Welcome to BOCCATOSCANA! We appreciate your interest in our company, our website and our shop. The safety of your personal data is important to us. We process your data in accordance with the Swiss Federal Data Protection Act (DSG) and the EU General Data Protection Regulation (GDPR) as well as this data protection declaration.

Our privacy policy explains what personal data we collect from you via our website, what we use it for, when we delete it and how your data is protected. We will also inform you about the respective legal basis that allows us to process your data. Finally, we also inform you about your rights in connection with the processing of your data.

Personal data is information that makes it possible to identify a natural person. This includes in particular your name, your date of birth, your address, your telephone number, your email address, but also your IP address. Anonymous data exists if no personal connection to the user can be established.

The responsible body within the meaning of data protection law is:


Cantina Di Giovanni

Salinenstrasse 34b Rheinfelden 4310, Switzerland

UID CHE-227.876.948


Telephone: +41 774201877




Data collection

Any personal data that we receive from you via the website will only be processed for the purposes described in more detail below. This happens within the framework of the respective legal provisions mentioned or only with your consent.

In particular, Article 6 of the GDPR specifies when data processing is permitted. BOCCATOSCANA collects personal data when

  • you have given your consent (Art. 6 Para. 1 lit. a GDPR),
  • the data is necessary for the fulfillment of a contract / pre-contractual measures (Art. 6 Para. 1 lit. b GDPR),
  • the data is necessary for the fulfillment of a legal obligation (Art. 6 Para. 1 lit. c GDPR) or
  • the data is necessary to protect the legitimate interests of our company, provided that your legitimate interests do not outweigh them (Art. 6 Para. 1 lit. f GDPR). Duration of storage or criteria for determining the duration

BOCCATOSCANA processes and stores your personal data only for the period necessary to achieve the respective processing purpose or as long as there is a statutory retention period (in particular commercial and tax law). Once the purpose has been fulfilled or the retention period has expired, the relevant data is routinely deleted.

Data transfers

In certain cases it is necessary to transmit the processed personal data as part of data processing. In this context, there are different recipient bodies and recipient categories.


If necessary, we will transfer your personal data within BOCCATOSCANA. Of course, we adhere to the relevant legal framework and ensure that your data is processed properly. Only authorized employees who need access to the data due to their work, for example to fulfill your order or to contact you if you have any questions, have access to your personal data.

External facilities

Personal data will be transmitted to the following categories of recipients in compliance with legal regulations:

  • Service provider as part of fulfillment processing.
  • Shipping service providers, suppliers, payment services
  • Companies that offer marketing services
  • Service provider in the field of communication systems
  • State authorities and institutions, to the extent necessary or necessary.

Secure transmission of your data

In order to best protect the data we store against accidental or intentional manipulation, loss, destruction or access by unauthorized persons, we use appropriate technical and organizational security measures. The security levels are continually reviewed in collaboration with security experts and adapted to new security standards.

Links to other providers

Our website also contains – clearly visible – links to the websites of other companies. As far as links to websites of other providers are concerned, we have no influence on their content. We therefore cannot accept any liability or guarantee for this external content. The respective provider or operator of the pages is always responsible for the content of these pages. The linked pages were checked for possible legal violations and recognizable legal violations at the time of linking. Illegal content was not apparent at the time of linking. However, permanent control of the content of the linked pages is unreasonable without concrete evidence of a legal violation. If we become aware of any legal violations, we will immediately remove such links.

Rights of the data subject

Below we would like to inform you about the rights that you as a data subject may have free of charge.

  • information

We would be happy to inform you whether and, if so, what personal data we have and process about you.

  • Correction

If we have stored incorrect personal data, we will of course be happy to correct it.

  • Limitation

Under certain legal conditions, you can have the processing of your personal data restricted. This is the case, for example, if you dispute the accuracy of the data we have.

  • deletion

We are happy to delete your personal data independently of our deletion management at your individual request, provided we are able to do so for legal reasons.

  • Objection

You can object to the processing of your personal data carried out by us, which is based on a balance of interests, by providing specific reasons.

  • revocation

If you have given us your consent to data processing, you can of course revoke this with future effect without giving reasons.

  • Portability of data

We would be happy to provide you or a third party named by you with the personal data relating to you, which we have received as part of a contract or consent and which is based on an automated data processing procedure, in a common and generally machine-readable format.

You can assert your data subject rights at any time using the contact options mentioned or by email to

Right to Complaint Monitoring

Of course, you can contact the supervisory authority responsible for you at any time. Alternatively, you can also contact our supervisory authority:

The Information and Data Protection Officer (ÖDB) is located at Bahnhofplatz 13 5201 Brugg ( ), telephone: +41 (0)62 835 45 60, fax: +41 (0)62 835 45 59, contact form

However, we would be pleased if we could clarify your concern before you contact the ÖDB and therefore ask you to contact us first at

Log files

As already mentioned, we want to offer you an optimal user experience in our online shop and with our advertising that is tailored to your individual needs. For this purpose, we work with various service providers and technology providers and use cookies and tracking methods.

The following data is collected anonymously for the purpose of tailoring and optimizing this website:

  • Information about the device used (e.g. operating system, browser, screen resolution, language setting).
  • Information about the pages accessed while visiting the web shop (e.g. category or product detail pages)
  • Information as part of the ordering process (e.g. order number, delivery and payment method, shipping and/or billing address)
  • Information about access data (e.g. entry via email newsletter, other websites or online advertising measures).

The scope of the data stored and processed is limited exclusively to carrying out statistical evaluations. Your IP address will be made unrecognizable immediately upon receipt, so that it is not possible to assign usage profiles to IP addresses.

The collection of data is necessary from a technical perspective in order to continuously optimize the functions and presentation of our website on various devices, operating systems and browsers and to make our offering more interesting for you as a user and is therefore based on the legitimate interest in accordance with Article 6, Paragraph 1, letter f of the GDPR. The data collected will be stored for a period of 5 years and will not be passed on to third countries.


In order to make visiting our website attractive and to enable the use of certain functions, we use so-called cookies. These are small text files that are stored on your device and store certain information for exchange with our system. The legal basis for the processing of this data is Article 6 Paragraph 1 Sentence 1 Letter f GDPR. For more details about the cookies we use, please read our Cookie Policy.

Tracking and analysis

Jet pack

Based on our legitimate interests (ie interest in the analysis, optimization and economic operation of our online offering within the meaning of Art. 6 Para. 1 lit. f) GDPR), the plugin, which integrates a tool for the statistical evaluation of visitor access and is used by Automattic , Inc. 132 Hawthorne Street San Francisco, CA 94107, USA. Jetpack uses so-called “cookies”, text files that are stored on your device and enable analysis of your use of the website. The information generated by the cookie about your use of this website is stored on a server in the USA. Usage profiles can be created from the processed data; these are only used for analysis and not for advertising purposes. For more information, please see Automattic's privacy policy.


To provide our web shop, we use the WooCommerce service provided by Automattic , Inc. 132 Hawthorne Street San Francisco, CA 94107, USA (hereinafter “WooCommerce”). WooCommerce provides us with its online e-commerce platform through which we can offer you our goods for purchase. Both your inventory data and your usage data are stored on WooCommerce's servers. For more information, please see WooCommerce's privacy policy at

We use your device data to create a device ID with which we can recognize your access device (e.g. PC, tablet or laptop) when you visit our shop again. We also set a cookie for this purpose (see also “Cookies” below). The cookie contains the device ID but does not contain any personal usage or transaction information about you. This allows your access device to be recognized without identifying you by name and linking it to your device ID.

Google Analytics

We use Google Analytics, a service provided by Google Inc. This means that the data collected can generally be transferred to a Google server in the USA, whereby the IP addresses are anonymized using IP anonymization so that assignment is not possible . The IP address transmitted by your browser as part of Google Analytics is not combined with other Google data. You can object to the collection and processing of this data by Google Analytics by setting an opt-out cookie that prevents future collection of your data when you visit this website: =en . The legal basis for this processing is Article 6 Paragraph 1 Letter f) GDPR, our legitimate interest.


We use “The Newsletter Plugin” from Web Agile Sas di Fietta Roberto , located in Mussolente (VI), via Trieste 8, P., to send our newsletter. This allows us to contact subscribers directly. We also analyze your usage behavior in order to optimize our offering.

For this purpose, we process the following personal data to send the newsletter: email address / name.

Our emails contain a link that allows you to update your personal information.

The newsletter plugin is the recipient of your personal data and acts as a processor for us when it comes to sending our newsletters. The processing of the data specified in this section is not required by law or contract. Without your consent and the transmission of your personal data, we cannot send a newsletter to you.

In addition, the newsletter plugin collects the following personal data using cookies and other tracking methods: Information about your device (IP address, device information, operating system, browser ID, information about the application you use to read your email). Use emails as well as other information about hardware and internet connection. In addition, usage data is collected, such as the date and time when you opened the email/campaign and browser activity (e.g. which emails/websites were opened). The newsletter Plugin requires this data to ensure the security and reliability of the systems, to comply with the terms of use and to prevent misuse. This corresponds to the legitimate interest of The Newsletter Plugin (according to Art. 6 Para. 1 lit. f GDPR) and serves to fulfill the contract (according to Art. 6 Para. 1 lit. b GDPR). In addition, the newsletter plugin evaluates performance data, such as email delivery statistics and other communication data. This information is used to compile usage and performance statistics of the Services.

The newsletter plugin also collects information about you from other sources. Personal data is collected via social media and other third parties for an indefinite period of time and to an extent. We can not influence this process. Further information on objection and removal options for the newsletter plugin can be found at: .

The legal basis for this processing is your consent in accordance with Art. 6 (1) lit. a GDPR. You can revoke your consent to the processing of your personal data at any time. A corresponding link can be found in all mailings. In addition, the revocation can be made via the contact options provided. The declaration of revocation does not affect the lawfulness of the processing that has taken place to date. Your data will be processed for as long as you have given your consent. Otherwise, they will be deleted after termination of the contract between us and the newsletter plugin, unless legal regulations require further storage.

Social media

We maintain a presence on “social media”. Where we have control over the processing of your data, we will ensure that it complies with applicable data protection regulations. However, you use these platforms and their functions at your own risk. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating). With your consent, data can be transferred to a third country outside the EU where there may be a lower level of data protection than in the EU (Article 49 Paragraph 1 Sentence 1 Letter a GDPR). We maintain our social media profiles in order to communicate with visitors to these profiles and thereby inform them about our offers.

In addition, we collect data for statistical purposes in order to further develop and optimize the content and to make our offering more attractive. The data required for this (e.g. total number of page views, page activities and information from visitors, interactions) is processed and made available by the social networks. We have no influence on the generation and presentation of this data.

In addition, your personal data will be used by social media providers, but also by us, for market research, communication and advertising purposes. For example, it is possible for usage profiles to be created based on your usage behavior and the resulting interests. This enables, among other things, the placement of advertising within and outside the platforms that presumably corresponds to your interests. Cookies are usually stored on your computer for this purpose. Regardless of this, data that is not collected directly from your devices can also be stored in your usage profiles. Storage and evaluation also takes place across devices; This applies in particular, but not exclusively, if you are registered as a member and logged in to the respective platforms.

We do not collect or process any other personal data.

The processing of your personal data by us is based on our legitimate interests in effective information and communication in accordance with Article 6 Paragraph 1 Sentence 1 Letter f GDPR.

If you are asked to consent to data processing, i.e. you declare your consent by confirming a button or similar (opt-in), the legal basis for the processing is Art. 6 (1) sentence 1 lit. a., Art. 7 GDPR.

If you are a member of a social network and do not want the network to collect data about you via our website and link it to your membership data stored with the respective network, you must

  1. You must log out of the respective network before visiting our web shop
  2. delete the cookies on your device and
  3. Close and restart your browser.

However, after logging in again, the network will recognize you as a specific user again.

A detailed description of the respective processing and the opt-out options can be found in the information linked below:


Data protection regulations:

Opt-out: and


Privacy policy:

Opt-Out: and

Since we do not have complete access to your personal data, you should contact the social media providers directly if you want to exercise your rights, as they each have access to the personal data of their users and can take appropriate measures and provide information .

Shopping in the online shop

In our online shop we offer you two options for purchasing:

  1. Setting up a customer account
  2. Place an order as a guest

Both registration options require the data required for order and payment processing and fraud prevention, which are marked as mandatory fields:

  • Name, street, zip code, city, date of birth and email address.
  • If the delivery addresses differ, the name, street, postal code and city will be requested separately.
  • In addition, the user's IP address, the date and time of registration are stored (technical background data).

a) Setting up a customer account

If you decide to register in our webshop, you have the advantage of being able to view your order history and manage your master data, and the data you provide will be saved for future ordering processes.

After completing the registration process, your data will be stored by us for use in the protected customer area. The online shop of course offers you the opportunity to make changes to your master data and to use the “My Account” function.

Of course, you can revoke your consent to the use of your account and your customer account in the shop will then be deactivated.

Please note: Your password will be stored in encrypted form. Employees of our company cannot read this password. Therefore, they cannot provide you with any information if you have forgotten your password. In this case, please use the “Forgot password” function, which will send you an automatically generated new password by email. No employee is authorized to ask you for your password by telephone or in writing. Therefore, please never provide your password when you receive such requests.

b) Carrying out a guest order

If you decide to place a guest order in our webshop, no customer account will be created in our shop. If you place another order, you will need to re-enter your details for order processing.

In addition, the data processing processes described under the heading “Tracking measures and cookies” apply. Of course, the contact options and data subject rights described are available to you.

Payment systems

In our online shop you can choose between different payment methods. For this purpose, the respective payment-relevant data is collected in order to be able to carry out your order and payment processing. In addition, your IP address is processed due to technical necessity and for legal protection.

Certain personal data, see mandatory information, is required for the fulfillment of the contract. Without this data, we unfortunately have to refuse to conclude the contract as we will then be unable to carry it out. The data will be transmitted accordingly to our payment service providers for payment processing. The payment systems we use use SSL encryption to protect the transmission of your data.

The payment details are collected during the ordering process. When ordering on our site, you have the option to choose between different payment methods. Shop Pay stores personal data on our behalf for each payment method. The legal basis for data processing is Art. 6 Para. 1 b) GDPR, as the processing of the data is necessary for the fulfillment of the contract. The transmission of data for payment processing, as well as for fraud prevention and detection, is based on our legitimate interest in accordance with Article 6 Paragraph 1 Sentence 1 Letter f) GDPR and Article 6 Paragraph 1 Clause 1 Letter b) GDPR for the fulfillment of the contractual relationship.

If you choose Google Pay for payment processing, we will transmit the payment data that a data subject provides to us during the ordering process in order to complete the order. The subsequent payment processing takes place exclusively via Google Pay, without us having any further influence on this and the legal basis for payment processing is Art. 6 (1) b) GDPR.

Data transmission to shipping service providers

In order to fulfill the contract in accordance with Article 6 Paragraph 1 Sentence 1 Letter b GDPR, we pass on your data to the shipping company commissioned with the delivery, to the extent that this is necessary for the delivery of ordered goods. Depending on which payment service provider you select in the ordering process, we pass on the payment data collected for this purpose to the credit institution responsible for the payment and, if necessary, to payment service providers commissioned by us or to the selected payment service. In some cases, the selected payment service providers also collect this data themselves when you create an account with them. In this case, you must register with the payment service provider using your access data during the ordering process. The data protection regulations of the respective payment service provider apply.

If you have given us your express consent to do so during or after your order, we will pass on your email address to the selected shipping service provider in accordance with Article 6 Paragraph 1 Sentence 1 Letter a GDPR so that the shipping service provider can contact you before delivery for delivery notification or coordination purposes.

Storage and Retention

We will only store your personal data for as long as is necessary to achieve the purposes for which the data was collected or - if there are statutory retention periods that go beyond this - for the duration of the legally required retention period. We will then delete your personal data. Only in a few exceptional cases will your data be stored beyond this period, for example if storage is necessary in connection with the assertion and defense of legal claims against us.

BOCCATOSCANA is entitled to process your personal data to the extent necessary to fulfill legal obligations. For this purpose, BOCCATOSCANA may transmit this data in particular to authorities, law enforcement authorities and courts. In this case, sharing your data is necessary to comply with a legal obligation to which we are subject. BOCCATOSCANA is also entitled to process personal data if and to the extent this is necessary to detect or prevent misuse of this website or to enforce claims of BOCCATOSCANA, its employees or users, whereby the data processing in these cases is to safeguard these aforementioned legitimate interests is required.

International transfers

Our main office is in Switzerland and your personal data is generally processed, stored and used in Switzerland. In some cases, your personal data may also be processed outside of Switzerland. If this is the case, we take measures to ensure an appropriate level of security so that your personal data is protected in the same way as if it were used in Switzerland. If we need to transfer your data abroad, we use recognized standard contractual clauses in contracts for the transfer of personal data to third countries.

Direct marketing as part of a customer relationship

We use the data you provide to fulfill and process our contract and to answer your inquiries or based on your consent. If you have also given us separate consent to process your data for advertising purposes, BOCCATOSCANA is entitled to contact you for these purposes via the communication channels you ticked in this consent.


This Policy and our commitment to protecting your personal information may result in changes to this Policy. Please check this policy periodically to stay informed of any changes.

(as of January 2023)

Inquiries and complaints

Any comments or questions regarding this policy should be directed to us. If you believe that we have not adhered to this policy or have acted other than in accordance with data protection law, you should let us know.

Any use of this data protection declaration, or even parts of it, without the consent of the author constitutes a copyright infringement.