It is an information notice pursuant the article 13 of EU Regulation no. 679/2016 ("GDPR") and the national legislation regarding privacy and protection of personal data applicable to all those who visit the Website ilcircolo.wine and interact with the web services accessible through the Site.
The Information document is provided only for the Site and not for other Websites that may be consulted by the User through links on the Site.
1. Data Controller.
The Data Controller of the treatment of your personal data is Alciati S.a.s di Ugo Alciati & C. with registered office in Via Alba Serralunga d’Alba 15, 12050 (CN), Italy, of person of the legal representative pro tempore (hereinafter “Controller”), e-mail email@example.com
If the Controller uses personal data processors or sub-processors pursuant to Article 28 GDPR, the updated list of the processors of the processing is kept in the registered office of the respective Controllers.
2. Typology of data processed.
The types of personal data processed depend on the purposes for which they are collected.
In general, it is possible to directly collect the following types of your personal data:
a. Contact details (e.g. name, surname, e-mail address, address, city, telephone number);
b. Data provided directly from you through communications or attachments through communications (e.g. banking data, company data);
Hereinafter “Personal Data”.
3. Purpose and legal basis of treatment.
The processing of your personal data takes place:
a. Without the need of express consent (art. 6.b) – f) GDPR) for the following purposes:
- To conclude contracts with the Controller.
- To comply with pre-contractual, contractual and tax obligations arising from existing relationships with the Controller.
- To fulfill the obligations established by law, by a regulation, by the European regulation or by an Authority order to the Controller.
- To pursue a legitimate interest of the Controller or of third parties, provided that they do not override your interests or your rights and fundamental freedoms requiring personal data protection (e.g. the Controller’s right of defense of legal claims).
b. Only under your prior specific and distinct consent (art. 6.a) and art. 7 GDPR), for the following marketing purposes:
- Sending via e-mail, commercial communications and/or advertising material on products or services offered by the Controller.
If you have denied your consent, it will not be possible to carry out the aforementioned activities as referred to in letter b) and, in any case, even if you have expressed your consent to the processing activities as referred to in letter b), you will have the right to withdraw the given consent at any time.
4. Retention of personal data.
Your personal data shall be processed by the Controller only for the necessary period of time to fulfill the purposes of the processing as referred to in the aforementioned Art. 3, and then they shall be kept only in accordance with the legal obligations in force on this matter, for administrative purposes and/or to ensure and protect a right and, in any case, no further than the deadlines set up by the national legislation for the prescription of rights.
In particular, for marketing purposes, your personal data will be stored by the Controller for no longer than 24 months starting from the date on which the consent was given.
5. Security measures.
Personal data are processed on paper and electronic and/or automated means for the period of time necessary to fulfill the purposes for which they are collected by the Controller or by other authorized persons and/or persons in charge of these duties, constantly identified and/or appointed, properly trained and informed on law obligations, as well as through the use of appropriate safety measures to ensure the protection of confidentiality and to avoid the risk of loss or damage, unauthorized accesses, unauthorized processing or not in accordance with the aforementioned purposes.
6. To whom we may disclose your personal data.
For the purposes mentioned above, your personal data may be accessible or disclosed to:
- Employees and collaborators of the Controller, as authorized personnel, within the scope of their respective duties and in accordance with the instructions received. In any case, these persons are subject to confidentiality obligations.
- Third parties carrying out outsourcing activities on behalf of the Controller which are entrusted with certain activities, or part of them, functional to the provision and distribution of services offered through the website (e.g. hosting company, programmers, system engineers, database administrators, technical assistance centers) or whose activity is connected, functional or support to that of the Controllers (e.g. management software and/or cloud marketing);
- All those public and/or private entities, natural and/or legal persons (legal, administrative and tax advice offices, collection agencies, judicial authorities, Chambers of commerce, Labour offices, etc.), if the communication is deemed to be necessary or functional to the correct fulfillment of contractual obligations, as well as of legal obligations.
- All those entities (Public Authorities included) having access to personal data in accordance to normative and administrative acts.
Data is not subject to dissemination.
7. Data transfer.
The process and the storage of your personal data will take place within the European Union territory. It is understood that in any case the Controller, if deemed it necessary, will have the right to process your personal data outside the EU Area (EEA). In such a case, the Controller shall ensure here and now that the extra-EU data transfer takes place in accordance with the applicable law, also by concluding, whether necessary, agreements in order to grant a comfortably sufficient level of protection and/or by concluding standard contract terms set up by the European Commission.
The Controller shall not intentionally collect personal data concerning minors below the age of 18 years. In accordance with the applicable law, the holder of parental responsibility shall give consent to the processing of the minor’s personal data. In case minors’ personal data are unintentionally collected, the Controller shall delete them in a timely manner.
Under Art. 15 et seq. of the GDPR and of the national privacy and personal data protection legislation, you are granted the right:
1) To obtain confirmation from the Controller that personal data concerning you are being processed and, in such a case, to obtain access to your personal data and to the following information:
- The purposes of the processing;
- The categories of personal data concerned;
- The recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations; - Where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- The existence of the right to request from the Controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
- The right to lodge a complaint with a supervisory authority;
- Where the personal data are not collected from the data subject, any available information as to their source;
- The existence of automated decision-making, including profiling.
2) To obtain from the Controller the rectification of inaccurate personal data concerning you without undue delay. Taking into account the purposes of the processing, you shall have the right to obtain the completion of incomplete personal data, including by means of providing a supplementary statement.
3) To obtain from the Controller the erasure of personal data concerning you without undue delay and the Controller shall have the obligation to erase personal data without undue delay, within the limits and in compliance with the applicable law.
4) To obtain from the Controller restriction of processing.
5) To receive personal data concerning you provided to the Controller in a structured, commonly used, machine-readable format. You also have the right of data portability and then to transmit these data to another Controller without hindrance from the Controller when the processing is based on consent or a contract and is carried out by automated means.
6) To object at any time, on grounds relating to his or her particular situation, to processing of personal data concerning you if the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller or the processing is necessary for the purposes of the legitimate interest pursued by the Controller or third parties.
7) If you consider that your rights are infringed by the Controller, you have the right to lodge a complaint with the Autorità Garante per la protezione dei dati personali (www.garanteprivacy.it) and/or with other competent supervisory authority in accordance with the GDPR provisions.
The Controller, following the exercise of the rights as referred to in points 2), 3) and 4) shall communicate any rectification or erasure or restriction of the processing to each of the recipients to whom the personal data have been disclosed in accordance with the applicable law.
In order to exercise the aforementioned rights against the Controller, you are required to submit a written request by sending a registered mail or an e-mail communication to the following e-mail address firstname.lastname@example.org
This information document could be modified and updated at any time. If it is necessary to process your personal data for purposes other than those for which they were collected pursuant to the aforementioned Art. 3, the Controller, before any further processing, commits to provide appropriate information regarding those different purposes to you and to carry out any further processing in accordance with the applicable law, also by getting your express consent if necessary.