particular to the USA.

Such transfers are carried out on the basis of appropriate safeguards pursuant to Art. 46 GDPR, in particular through:

EU Standard Contractual Clauses (SCC) adopted by the Commission
Adequacy decisions by the European Commission (where applicable)
Certification under the EU-US Data Privacy Framework (where applicable)

Detailed information on the services used and the applicable safeguards can be found in the privacy policies of the respective providers.

8. Rights of Data Subjects (Art. 15–21 GDPR)

You have the following rights with respect to the South Tyrolean Speck Consortium:

Right of access (Art. 15 GDPR): you may request confirmation and information about the processing of your data.
Right to rectification (Art. 16 GDPR): you may request the correction of inaccurate data or completion of incomplete data.
Right to erasure (Art. 17 GDPR): you may request the deletion of your data, unless statutory retention obligations apply.
Right to restriction of processing (Art. 18 GDPR): you may request restriction of processing under the conditions provided by law.
Right to data portability (Art. 20 GDPR): you may receive your data in a structured, machine-readable format or request its transfer to another controller.
Right to object (Art. 21 GDPR): you may object to the processing of your data based on Art. 6(1)(f) GDPR (legitimate interest), including profiling based thereon.
Right to withdraw consent (Art. 7(3) GDPR): you may withdraw consent given at any time with future effect, without affecting the lawfulness of processing carried out prior to withdrawal.
Right to lodge a complaint (Art. 77 GDPR): you have the right to lodge a complaint with the competent supervisory authority. In Italy: Garante per la Protezione dei Dati Personali, www.garanteprivacy.it.

To exercise your rights, please write to: South Tyrolean Speck Consortium, Portici 71, I-39100 Bolzano, or by e-mail to info@speck.it.

9. Contact Form

If you contact us via the contact form, the data you provide (name, e-mail, message and optionally telephone number) will be processed to handle your enquiry. Fields marked as mandatory (*) are required for processing; without this information we cannot handle your request. Additional data may be provided on a voluntary basis. Legal basis: Art. 6(1)(b) GDPR. Data is deleted after processing is complete and statutory retention periods have expired.

10. Newsletter

We send our newsletter exclusively with your explicit consent (Art. 6(1)(a) GDPR). Registration uses a double opt-in procedure: after registration you will receive a confirmation e-mail, the confirmation of which documents your consent. Registration is voluntary; without consent you will not receive a newsletter.

You may unsubscribe from the newsletter at any time – e.g. via the unsubscribe link at the bottom of each newsletter e-mail or by e-mail to info@speck.it. After withdrawal, your data will be promptly removed from the mailing list.

11. Payment Processing via Stripe

For the purchase of course tickets and the processing of paid bookings (e.g. Speckakademie), we use the payment service provider Stripe:

Stripe, Inc.
354 Oyster Point Blvd, South San Francisco, CA 94080, USA
Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland
Stripe Privacy Policy: https://stripe.com/privacy

When paying via Stripe, the data required for payment processing (name, e-mail address, payment data such as credit card number, IBAN etc.) is transmitted directly to Stripe. We do not receive or store complete payment data – Stripe processes this data independently as a controller within the meaning of Art. 4(7) GDPR.

Legal basis: Art. 6(1)(b) GDPR (performance of a contract).

Transfer to third countries: Stripe, Inc. is based in the USA. Data transfers are carried out on the basis of EU Standard Contractual Clauses (SCC) and certification under the EU-US Data Privacy Framework. Stripe Europe (Ireland) acts as European contracting party for customers in the EEA.

Retention: Stripe retains transaction-related data in accordance with applicable statutory retention obligations (generally 7–10 years for accounting records). We ourselves retain only the data required for booking confirmation and invoicing, in accordance with statutory retention periods of max. 10 years.

Please note that credit card or bank data is never stored on or processed by our systems at any time. All payment processing is carried out in encrypted form directly via Stripe's PCI-DSS certified infrastructure.

12. Cookies, Web Analytics and Third-Party Services

This website uses cookies and similar tracking technologies. Detailed information on the cookies used, their purposes and storage periods, as well as your configuration options, can be found in our Cookie Policy, accessible via the "Cookies" link in the website footer.

Google Analytics: Web analytics service provided by Google LLC. Analysis of user behaviour to optimise the website. Used with IP anonymisation. Legal basis: Consent (Art. 6(1)(a) GDPR).

Google AdWords / Remarketing: Use of cookies for targeted advertising in the Google advertising network. Legal basis: Consent (Art. 6(1)(a) GDPR).

YouTube: Videos embedded in enhanced privacy mode. Data is only transmitted to YouTube/Google when a video is played. Legal basis: Legitimate interest (Art. 6(1)(f) GDPR).

Facebook Social Plugins: Disabled by default. Activated by user click. Legal basis: Consent (Art. 6(1)(a) GDPR).

13. Data Security

This website uses SSL/TLS encryption for secure data transmission (recognisable by "https://" in the address bar). We implement appropriate technical and organisational measures pursuant to Art. 32 GDPR to protect your data from unauthorised access, loss or destruction.

14. Changes to this Privacy Policy

We reserve the right to update this privacy policy as necessary, in particular in the event of changes to legal requirements or the services we use. The current version is always available on this page. In the event of material changes affecting your consents, we will notify you separately.

Note: This privacy policy is drafted in Italian. In the event of discrepancies, the Italian version shall prevail.

Version 1.1 | Date: 27.03.2026