Cookie Policy
1. What Are Cookies?
Cookies are small text files that are placed on your device (computer, smartphone, or tablet) when you visit a website. They are widely used to make websites work more efficiently and provide information to website owners.
How Cookies Work:
- Cookies are created when your browser loads our website
- The website sends information to the browser, which creates a text file
- Every time you return to the website, the browser retrieves and sends this file to the website's server
Types of Cookies:
- Session Cookies: Temporary cookies that expire when you close your browser
- Persistent Cookies: Remain on your device for a set period or until you delete them
- First-Party Cookies: Set by the website you're visiting (verdepaciano.com)
- Third-Party Cookies: Set by a domain other than the one you're visiting
2. Why We Use Cookies
We use cookies and similar technologies for the following purposes:
2.1 Essential Functionality
- Authenticate users and prevent fraudulent use
- Remember your login state
- Ensure the security of our Service
- Remember your language preference
2.2 Performance and Analytics
- Understand how visitors use our website
- Identify which pages are most/least popular
- See how visitors navigate through the site
- Improve our Service based on usage patterns
2.3 Functionality and Personalization
- Remember your theme preference (light/dark mode)
- Remember your language and region settings
- Store your cookie consent choices
3. Cookie Categories
We categorize cookies based on their purpose and obtain your consent where required by law.
3.1 Necessary Cookies (Always Active)
These cookies are essential for the website to function and cannot be disabled in our systems.
Purpose:
- User authentication and security
- CSRF protection
- Session management
- Language preference
Legal Basis: Legitimate interest (required for the Service to function)
No Consent Required: These cookies are strictly necessary and exempt from consent requirements under GDPR and ePrivacy Directive.
Necessary Cookies We Use
| Cookie Name | Purpose | Duration | Provider |
|---|---|---|---|
better-auth.session_token | Authenticates logged-in users and anonymous guest sessions (used for chat conversation persistence) | Session (24 hours) | verdepaciano.com |
better-auth.csrf_token | Protects against cross-site request forgery | Session | verdepaciano.com |
NEXT_LOCALE | Stores user's language preference | 1 year | verdepaciano.com |
3.2 Analytics Cookies (Requires Consent)
These cookies help us understand how visitors interact with our website.
Purpose:
- Count visitors and traffic sources
- Measure website performance
- Understand which pages are visited
- Track user journey through the site
Legal Basis: Consent (GDPR Article 6(1)(a))
Analytics Cookies We Use
| Cookie Name | Purpose | Duration | Provider |
|---|---|---|---|
_pk_id.* | Matomo visitor ID | 13 months | Matomo (self-hosted) |
_pk_ses.* | Matomo session ID | 30 minutes | Matomo (self-hosted) |
mtm_consent | Stores Matomo consent status | 12 months | Matomo (self-hosted) |
mtm_cookie_consent | Stores Matomo cookie consent | 12 months | Matomo (self-hosted) |
_ga | Google Analytics visitor ID | 2 years | |
_gid | Google Analytics session ID | 24 hours | |
_ga_<container-id> | Google Analytics session persistence | 2 years | |
_gat | Google Analytics request throttling | 1 minute |
Note: We use both self-hosted Matomo analytics (data stays on our EU servers) and Google Analytics 4 (third-party service with data processed by Google).
3.3 Preference Cookies (Requires Consent)
These cookies remember your preferences and choices to provide a personalized experience.
Purpose:
- Remember theme/display settings
- Store your cookie consent choices
- Save your preferences
Legal Basis: Consent (GDPR Article 6(1)(a))
Preference Cookies We Use
| Cookie Name | Purpose | Duration | Provider |
|---|---|---|---|
cookie-consent | Stores your cookie consent choices | 13 months (395 days) | verdepaciano.com |
user-theme-settings | Remembers your theme preference (light/dark mode) | Persistent | verdepaciano.com |
3.4 Browser Local Storage
In addition to cookies, we use browser localStorage for certain features. localStorage data is stored only in your browser and is never transmitted to our servers.
| Storage Key | Purpose | Persistence | Provider |
|---|---|---|---|
vp-chat-terms-accepted | Records your acceptance of the AI Chat Terms of Use | Until cleared | verdepaciano.com |
Note: localStorage is not a cookie and is not subject to the same consent requirements. It is used here to remember your acknowledgment of the AI Chat Terms of Use so you are not asked to accept them on every visit.
4. Third-Party Cookies
Some cookies are set by third-party services that appear on our pages.
4.1 Authentication Providers
When you sign in using Google OAuth:
- Google sets cookies to authenticate you
- These cookies are subject to Google's privacy policy
- See: https://policies.google.com/privacy
4.2 Analytics Services
Matomo (self-hosted):
- We host Matomo on our own servers in the EU
- Data is not shared with third parties
- Respects Do Not Track settings
- GDPR-compliant by design
Google Tag Manager (GTM) & Google Analytics 4:
- We use Google Tag Manager (GTM) to centrally manage analytics and tracking tags
- GTM Container ID: GTM-NQKDRCB8
- GTM loads and manages the following services based on your consent:
- Google Analytics 4 (GA4) for website analytics
- Other marketing and analytics services (only if you consent)
- Third-party analytics service provided by Google LLC
- Data processed on Google's servers (may include US transfers)
- Uses Standard Contractual Clauses (SCCs) for EU data protection
- Respects Google Consent Mode v2 (consent state passed to all tags)
- Data collected includes:
- Page views with English tracking titles (for clean analytics)
- User locale (language preference) and language switching behavior
- QR code scans with product metadata (bottle size, lot, year)
- Device information and anonymized IP addresses
- Custom events and interactions
- GTM dataLayer: Temporary browser storage for event data (not a cookie)
- Opt-out available via browser extension: https://tools.google.com/dlpage/gaoptout
- Privacy policy: https://policies.google.com/privacy
- Data retention: 14 months (configurable)
- Learn more about GTM: https://support.google.com/tagmanager/answer/6102821
5. How to Manage Cookies
You have several options to control and manage cookies:
5.1 Through Our Cookie Consent Banner
When you first visit our website, we display a cookie consent banner with options to:
- Accept All: Allow all cookies
- Reject All: Reject optional cookies (only necessary cookies will be set)
- Manage Preferences: Choose which categories to allow
5.2 Through Your Account Settings
If you have an account, you can manage your cookie preferences at any time:
- Log in to your account
- Go to Settings > Cookie Consent
- Toggle individual cookie categories
- Save your preferences
5.3 Through Your Browser Settings
Most browsers allow you to:
- View and delete existing cookies
- Block third-party cookies
- Block all cookies from specific websites
- Block all cookies from all websites
- Delete all cookies when you close your browser
Browser Instructions:
- Chrome: Settings > Privacy and security > Cookies and other site data
- Firefox: Settings > Privacy & Security > Cookies and Site Data
- Safari: Preferences > Privacy > Manage Website Data
- Edge: Settings > Cookies and site permissions > Cookies and site data
Note: Blocking necessary cookies may prevent the website from functioning properly (you won't be able to log in).
5.4 Opt-Out Tools
- Do Not Track: Enable in your browser settings
- Your Online Choices (EU): https://www.youronlinechoices.com/
- NAI Opt-Out (US): https://optout.networkadvertising.org/
6. Cookie Consent Record
When you make a choice about cookies, we store a record of your consent:
What We Store:
- Your consent choices (which categories you accepted/rejected)
- Date and time of consent
- Consent method (explicit acceptance via "Accept All" or "Reject All")
- Session ID (for anonymous users)
- User ID (for logged-in users)
- IP address
- User agent (browser information)
- Jurisdiction (GDPR, CCPA, or other)
How Long We Store It:
- Consent records are kept for 13 months (per GDPR requirements)
- After 13 months (395 days), you will be asked to renew your consent
Why We Store It:
- Legal requirement to demonstrate compliance with GDPR
- Respect your choices across sessions
- Provide audit trail for regulatory authorities
- Comply with Italian data protection regulations
7. Updates to Your Consent
You can change your cookie preferences at any time:
- Via Cookie Banner: Clear your browser cookies to see the banner again
- Via Settings: Account Settings > Cookie Consent tab (if you have an account)
- Via Browser: Clear cookies manually from your browser settings
When you update your preferences:
- Changes take effect immediately
- Previously set cookies may need manual deletion from your browser
- Analytics cookies are automatically disabled if you withdraw consent
- Matomo tracking stops immediately when consent is withdrawn
8. Cookies and Personal Data
Some cookies may collect or process personal data under GDPR:
Personal Data in Cookies:
- Session IDs linked to your account (if logged in)
- Authentication tokens
- Browsing history (via analytics cookies, if consented)
- IP addresses
- Browser fingerprint data
Your Rights:
- Access: Request a copy of cookie data we hold about you
- Rectification: Correct inaccurate cookie data
- Erasure: Request deletion of cookie data
- Objection: Object to cookie-based processing
- Withdraw Consent: Withdraw consent for non-essential cookies at any time
See our Privacy Policy for more information about your data protection rights.
9. International Transfers
Cookies may result in data being transferred internationally:
For EEA/Italian Users:
- Necessary cookies remain on servers within the EU
- Analytics data (Matomo) is stored on EU servers (self-hosted)
- Authentication via Google OAuth may transfer data to US with appropriate safeguards (Standard Contractual Clauses)
10. Children's Privacy
Our Service is not directed to children under 13 (or 16 in the EEA/Italy).
- We do not knowingly set cookies for children
- We do not knowingly collect data from children
- If you believe we have data about a child, please contact us at info@verdepaciano.com
11. Changes to This Cookie Policy
We may update this Cookie Policy periodically to reflect:
- Changes in the cookies we use
- New features or services
- Legal or regulatory requirements
- Changes in technology
When We Update This Policy:
- We will update the "Last Updated" date
- For material changes, we will notify you via prominent notice on the website
- You may be asked to renew your consent if the changes are significant
- Continued use after changes constitutes acceptance
12. More Information
Learn More About Cookies
- All About Cookies: https://www.allaboutcookies.org/
- EU Cookie Law: https://ec.europa.eu/ipg/basics/legal/cookies/
- Garante Privacy (Italian): https://www.gpdp.it/
Contact Us
If you have questions about our use of cookies:
AlanUmbro Società Semplice Agricola (VerdePaciano) Email: info@verdepaciano.com Address: Via Gramsci 5, 06060 Paciano (PG), Italia VAT: IT03717980548
Related Policies
Appendix A: Cookie Lifespan Reference
| Duration | Meaning | Example |
|---|---|---|
| Session | Deleted when browser closes | Authentication cookies |
| 30 minutes | Short-term session tracking | Matomo analytics sessions |
| 1 year | Medium-term preferences | Language and theme settings |
| 13 months | Maximum for non-essential (GDPR) | Cookie consent records, analytics |
Appendix B: Cookie Consent Flow
1. User visits verdepaciano.com
↓
2. Check for existing consent cookie
↓
No consent found → Display banner after 500ms
Consent found → Apply saved preferences
↓
3. User makes choice
- Accept All: Set all cookie categories
- Reject All: Set only necessary cookies
- Manage Preferences: Set chosen categories
↓
4. Store consent record in database (with IP, timestamp, jurisdiction)
↓
5. Set consent cookie (13-month expiry / 395 days)
↓
6. Enable/disable analytics tracking based on choice
↓
7. Matomo respects consent immediately
↓
8. After 13 months: Request renewed consent via banner
Last Updated: March 11, 2026
Compliant With:
- EU ePrivacy Directive (2002/58/EC as amended)
- GDPR (EU 2016/679)
- Italian Data Protection Code (D.Lgs. 196/2003 as amended)
- CCPA (California Civil Code §1798.100)