Welcome to BOCCATOSCANA! Thank you for your interest in our company, website and shop. The protection of your personal data is important to us. We process your data in accordance with the Swiss Federal Act on Data Protection (FADP) and the EU General Data Protection Regulation (GDPR) and this privacy policy.

Our privacy policy explains which personal data we collect from you via our website, what we use it for, when we delete it and how your data is protected. In addition, we will inform you of the respective legal basis that allows us to process your data. Finally, we will also tell you about your rights in connection with the processing of your data.

Personal data is information that makes it possible to identify a natural person. This includes in particular, your name, date of birth, address, telephone number, e-mail address, but also your IP address. Anonymous data exists if no personal reference to the user can be made.

The responsible party in terms of data protection law is:


Cantina Di Giovanni

Rheinfelden, Switzerland

UID CHE-227.876.948


Telephone: +41 774201877




Data collection

All personal data that we obtain from you via the website will only be processed for the purposes described in more detail below. This is done within the framework of the respective legal regulations mentioned or only with your consent.

In particular, Art. 6 GDPR specifies when data processing is permitted. BOCCATOSCANA collects personal data if

  • you have given your consent (Art. 6 para. 1 lit. a GDPR),
  • the data is necessary for the fulfilment of a contract / pre-contractual measures (Art. 6 para. 1 lit. b GDPR),
  • the data is necessary for the fulfilment of a legal obligation (Art. 6 para. 1 lit. c GDPR) or
  • the data is necessary to protect the legitimate interests of our company, provided that your interests worthy of protection are not overridden (Art. 6 para. 1 lit. f GDPR). Storage duration or criteria for determining the duration

BOCCATOSCANA processes and stores your personal data only for the period of time required to achieve the respective processing purpose or for as long as a legal retention period (in particular commercial and tax law) exists. Once the purpose has been achieved or the retention period has expired, the corresponding data is routinely deleted.

Data transfers

In certain cases, it is necessary to transmit the processed personal data in the course of data processing. In this respect, there are different recipient bodies and categories of recipient.


If necessary, we transfer your personal data within BOCCATOSCANA. Of course, we comply with the associated legal framework and ensure that your data is processed properly. Access to your personal data is only granted to authorised employees who need access to the data due to their job, e.g., to fulfil your order or to contact you in case of queries.

External bodies

Personal data is transferred to the following categories of recipients, in compliance with legal requirements:

  • Service providers in the context of fulfilment processing.
  • Shipping service providers, suppliers, payment services
  • Companies that provide marketing services
  • Service providers within the scope of communication systems
  • State authorities and institutions as far as this is required or necessary.

Secure transmission of your data

In order to protect the data stored with us in the best possible way against accidental or intentional manipulation, loss, destruction or access by unauthorised persons, we use appropriate technical and organisational security measures. The security levels are continuously reviewed in cooperation with security experts and adapted to new security standards.

Links to other providers

Our website also contains – clearly recognisable – links to the websites of other companies. As far as there are links to websites of other providers, we have no influence on their contents. Therefore, no guarantee or liability can be assumed for these contents. The respective provider or operator of the pages is always responsible for the content of these pages. The linked pages were checked for possible legal violations and recognisable infringements at the time of linking. Illegal contents were not recognisable at the time of linking. However, permanent monitoring of the content of the linked pages is not reasonable without concrete indications of a legal violation. Such links will be removed immediately if infringements of the law become known.

Data subject rights

We are happy to inform you below about the rights to which you as the person concerned may be entitled to free of charge.

  • Information

We will be happy to inform you whether and if so which of your personal data we have and are processing.

  • Correction

If we have stored incorrect personal data, we will of course be happy to correct it.

  • Restriction

You can have the processing of your personal data restricted under certain legal conditions. This is the case, for example, if you dispute the accuracy of the data we have.

  • Deletion

We will be happy to delete your personal data independently of our deletion management on individual request, provided that this is possible for us for legal reasons.

  • Objection

You can object to the data processing operations carried out by us on your personal data, which are based on a consideration of interests, by stating specific reasons.

  • Revocation

If you have given us consent for data processing, you can of course revoke this without giving reasons with effect for the future.

  • Data portability

We will be happy to provide you, or a third party named by you with the personal data relating to you which we have received in the course of concluding a contract or consent and which is based on an automated data processing procedure in a common and generally machine-readable format.

You can assert your data subject rights at any time via the contact options mentioned or by emailing us at

Right of complaint Supervision

You are of course free to contact the supervisory authority that applies to you at any time. Alternatively, you can also contact our supervisory authority, which is:

The Public Information and Data Protection Officer (ÖDB) located at Bahnhofplatz 13 5201 Brugg (, Telephone: +41 (0)62 835 45 60, Fax: +41 (0)62 835 45 59, Contact Form

We would, however, appreciate the chance to deal with your concerns before you approach the ÖDB so please contact us in the first instance.

Log files

As mentioned above, we want to provide you with an optimal user experience in our online shop and with our advertisements, which is tailored to your individual needs. To this end, we work together with various service providers and technology providers and use cookies and tracking methods.

The following data is collected anonymously for the purpose of demand-oriented design and optimisation of this website:

  • Information on the device used (e.g., operating system, browser, screen resolution, language set.
  • Information on pages viewed during the website visit (e.g., category or product detail pages)
  • Information within the ordering process (e.g., order number, delivery and payment method, shipping and/or billing address)
  • Information on access data (e.g., entry via email newsletters, other websites, or online advertising measures).

The scope of the stored and processed data is limited purely to the performance of statistical evaluations. Your IP address is made unrecognisable immediately after receipt, which means that it is not possible to assign usage profiles to IP addresses.

The collection of the data is necessary from a technical point of view in order to continuously optimise the functions as well as the presentation of our website on different devices, operating systems and browsers and to be able to make our offer more interesting for you as a user and is therefore based on the legitimate interest according to Article 6, paragraph 1, lit. f of the GDPR. The data collected will be stored for a period of 5 years and will not be transferred to third countries.


In order to make visiting our website more attractive and to enable the use of certain functions, we use so-called cookies. These are small text files that are stored on your terminal device and store certain information for exchange with our system. The legal basis for the processing of this data is Art. 6 (1) sentence 1 lit. f GDPR. For further details on the cookies, we use please read our Cookie Policy.

Tracking and Analytics


On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f) GDPR) the plugin, which integrates a tool for the statistical evaluation of visitor access and is provided by Automattic, Inc. 132 Hawthorne Street San Francisco, CA 94107, USA. Jetpack uses so-called “cookies”, text files which are stored on your device and which enable an analysis of your use of the website. The information generated by the cookie about your use of this Website is stored on a server in the USA. User profiles can be created from the processed data, whereby these are only used for analysis and not for advertising purposes. For more information, please refer to Automattic’s privacy policy.


To provide our web shop, we use the WooCommerce service developed and operated Automattic, Inc. 132 Hawthorne Street San Francisco, CA 94107, USA (hereinafter “WooCommerce”). WooCommerce provides us with their online e-commerce platform through which we can offer our goods for sale to you. Both your inventory data and your usage data are stored on WooCommerce’s servers. For more information, please see WooCommerce’s privacy policy at

We create a device ID based on your device data, which can be used to recognise your access device (e.g., PC, tablet or laptop) when you visit our shop again. We also set a cookie for this purpose (see also below under “Cookies”). The cookie contains the device ID, but no personal usage or transaction data about you. This means that your access device can be recognised without identifying you by name and linking it to your device ID.

Google Analytics

We use Google Analytics, a service provided by Google Inc. This means that the data collected can in principle be transmitted to a Google server in the USA, whereby the IP addresses are anonymized by means of IP anonymization so that an allocation is not possible. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You can object to the collection and processing of this data by Google Analytics by setting an opt-out cookie that prevents the future collection of your data when you visit this website: The legal basis for this processing is Art. 6 para. 1 letter f) GDPR, our legitimate interest.


We use “The Newsletter Plugin” by Web Agile Sas di Fietta Roberto, con sede in Mussolente (VI), via Trieste 8, P. to send our newsletter. This allows us to contact subscribers directly. In addition, we analyse your usage behaviour in order to optimise our offer.

For this purpose, we process the following personal data for sending the newsletter: e-mail address / name.

Our e-mails contain a link with which you can update your personal data.

The Newsletter Plugin is the recipient of your personal data and acts as a processor for us as far as the sending of our newsletter is concerned. The processing of the data provided under this section is not required by law or contract. Without your consent and the transmission of your personal data, we cannot send out a newsletter to you.

In addition, The Newsletter Plugin collects the following personal data using cookies and other tracking methods: Information about your terminal device (IP address, device information, operating system, browser ID, information about the application you use to read your emails and other information about hardware and internet connection. In addition, usage data is collected such as date and time, when you opened the email / campaign and browser activity (e.g. which emails / web sites were opened). The Newsletter Plugin needs this data to ensure the security and reliability of the systems, compliance with the terms of use and the prevention of misuse. This corresponds to the legitimate interest of The Newsletter Plugin (pursuant to Art. 6 para. 1 lit. f GDPR) and serves the performance of the contract (pursuant to Art. 6 para. 1 lit. b GDPR). Furthermore, The Newsletter Plugin evaluates performance data, such as the delivery statistics of e-mails and other communication data. This information is used to compile usage and performance statistics of the services.

The Newsletter Plugin also collects information about you from other sources. In an unspecified period and scope, personal data is collected via social media and other third-party data providers. We have no control over this process. You can find more information about objection and removal options vis-à-vis The Newsletter Plugin at:

The legal basis for these processing operations is your consent pursuant to Art. 6 (1) lit. a GDPR. You can revoke your consent to the processing of your personal data at any time. A corresponding link can be found in all mailings. In addition, the revocation can be made via the specified contact options. The declaration of revocation does not affect the lawfulness of the processing carried out to date. Your data will be processed as long as you have given your consent. Apart from that, they will be deleted after the termination of the contract between us and The Newsletter Plugin, unless legal requirements make further storage necessary.

Social media

We maintain presences in the “social media”. Insofar as we have control over the processing of your data, we ensure that they comply with applicable data protection regulations. However, you use these platforms and their functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g., commenting, sharing, rating). With your consent, data may be transferred to a third country outside the EU, which may have a lower level of data protection than the EU (Art. 49 para. 1 p. 1 lit. a GDPR). We maintain our social media profiles in order to communicate with visitors to these profiles es and to inform them about our offers in this way.

In addition, we collect data for statistical purposes in order to be able to further develop and optimise the content and to make our offer more attractive. The data required for this purpose (e.g., total number of page views, page activities and data provided by visitors, interactions) are processed and made available by the social networks. We have no influence on the generation and presentation of this data.

In addition, your personal data is used by the providers of the social media, but also by us for market research, communication and advertising purposes. It is possible, for example, that usage profiles are created based on your usage behaviour and the resulting interests. This allows, among other things, advertisements to be placed within and outside the platforms that presumably correspond to your interests. Cookies are usually stored on your computer for this purpose. Independently of this, data that is not directly collected from your end devices may also be stored in your usage profiles. The storage and analysis also takes place across devices; this applies in particular, but not exclusively, if you are registered as a member and logged in to the respective platforms.

We do not collect or process any other personal data.

The processing of your personal data by us is based on our legitimate interests in effective information and communication pursuant to Art. 6 (1) sentence 1 lit. f GDPR.

If you are asked for consent to data processing, i.e., if you declare your consent by confirming a button or similar (opt-in), the legal basis of the processing is Art. 6 (1) sentence 1 lit. a., Art. 7 GDPR.

If you are a member of a social network and do not want the network to collect data about you via our website and link it to your stored membership data with the respective network, you must

  1. log out of the respective network before visiting our fan page
  2. delete the cookies on your device and
  3. close and restart your browser

After logging in again, however, you will once more be recognisable to the network as a specific user.

For a detailed description of the respective processing and the opt-out options, please refer to the information linked below:


Privacy policy:

Opt-out: and


Privacy policy:

Opt-Out: and

Since we do not have complete access to your personal data, you should contact the providers of the social media directly if you wish to assert your rights, as they each have access to the personal data of their users and can take appropriate measures and provide information.

Shopping in the online shop

In our online shop we offer you two options for purchase processing:

  1. Creation of a customer account
  2. Placing an order as a guest

For both registration options, the data required for order and payment processing and fraud prevention are requested, marked as mandatory fields:

  • Name, street, postcode, city, date of birth and e-mail address.
  • if the delivery address is different, the name, street, postcode and town are requested separately.
  • In addition, the user’s IP address, the date and time of registration are stored (technical background data).

a) Creation of a customer account

If you decide to register in our web shop, you have the advantage that you can view your order history and manage your master data, and your specified data will be stored for future order transactions.

Once you have completed the registration process, your data is stored with us for use in the protected customer area. The online shop naturally offers you the possibility to make changes to your master data and to use the “My Account” function.

You can of course revoke your consent to the use of your account, your customer account in the shop will then be deactivated. 

Please note: Your password will be stored in encrypted form. Employees of our company cannot read this password. Therefore, they cannot give you any information if you have forgotten your password. In this case, please use the “Forgotten password” function, which will send you an automatically generated new password by e-mail. No member of staff is authorised to ask you for your password by telephone or in writing. Therefore, please never give your password if you receive such requests.

b) Carrying out a guest order

If you decide to place a guest order in our web shop, no customer account will be created in our shop. If you place another order, you will have to enter your data again for order processing.

Furthermore, the data processing procedures described under the heading “Tracking measures and cookies” apply. Of course, you have the described contact options and data subject rights at your disposal.

Payment systems

In our online shop you can choose between different payment methods. For this purpose, the respective payment-relevant data is collected in order to be able to carry out your order and payment processing. In addition, your IP address is processed due to technical necessity and for legal protection.

Certain personal data, see mandatory data, are required for the fulfilment of the contract. Without this data, we will unfortunately have to refuse to conclude the contract, as we will then not be able to carry it out.  The data will be transmitted accordingly to our payment service providers for payment processing. The payment systems we use SSL encryption to protect the transmission of your data.

Payment data is collected during the ordering process. For orders on our site, you have the possibility to choose between different payment methods. For each of the payment methods, Shop Pay stores personal data on behalf of us. The legal basis for the data processing is Art. 6 para. 1 b) GDPR, as the processing of the data is necessary for the performance of the contract. The transfer of data for payment processing as well as for fraud prevention and detection is based on our legitimate interest according to Art. 6 para. 1 p. 1 lit. f) GDPR as well as on Art. 6 para. 1 p. 1 lit. b) GDPR for the fulfilment of the contractual relationship.

If you select Google Pay for payment processing, we will transmit the payment details a data subject provided to us during the ordering process to complete the order. The subsequent payment process takes place exclusively via Google Pay, without us having any further possibility to influence it and the legal basis is Art. 6 (1) b) GDPR for payment processing.

Data transfer to shipping service providers

In order to fulfil the contract in accordance with Art. 6 para. 1 p. 1 lit. b GDPR, we pass on your data to the shipping company commissioned with the delivery, insofar as this is necessary for the delivery of ordered goods. Depending on which payment service provider you select in the ordering process, we pass on the payment data collected for this purpose to the credit institution commissioned with the payment and, if applicable, to payment service providers commissioned by us or to the selected payment service. In some cases, the selected payment service providers also collect this data themselves if you create an account with them. In this case, you must register with the payment service provider with your access data during the ordering process. In this respect, the privacy policy of the respective payment service provider applies.

If you have given us your express consent to do so during or after your order, we will pass on your e-mail address to the selected shipping service provider in accordance with Art. 6 Para. 1 Sentence 1 lit. a GDPR so that the shipping service provider can contact you before delivery for the purpose of delivery notification or coordination.

Storage and retention

Your personal data will be stored by us only for as long as is necessary to achieve the purposes for which the data was collected or – if statutory retention periods exist that go beyond this point and for the duration of the legally prescribed retention period. We then delete your personal data. Only in a few exceptional cases is your data be stored beyond this period, e.g., if storage is necessary in connection with the enforcement of and defence against legal claims against us.

BOCCATOSCANA is entitled to process your personal data insofar as this is necessary to fulfil legal obligations. For this purpose, BOCCATOSCANA may transfer this data in particular to authorities, law enforcement agencies and courts. In this case, the transfer of your data is required for compliance with a legal obligation to which we are subject. BOCCATOSCANA is further entitled to process personal data if and to the extent necessary to detect or prevent misuse of this website or to enforce claims of BOCCATOSCANA, its employees or users, whereby the data processing in these cases is necessary to protect these aforementioned legitimate interests.

International transfers

Our main operations are based in Switzerland and your personal information is generally processed, stored and used within in Switzerland. In some instances, your personal information may be processed outside Switzerland. If and when this is the case, we take steps to ensure there is an appropriate level of security, so your personal information is protected in the same way as if it was being used within Switzerland. Where we need to transfer your data outside Switzerland, we will use approved standard contractual clauses in contracts for the transfer of personal data to third countries.

Direct marketing in the context of a customer relationship

We use the data you provide to fulfil and process our contract and to respond to your enquiries or on the basis of your consent. Insofar as you have also given us separate consent to process your data for advertising purposes, BOCCATOSCANA is entitled to contact you for these purposes via the communication channels you have ticked in this consent.


This Policy and our commitment to protecting the privacy of your personal data can result in changes to this Policy. Please regularly review this Policy to keep up to date with any changes.

(From January 2023)

Queries and Complaints

Any comments or queries on this policy should be directed to us. If you believe that we have not complied with this policy or acted otherwise than in accordance with data protection law, then you should notify us.