On May 25, 2018, the new General Data Protection Regulation (GDPR – General Data Protection Regulation) came into force. The objective of the European Union is to give greater protection to personal data defined as “any information concerning an identified or identifiable natural person (so-called Data Subject)”. This Privacy Policy provides users of this site with clear and detailed information on the processing of their personal data pursuant to the General Data Protection Regulation and the Personal Data Protection Code. In particular, the reader will have the possibility, by consulting this, of direct rights to the set of data collected, the methods of their use and in particular the rights at his disposal regarding data protection.
This site uses data on the basis of consent. By using or consulting it, users and visitors explicitly approve this privacy policy and consent to the processing of their personal data relating to the methods and purposes described below, including disclosure to third parties, if necessary to provide a service. The provision and, consequently, the consent for the collection and processing of data are optional, the user can deny or revoke the consent already provided at any time by writing to the Data Controller. However, denying consent may make it impossible to provide some services and the browsing experience on the site may be compromised. This site uses some data based on the legitimate interests of the Data Controller.
As with the others, this site also uses log files in which information collected automatically during user visits is stored. The information collected may be the following:
The aforementioned information is processed in an automated form and collected exclusively in aggregate form in order to verify the correct functioning of the site, for security reasons and according to the legitimate interests of the Data Controller.
For security reasons (spam filters, firewalls and virus detection), the automatically recorded data may also include personal data, such as the IP address, which could be used, in accordance with applicable laws, to block attempts to damage the site. itself or cause damage, which constitutes a crime in all respects, to other users. These data are never used for the identification or profiling of the user, but only for the purpose of protecting the site and its users, based on the legitimate interests of the Data Controller.
If the site allows the insertion of comments or, in the case of specific services requested by the user, automatically detects and records some user identity data, including the e-mail address, the data in question are provided voluntarily by the user when requesting the service. By entering a comment or other information, the user explicitly accepts the privacy policy, and in particular accepts that the contents included are freely disseminated to third parties.
The information that users of the site intend to make public through the services and tools made available to them are provided by the user in a conscious and voluntary manner, exempting this site from any liability relating to any violations of the law. It is up to the users to verify that they have authorization for the inclusion of third-party personal data or content protected by national and international regulations.
The data collected by the site during its operation are used exclusively for the purposes indicated above and kept for the time strictly necessary to carry out the specified activities. In any case, the data collected from the site will never be provided to third parties, for any reason, unless there is a legitimate request from a judicial authority and only in the cases provided for by law.
The data used for security purposes (blocking attempts to damage the site) are saved for the time required by law.
The processing of Personal Data is carried out using IT and / or telematic tools, with organizational methods and with logic strictly related to the purposes indicated.
In some cases, subjects involved in the organization of the Data Controller may also have access to Personal Data (such as, for example, personnel management staff, sales staff, system administrators, etc.) or external subjects (such as IT companies, suppliers of services, postal couriers, hosting providers, etc.). If necessary, these subjects may be appointed as Data Processors by the Data Controller, as well as access the Personal Data of the Users whenever necessary and will be contractually obliged to keep the Personal Data confidential.
The updated list of Managers can be requested via email at the address info@welcometothewinery.com
The processing of Personal Data relating to the User is based on the following legal bases:
However, it is always possible to ask the Data Controller to clarify the legal basis of each treatment at the e-mail info@welcometothewinery.com
Personal Data are processed at the Data Controller’s operating offices and in any other places where the parties involved in the processing are located. For more information, contact the Data Controller at the following e-mail address info@welcometothewinery.com
The processing is carried out in a manner and with suitable tools to guarantee the security and confidentiality of the Personal Data, having the Data Controller adopted adequate technical and organizational measures that guarantee, and allow to demonstrate, that the Processing is carried out in compliance with the relevant legislation.
Personal Data will be kept for the period of time necessary to fulfill the purposes for which they were collected.
In particular, the Personal Data will be kept for the entire duration of the contractual relationship, for the execution of the related and consequent obligations, for compliance with applicable legal and regulatory obligations, as well as for own or third party defensive purposes.
If the processing of Personal Data is based on the User’s consent, the Owner may keep the Personal Data until the consent is revoked.
Personal Data may be kept for a longer period if necessary to fulfill a legal obligation or by order of an authority.
All Personal Data will be deleted or stored in a form that does not allow the identification of the User within 30 days of the end of the retention period. At the end of this term, the right of access, cancellation, rectification and the right to the portability of Personal Data can no longer be exercised.
All Personal Data collected will not be subject to any automated decision-making process, including profiling, which may produce legal effects for the person or which may significantly affect them.
The end user has the right, in accordance with current legislation, to exercise one or more options from those described below:
Right of withdrawal:
the end user has the full right, at any time and without giving a reason, to request the complete termination of the consent of the data collected by us.
Right to be forgotten:
the end user has the full right to request the complete cancellation, from any type of media, of their data collected by us, without providing an express reason. By exercising this action, he understands that the provision of our services may be subject to limitations or may be completely denied.
Right of rectification and access to data: the end user has the full right to check, at any time, the set of data that has been collected by the company on it. Additionally, he can request the rectification and modification of the data collected (for example, following a change of domain or method of telephone / e-mail contact).
Right to request support from the Italian Privacy Guarantor:
the end user has the right to request support and additional information from the Italian Privacy Guarantor, available at http://www.garanteprivacy.it/. To exercise their rights, Users can direct a request to the contact details of the Owner indicated in this document. Requests are made free of charge and processed by the Data Controller as soon as possible, in any case within 30 days.
Carlo Mameli, Via Rubino 63, Grosseto 58100, VAT number 01174220531, e-mail info@welcometothewinery.com
Last update 12/06/2022