Privacy

    General information on the processing of personal data for consortium members, users, property owners, and parties involved in administrative, expropriation, concession, contractual or agreement proceedings, representatives of organisations, companies, businesses, professionals, users of the website www.consorziobaraggia.it, and other parties who interact with the Consortium pursuant to Articles 13 and 14 of EU Regulation 2016/679

    Rev.1 of 24 May 2026

    The Consorzio di Bonifica della Baraggia Biellese e Vercellese has always been highly attentive to aspects of personal data protection and to upholding the principles of confidentiality and human dignity.
    Pursuant to EU Regulation 2016/679, in accordance with the principle of accountability, any processing of personal data must be lawful, fair and transparent.
    With this in mind, please read the following privacy notice.
    The Consorzio di Bonifica della Baraggia Biellese e Vercellese, with registered office at Via Fratelli Bandiera 16, Vercelli, in its capacity as Data Controller, represented by its pro-tempore Legal Representative, pursuant to and for the purposes of EU Regulation 2016/679, informs the data subject that the personal data collected, requested subsequently and/or communicated by third parties are necessary and will be used for the purposes indicated below.

    1. Introduction and scope of application

    This policy, provided in accordance with Articles 13 and 14 of the GDPR, describes the manner in which the Consortium processes personal data obtained directly from the data subject or from third parties, in the course of performance of its institutional, administrative, technical, accounting, tax, licensing, expropriation, contractual and agreement-related functions.
    This notice is of a general nature and applies, subject to specific notices provided for particular processing operations, to the relationships between the Consortium and its members, users, owners or holders of rights over property, parties affected by expropriation or administrative proceedings, applicants, suppliers, consultants, professionals, businesses, contractors, subcontractors, public bodies, companies, associations, supervisory bodies, users of the website www.consorziobaraggia.it, as well as to natural persons acting on behalf of such parties.

    1. Data Controller, DPO and privacy notices

    The Data Controller is the Consorzio di Bonifica della Baraggia Biellese e Vercellese, with registered office at Via Fratelli Bandiera 16, 13100 Vercelli, Tax Code and VAT No. 02199110020, telephone 0161 283811, fax 0161 257425, email segreteria@consorziobaraggia.it, certified email consorziobaraggia@legalmail.it, in the person of the Representative pro-tempore.
    The Consortium has appointed a Data Protection Officer - “DPO - Data Protection Officer”. For all privacy-related communications, the Data Controller provides the email address segreteria@consorziobaraggia.it and the certified email address consorziobaraggia@legalmail.it. The DPO’s contact details are: dpo@consorziobaraggia.it.

    1. Data subjects

    This privacy notice applies, by way of example and without limitation, to:

    a)  consortium members and users of land reclamation, irrigation and other consortium services;
    b)  owners, co-owners, usufructuaries, tenants, lessees, possessors or holders of other rights over properties within the consortium’s area or otherwise affected by the Consortium’s activities;
    c)  parties affected by expropriation proceedings, the imposition of easements, temporary occupations, concessions, authorisations, licences, clearances, opinions or other administrative procedures;
    d)  applicants for access to documents, whether under the simple or general public access schemes;
    e)  representatives, contact persons, employees, collaborators, technicians, consultants, professionals, appointees, members of bodies, companies, contractors, subcontractors, suppliers, public or private bodies, firms and other entities that interact with the Consortium;
    f)  parties involved in agreements, contracts, tenders, works, projects, interventions, maintenance, design, technical activities, inspections, testing, checks, site visits, access to areas or ;
    g)  users of the website www.consorziobaraggia.it.
    h)  other individuals whose data is processed by the Consortium to comply with legal obligations, regulations, authority measures or for the performance of its institutional activities.
    1. Categories of personal data processed

    The following categories of personal data are or may be processed, to the extent necessary for the purposes set out in this policy, the following categories of personal data:

    a)  identification and personal details: first name, surname, tax code, VAT number, place and date of birth, nationality, residence, domicile, registered office, details of identification documents, handwritten or digital signature;
    b)  contact details: address, telephone numbers, email address, certified email address (PEC), digital domicile, ;
    c)  data relating to consortium, land registry, property or asset status: land registry data, ownership, possession, tenancy, real or personal rights of enjoyment, land areas, land quality and classes, data relating to properties, land, canals, facilities, concessions, easements, occupations, expropriations, restrictions, relating to land reclamation or irrigation;
    d)  economic, financial, tax and accounting data: data relating to land reclamation and irrigation contributions, taxes, fees, concessions, payments, refunds, compensation, invoices, debit notes, bank details, arrears, debt recovery, reporting, traceability of financial flows;
    e)  data relating to roles, functions and positions: organisation, company or enterprise to which the individual belongs, title, role, office, signing or representation powers, technical, administrative, professional or operational role;
    f)  data contained in administrative, technical, contractual or agreement-related documentation: applications, declarations, communications, minutes, reports, technical documents, authorisations, concessions, licences, clearances, opinions, contracts, agreements, orders, specifications, tender documents, site documents, timetables, certifications, test reports, photographic or cartographic documentation;
    g)  data relating to administrative, expropriation, concession, authorisation, tax or litigation: data contained in deeds, orders, appeals, pleadings, applications, objections, communications, notifications, access to documents, audits, inspections, investigations or judicial and extrajudicial proceedings;
    h)  data relating to access, site visits, construction sites, safety, maintenance and operational management: data necessary for the identification of authorised persons, for the coordination of activities and for the management of access to areas, facilities, premises, construction sites or locations affected by the consortium’s operations;
    i)  data relating to criminal convictions and offences or legal proceedings, only in cases where this is necessary, for example in the context of litigation, tax appeals, audits, or legal obligations;
    j)  any special categories of personal data within the meaning of Article 9 of the GDPR, only where strictly necessary and within the limits permitted by applicable legislation, or if incidentally contained in documents sent to the Consortium.

    The Consortium processes only data that is relevant and necessary for the purposes pursued.

    1. Purposes of processing

    Personal data is collected and processed for the following purposes:

    a)  managing relations with consortium members and users of consortium services;
    b)  management of land reclamation, irrigation, flood defence, maintenance, operation and monitoring of works, facilities, the irrigation network and consortium infrastructure;
    c)  maintaining and updating the consortium registers, managing contribution balances and determining, collection, reporting and auditing of land reclamation and irrigation contributions, fees, levies or other amounts due;
    d)  management of administrative, concessionary, authorisation and licensing procedures, clearances, opinions, requests, notifications, applications and relations with users;
    e)  management of expropriation proceedings, temporary occupations, easements, the imposition of restrictions, compensation, and communications to owners, interested parties or entitled persons;
    f)  management of agreements, protocols, contracts, tenders, assignments, mandates, and relations with public or private bodies, companies, businesses, professionals, consultants, suppliers, contractors and subcontractors;
    g)  management of technical, design, operational and maintenance activities, works supervision, safety, testing, verification, handover of works, coordination, site inspections, access, site management and relations with parties involved in the works;
    h)  compliance with administrative, accounting, civil law, fiscal, tax, social security, insurance, archiving, traceability, transparency, anti-corruption, legal disclosure and reporting obligations;
    i)  management of the right of access to documents pursuant to Law 241/1990, of simple civic access and generalised civic access pursuant to Legislative Decree 33/2013;
    j)  management of institutional, organisational, operational or service-related communications concerning the activities of the Consortium;
    k)  management of verifications, checks, inspections, audits and requests from administrative authorities, , supervisory bodies, public bodies or other authorised parties;
    l)  prevention, management and resolution of complaints, disputes, appeals, debt recovery, liability, disputes or litigation, including in administrative, out-of-court or judicial proceedings;
    m)  protection of the Consortium’s rights, interests and assets;
    n)  management of obligations relating to the protection of personal data, including responding to requests from data subjects, handling any personal data breaches, updating documentation and cooperation with other data controllers or with the Supervisory Authority;
    o)  archiving, document retention and management of the registry, including for the purposes of evidence, transparency, administrative continuity and the proper management of the consortium’s activities;
    p)  statistical, organisational or service improvement processing, where carried out on aggregated data or in accordance with the principles of data minimisation and confidentiality.
    q)  respond to enquiries received via the contact form on the website www.consorziobaraggia.it.
    1. Legal basis for the processing of personal data

    The processing of personal data is based, depending on the case, on the following legal grounds:

    a)  the necessity of processing to comply with legal obligations to which the Data Controller is subject (Art. 6(1)(c) GDPR);
    b)  the necessity of processing for the performance of a task carried out in the public interest or in connection with the exercise of public powers vested in the Data Controller (Art. 6(1)(e) GDPR);
    c)  the necessity of processing for the performance of a contract, agreement, arrangement or pre-contractual measures (Article 6(1)(b) of the GDPR), where the processing is necessary for the management of contractual or arrangements;
    d)  the legitimate interests of the Consortium or of third parties (Article 6(1)(f) of the GDPR), where applicable and to the extent that the processing is not carried out in the performance of public tasks, for example for organisational, security, protection of rights or the management of private law relationships;
    e)  consent of the data subject (Art. 6(1)(a) GDPR), only in cases where consent is required by law or used for specific processing operations not based on any other legal basis.
    f)  by completing the contact form on the website www.consorziobaraggia.it, the Consortium will process personal data to provide the requested information; in the aforementioned case, the legal basis is the consent freely given by the data subject.

    The processing of any special categories of personal data pursuant to Article 9 of the GDPR takes place only in cases permitted by law, including, where applicable, reasons of substantial public interest, obligations relating to employment law, social security, social protection, the establishment, exercise or defence of right in court proceedings.
    The processing of data relating to criminal convictions and offences pursuant to Article 10 of the GDPR takes place only in the cases provided for by law and, where applicable, in compliance with Article 2-octies of Legislative Decree 196/2003 and subsequent amendments.

    1. Provision of personal data

    The provision of personal data is, as a rule, necessary to enable the Consortium to fulfil its legal obligations, exercise its institutional functions, manage relations with consortium members, users, owners, bodies, businesses, professionals and other parties, as well as to initiate proceedings, respond to requests, enter into or execute contracts, agreements or other legal relationships.
    Failure to provide the necessary data may, depending on the circumstances, result in the inability to manage the relationship with the data subject, provide or arrange consortium services, process applications or proceedings, fulfil tax, accounting, administrative or legal obligations, manage expropriation proceedings, conclude or executing contracts, agreements, assignments, tenders, supplies or professional relationships, granting access, site inspections, interventions, checks, maintenance, construction sites or operational activities, as well as responding to requests, complaints, requests for access to documents or other applications.
    Where processing is based on consent, the provision of such consent is optional and may be withdrawn at any time, without affecting the lawfulness of the processing carried out prior to the withdrawal.

    1. Source of personal data

    Personal data may be collected:

    a)  directly from the data subject;
    b)  through bodies, companies, businesses, associations, professionals or organisations to which to which the data subject belongs;
    c)  through public administrations, authorities, public offices, land registries, registers, public databases, concessionaires or authorised parties;
    d)  through other consortium members, users, owners, tenants, technicians, professionals, contractors, suppliers or parties involved in the consortium’s activities;
    e)  through deeds, documents, communications, applications, declarations, minutes, technical reports, site plans, registers, protocols, accounting systems, IT systems or archives lawfully used by the Consortium;
    f)  through public or private entities in the cases provided for by law, regulations, measures or by contractual and agreement-based relationships.
    f)  via the contact form on the website www.consorziobaraggia.it.
    1. Methods of processing and confidentiality obligations

    Processing is carried out using paper-based, computerised and electronic methods, through operations involving collection, recording, organisation, storage, consultation, processing, modification, extraction, comparison, use, communication, interconnection, restriction, erasure and destruction of data.
    The data is processed by authorised and trained staff, as well as by parties bound by confidentiality, using procedures related to the stated purposes and in accordance with the instructions provided by the Data Controller.
    The Consortium adopts appropriate technical and organisational measures to protect personal data from unauthorised access , loss, destruction, unauthorised disclosure, unauthorised modification, unlawful processing or processing in accordance with the stated purposes.

    1. Disclosure to third parties, data processors and recipients of the processing

    Personal data may be disclosed, to the extent strictly necessary for the pursuit of the indicated, to the following categories of persons:

    a)  employees, collaborators and persons authorised by the Consortium;
    b)  public bodies, administrations, administrative authorities, judicial authorities, supervisory bodies, , police forces and other authorised public bodies;
    c)  entities responsible for the collection, management, processing, printing, notification, mailing or delivery of contributions, taxes, fees, communications or documents;
    d)  banks, treasurers, financial intermediaries and entities involved in the management of payments, reimbursements, the traceability of financial flows or accounting obligations;
    e)  tax, legal, technical and administrative advisers, accountants, employment advisers, experts from consortium organisation, professionals and other consultants to the Consortium;
    f)  providers of IT, cloud, hosting, hardware and software maintenance, technical support, protocol, digital preservation, archiving, document management and IT security;
    g) companies, contractors, subcontractors, suppliers, designers, site managers, safety coordinators, testers, maintenance staff, technicians and other parties involved in works, projects, interventions, construction sites, services or supplies;
    h)  bodies, companies, administrations, consortia, associations, organisations or entities cooperating with the Consortium within the framework of agreements, arrangements, protocols, contracts, institutional activities or public interest;
    i)  parties entitled to and having an interest in exercising the right of access to documents pursuant to Law 241/1990, or for simple or generalised civic access pursuant to Legislative Decree 33/2013, within the limits provided by the legislation;
    j)  parties to whom disclosure is required by law, regulation, European or national legislation, an order by a public authority, a contract, an agreement or for the protection of the Consortium’s rights.

    External parties processing personal data on behalf of the Consortium are appointed, where necessary, Data Processors pursuant to Article 28 of the GDPR. Personal data is not otherwise disclosed, except in the cases provided for by law or by obligations of transparency, legal disclosure, the municipal notice board, , public contracts, access to documents or other applicable provisions.

    1. Transfer outside the EU

    As a rule, personal data is stored within the European Union and is not transferred to third countries or international organisations.
    Should it become necessary, for technical or organisational reasons or for the use of specific IT services, necessary to transfer personal data outside the European Economic Area, the transfer will take place exclusively in accordance with Articles 44 et seq. of the GDPR and the safeguards provided for by applicable legislation.

    1. Retention periods

    The Consortium retains the data subject’s personal data for as long as necessary or permitted in light of the purposes for which the personal data were obtained and processed.
    The criteria used to determine retention periods take into account, in particular, the duration of the relationship between the parties, as well as legal, administrative, tax, accounting, civil, fiscal, archival and document retention, the requirements for managing administrative, expropriation, licensing, authorisation, contractual or agreement-related procedures, obligations regarding transparency, legal disclosure, reporting, control and traceability, limitation periods and the forfeiture of rights, the need to safeguard the Consortium’s rights and interests in administrative, extrajudicial or judicial proceedings, as well as the rules on administrative retention and the disposal of archive records applicable to the Consortium.
    Once the retention period has expired, the data shall be deleted, anonymised or retained further only in cases permitted by applicable legislation. Data may be retained for longer periods subject to the adoption of appropriate technical and organisational measures, including, where appropriate, mechanisms for the anonymisation .

    1. Relations with other data controllers

    In the course of its activities, the Consortium may process personal data in the context of relationships with other bodies, administrations, companies, businesses, professionals, contractors, concessionaires, consortia, authorities or other public and private entities.
    Where such entities determine the purposes and means of processing independently, they act as independent data controllers and are required to provide data subjects with their own privacy notice.
    The Consortium, within the limits of its respective competences, cooperates with the other data controllers to facilitate the exercise of data subjects’ rights, handle any requests or complaints, ensure the correct flow of and to ensure compliance with data protection legislation.

    1. Data location and security measures

    Data processed in paper format is stored at the Consortium’s offices or in other authorised locations, in special cabinets or archives equipped with appropriate measures to restrict access to authorised personnel only.
    Data stored in digital format is kept in systems, applications, computer archives or digital environments equipped with appropriate security measures. Where the data being processed so requires, additional measures, such as encryption, access segregation or other technical and organisational safeguards consistent with the risk.
    In the event of a personal data breach, the Consortium shall carry out the assessments required by law and, where necessary, notifies the Data Protection Authority and/or informs the data subjects, in the cases and within the time limits set out in Articles 33 and 34 of the GDPR. Should a breach relate to personal data also processed by other entities, the Consortium shall cooperate with such entities within the limits of their respective competences.

    1. Rights of the data subject

    In accordance with current legislation, the data subject, subject to legal obligations and where applicable, may assert their rights vis-à-vis the Data Controller, as set out in EU Regulation 2016/679, namely:

    •  Right of access (Art. 15 GDPR);
    •  Right to rectification (Art. 16 GDPR);
    •  Right to erasure (Art. 17 GDPR);
    •  Right to restriction of processing (Art. 18 GDPR);
    •  Right to data portability, where applicable (Art. 20 GDPR);
    •  Right to object to processing (Art. 21 GDPR);
    •  Right to withdraw consent, where processing is based on consent;
    •  Right to lodge a complaint with the supervisory authority, namely the Italian Data Protection Authority

    The exercise of these rights may be restricted in the cases provided for by law, for example where processing is necessary to comply with legal obligations, for the performance of tasks in the public interest, for the exercise of official authority, for archiving purposes in the public interest, or for the establishment, exercise or defence of a right in court.

    1. How to exercise your rights

    The data subject may exercise their rights at any time by sending a request to the Consortium using the following methods:

    •  registered letter with return receipt addressed to Consorzio di Bonifica della Baraggia Biellese e Vercellese, Via Fratelli Bandiera n. 16, 13100 Vercelli;
    •  email to segreteria@consorziobaraggia.it;
    •  Send a certified email to consorziobaraggia@legalmail.it.

    The request should specify the subject matter, the right you wish to exercise and any information for identifying the data subject and the processing to which the request relates. The Consortium will respond within the timeframes set out in the GDPR.

    1. Expression of consent, withdrawal of consent and mandatory processing

    The provision of personal data for the purposes listed above is generally mandatory, as failure to provide such data would make it impossible to respond to a request, fulfil a legal obligation to which the Data Controller is subject to, perform the Consortium’s institutional functions or manage the relationship with the data subject.
    Where the processing is based on Article 6(1)(a) or Article 9(2)(a) of EU Regulation 2016/679, the data subject may withdraw their consent at any time without affecting the lawfulness of processing based on consent given prior to withdrawal.

    1. Lodging a complaint

    Without prejudice to any other administrative or judicial remedy, the data subject who considers that the processing concerns them infringes Regulation (EU) 2016/679 has the right to lodge a complaint with the competent supervisory authority , as provided for in Article 77 of the GDPR, or to bring the matter before the appropriate courts, as provided Article 79 of the GDPR.

    1. No automated processing

    The Consorzio di Bonifica della Baraggia Biellese e Vercellese does not use any automated decision-making , including profiling as referred to in Article 22(1) and (4) of the GDPR.

    1. Updates to the privacy notice

    This privacy notice may be updated in the event of regulatory, organisational, technical or operational changes, or in the event of changes to the activities carried out by the Consortium. The updated version will be made available on the Consortium’s official website and/or through other channels deemed appropriate.

    Consorzio di Bonifica della Baraggia Biellese e Vercellese
    The Reclamation Consortium is a public utility company that operates in the Baraggia Biella and Vercelli area, in Piedmont, to facilitate its growth and competitiveness...

    Read more

    THE CONSORTIUM

    President
    Dott. Leonardo Gili

    Our location
    Via Fratelli Bandiera 16, 13100 Vercelli

    Contacts
    Switchboard: +39 0161 283811
    Fax: +39 0161 257425
     segreteria@consorziobaraggia.it
    PEC:  consorziobaraggia@legalmail.it

    facebook instagram twitter

    Related websites

    Riso di Baraggia Biellese e Vercellese DOP
     www.risobaraggia.it
    S.I.I. S.p.A.- Servizio Idrico Integrato del Biellese e Vercellese S.p.A.
     www.siispa.it
    Ente Servizi ed Aree espositive di Caresanablot
     www.esaec.it

    OFFICE HOURS

    Monday through Friday: 8.30 - 13.00 / 14.00 - 17.00