Information on the processing of personal data according to EU Regulation no. 2016/679 (GDPR). The information is not to be considered valid for other websites that may be consulted through links on the websites in the domain of the owner, who is not to be considered in any way responsible for the websites of third parties.
The address of my website is: https://wineclubtuscany.com
Cantina del Brunello registered office in Via della Sapienza 66 – 53100 Siena Tax Code and VAT number: 00389040528 (hereinafter, “Owner”), as data controller, informs you pursuant to of the art. 13 Legislative Decree 30.06.2003 n. 196, Legislative Decree 101/2018 (hereinafter, “Privacy Code”) and art. 13 EU Regulation no. 2016/679 (hereinafter, “GDPR”) that your data will be processed in the manner and for the following purposes:
1. Object of the treatment
The Data Controller processes personal, identifying and non-sensitive data (by way of example but not limited to, name, surname, company name, address, telephone, e-mail – hereinafter, “personal data” or even “data”) communicated by you on the occasion of the interaction / compilation of data on the website of the Data Controller:
•https://wineclubtuscany.com (hereinafter, “Site”) and specifically, the compilation of contact forms on the website of the Data Controller, the online request for clarification or support requests and the sending of newsletters .
Registration / registration in the dedicated “Wine Club” area: https://wineclubtuscany/membership-options exclusively for the purchase, to receive information and updates, including news, on products offered by the owner.
2. Purpose of the treatment
Your personal data are processed:
1. A) without your express consent (Article 24 letter a), b), c) Privacy Code and art. 6 lett. b), e) GDPR), for the following Service Purposes:
• manage and maintain the Site or allow you access to dedicated areas;
• allow you to use any Services requested by you;
• allow you to receive quotes for services requested by you;
• respond to online contact chats;
• process a contact request;
• registration in the dedicated “WineClub” area to purchase and receive information and updates on the products offered by the owner;
• for administrative-accounting activities in general;
• fulfill the obligations established by law, by a regulation, by community legislation or by an order of the Authority or upon requests from the Italian or foreign government or the Italian chamber of commerce;
• exercise the rights of the owner, for example the right to exercise a right in court.
1. B) Only subject to your specific and distinct consent (articles 23 and 130 of the Privacy Code and article 7 of the GDPR), for the following Other Purposes:
• send you by e-mail opinion and satisfaction surveys, newsletters and / or invitations to events or subscribe to events of which you are a part or that the Owner organizes.
3. Processing methods and data retention period
The processing of your personal data is carried out by means of the operations indicated in art. 4 of the Privacy Code and art. 4 n. 2) GDPR and more precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Your personal data are subjected to both paper and electronic and / or automated processing. The Data Controller will process personal data for the time necessary to fulfill the aforementioned purposes and in any case for no more than 10 years from the termination of the relationship for the Service Purposes and for no more than 2 years from the collection of data for the Other Purposes. In compliance with the provisions of art. 5 paragraph 1 letter. e) of EU Reg. 2016/679, the personal data collected will in any case be stored in a form that allows identification of the data subjects for a period of time not exceeding the achievement of the purposes for which the personal data are processed.
The Owner has adopted a large variety of security measures to protect your data against the risk of loss, abuse or alteration. In particular: it has adopted the measures referred to in Articles 32-34 of the Privacy Code and art. 32 GDPR; uses data encryption technology when necessary for safer communications.
Access to data
Your data may be made accessible for the purposes referred to in art. 1.A) and 1.B):
• to employees and collaborators of the Data Controller, in their capacity as persons in charge and / or internal managers of the processing and / or system administrators;
• to third companies or other subjects (website providers, cloud providers, e-payment service providers, suppliers, hardware and software support technicians, forwarding agents and carriers, credit institutions, professional firms, etc.) who carry out outsourcing activities on behalf of the Data Controller, in their capacity as data processors (the list of data processors is held at the headquarters).
6. Data communication
Without your express consent (ex art. 24 lett. a), b), d) Privacy Code and art. 6 lett. b) and c) GDPR), the Owner may communicate your data for the purposes referred to in art. 1.A) to Supervisory Bodies, Judicial Authorities as well as to all other subjects to whom the communication is required by law for the performance of work purposes, such as when registering a web domain or renting a server on behalf of the customer. We assure you, however, that your personal data will never be made public on the owner’s website.
7. Data transfer
The management and storage of personal data will take place in Europe, on servers located in Italy and Europe, of the Owner and/or third party companies also abroad, appointed and duly appointed as Data Processors for the use of the services requested. The personal data provided, may be transferred abroad within or outside the European Union, within the limits and under the conditions set out in Articles 44 et seq. of EU Regulation 2016/679, in order to comply with purposes related to the transfer itself.
8. Nature of data transfer and consequences of refusal to respond
The provision of data for the purposes referred to in art. 1.A) is mandatory. In their absence, we will not be able to guarantee the Services of art. 1.A), including the registration to the Wine Club which is carried out by the user, just to get information and updates on the products of the owner and therefore does not require express consent as it is in the user’s interest to register to receive such communications.
The provision of data for the purposes referred to in art. 1.B) is instead optional. You may therefore decide not to provide any data or subsequently deny the possibility of processing data already provided: in this case, you will not be able to receive invitations to events, newsletters and opinion polls via e-mail. In any case, you will continue to be entitled to the Services referred to in art. 1.A).
9. Rights of the interested party
As interested parties, you have the rights as per art. 7 Privacy Code and art. 15 GDPR and precisely the rights of:
– i. to obtain confirmation of the existence or not of personal data concerning you, even if not yet registered, and their communication in an intelligible form;
– ii. to be informed: a) of the source of the personal data; b) of the purposes and methods of the processing; c) of the logic applied to the processing, if the latter is carried out with the help of electronic means; d) of the identification data concerning data controller, data processors and the representative designated as per art. 5, paragraph 2, Privacy Code and art. 3, paragraph 1, GDPR; e) of the entities or categories of entity to whom or which the personal data may be communicated and who or which may get to know said data in their capacity as designated representative(s) in the State’s territory, data processor(s) or person(s) in charge of the processing;
– iii. obtain: a) the updating, rectification or, where interested therein, integration of the data; b) the cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed; c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected;
– iv. oppose, in whole or in part: a) for legitimate reasons, the processing of personal data concerning you, even if pertinent to the purpose of collection; b) the processing of personal data concerning you for the purpose of sending advertising materials or direct selling or for carrying out market research or commercial communication, through the use of automated calling systems without the intervention of an operator by e-mail and/or through traditional marketing methods by telephone and/or paper mail. It should be noted that the right of opposition of the interested party, set forth in point b) above, for the purposes of direct marketing by automated means extends to traditional marketing methods and that in any case the interested party may exercise the right of opposition even only in part. Therefore, the interested party may decide to receive only communications through traditional methods or only automated communications or neither of the two. Where applicable, you also have the rights set forth in Articles 16-21 GDPR (Right of rectification, right to be forgotten, right to limitation of processing, right to data portability, right of opposition), as well as the right to complain to the Guarantor Authority.
10. How to exercise the rights
You can exercise your rights at any time by sending:
– a registered letter with return receipt to the headquarters of the activity, with address declared incipit;
– an e-mail to the address firstname.lastname@example.org
This Site and the Owner’s Services are not intended for minors under 18 years of age and the Owner does not intentionally collect personal information referring to minors. In the event that information about minors is involuntarily recorded, the Owner will delete it in a timely manner, at the request of the users.
12. Owner, manager and persons in charge
The Data Controller / Data Processor (pursuant to Articles 4, 24, 28 of EU Reg. 2016/679) is Cantina del Brunello with registered office in Via della Sapienza 66 – 53100 Siena Tax Code and VAT number: 00389040528 in the name of its legal representative Federico Pieri.
The updated list of data processors and persons in charge of processing is kept at the headquarters of the Data Controller.
13. Modifications to this informative note
This Policy is subject to change. We therefore recommend that you check this Policy regularly and refer to the most current version.
— ADDITIONAL POLICIES AND AGREEMENTS —
CONFIDENTIALITY AGREEMENT FOR ALL INFORMATION PROVIDED BY OUR CUSTOMERS AND USERS OF THE SITE
The owner of the treatment hereby declares to be aware that as a result of the working relationship with customers and / or consulting also free of charge with users of the site, who contact the owner by email or chat or other channels of communication, may become aware of data, information and news in general, of a confidential nature and undertakes to maintain the strictest confidentiality on what is received, as well as on any other news, confidentiality and / or information, in the broadest meaning of the term, learned about and / or by the customer or user of the site.
COOKIES POLICY and STATISTICAL DATA
What are cookies
Cookies are small text files that sites visited by users send to their terminals, where they are stored to be retransmitted to the same sites on subsequent visits. Cookies are used for different purposes, have different characteristics, and may be used both by the owner of the site you are visiting and by third parties. Below you will find all the information about cookies installed through this site, and the necessary information on how to manage your preferences about them.
Technical cookies that do not require your consent:
Cookies for which consent is required:
All cookies other than the technical cookies mentioned above are installed or activated only after the user’s consent the first time he/she visits the site. Consent may be expressed in a general manner, interacting with the short information banner on the landing page of the site, in the manner indicated in that banner (by clicking on the OK button or the X button; or by continuing navigation, including by scrolling or through a link); or may be provided or denied selectively, in the manner indicated below. This consent will be tracked on the occasion of subsequent visits. However, the user always has the option of revoking all or part of the consent already given. If the automated system does not work, the user is obliged to notify the data controller.
Cookies managed by third parties:
– Social network cookies: They are used to share content on social networks
YOU TUBE: https://policies.google.com/privacy?hl=it&gl=it
– Statistics cookies: Third-party statistics cookies (Google Analytics) are used to manage statistics in a non-anonymous form, with tracking of the User’s IP (user data not profiled at IP level), with data sharing with the Third Party.
Access to the information of the Third Party:
To deactivate Google Analytics: https://tools.google.com/dlpage/gaoptout?hl=it
In addition, the pixel tool of facebook is used, which is a tool for collecting statistical data that allows you to measure the effectiveness of advertising by giving you the opportunity to understand what actions people perform on the site and allows you to understand what a facebook member has seen on the site. In this case Facebook is the data controller. The conditions relating to tracking will be established in the conditions of Facebook when you register for an account. Facebook pixels:
To deactivate Facebook Pixels: https://it-it.facebook.com/business/help/186134205381987
Other technologies (e.g. plugins, widgets, local storage, etc).
Interaction with social networks and external platforms.
Widget: is a graphical user interface component of a program, which aims to make it easier for the user to interact with the program itself. The most used widgets are those of social networks, which allow users to easily open social networks in a separate browser window.
These services allow interactions with social networks, or other external platforms, directly from the pages of a site.
Any interactions and information acquired by the site are subject to the privacy settings of the third party that created the above technologies. To receive detailed information on the use of personal data processed when you use these technologies, we invite you to visit the websites of third party operators of these technologies. You will find below the references of these third parties, and next to each of them you will find the link to the page where you can receive information on the processing and, where required by law, express or deny your consent:
-Facebook social widget (Facebook): https://www.facebook.com/privacy/explanation
-Social widget of Instagram (Instagram): https://help.instagram.com/1896641480634370?ref=ig
-Youtube social widget (Google): https://policies.google.com/privacy?hl=it
Remember that you can also manage your cookie preferences through your browser.
If you do not know the type and version of browser you are using, click on “Help” in the browser window at the top, from which you can access all the necessary information.