INFORMATION FOR THE PROCESSING OF PERSONAL DATA AND REQUEST FOR CONSENT TO THE PROCESSING OF PERSONAL DATA
The EU Regulation n. 2016/679 on the “protection of individuals with regard to the processing of personal data, as well as the free circulation of such data” (hereinafter the “Regulation”) contains a series of rules aimed at ensuring that the processing of personal data takes place in respect for the fundamental rights and freedoms of individuals. This disclosure incorporates the provisions.
Given that:
– “personal data” means any information concerning an identified or identifiable natural person (“interested party”); the natural person is considered identifiable who can be identified, directly or indirectly, with particular reference to an identifier such as the name, an identification number, location data, an online identifier or one or more characteristic elements of his physical identity, physiological, genetic, psychic, economic, cultural or social
– “processing” of personal data means any operation or set of operations, carried out with or without the aid of automated processes and applied to personal data or sets of personal data, even if not registered in a data bank, such as collection, registration, organization, structuring, storage, processing, selection, blocking, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, limitation, cancellation or destruction.
1. Identity and contact details of the data controller
The company Vinee’Ria Srl (VAT number 01625230295), with headquarters in Riviera del Popolo n. 1 / B, 45026 – Lendinara (RO), as data controller, informs you pursuant to art. 13 Legislative Decree 30.6.2003 n. 196 (hereinafter, “Privacy Code”) and art. 13 EU Regulation no. 2016/679 (hereinafter, “GDPR”) that your data will be processed in the manner and for the purposes better explained below.
2. Purpose of the processing: contract conclusion and legal obligations
The data processing is carried out by the Data Controller in carrying out its economic and commercial activities for purposes related to the establishment, management and execution of commercial relationships, including the management of the pre-contractual relationship.
In particular, the data provided will be processed, mainly through IT tools, for the following purposes:
a) the execution of obligations strictly connected to the conclusion of the Contract and its subsequent administrative and accounting management. The provision of data for these activities is essential for the correct management of the Contract and does not require the consent of the interested party (Article 6.1 (b) of the GDPR);
b) the fulfillment of obligations deriving from the law, regulations or community legislation (eg tax and accounting obligations) for which the provision of data is mandatory and the processing does not require the consent of the interested party (Article 6.1 (c) of the GDPR ).
The provision of data for the aforementioned purposes is mandatory for the purpose of concluding and fulfilling the contract.
3. Purpose of the processing: marketing and profiling
With the consent of the interested party, the data may be processed by the Data Controller also for the following purposes:
a) sending by e-mail and with automatic messages or by telephone, offers and commercial initiatives relating to products or services as well as the conduct of market research or other customer satisfaction initiatives promoted by the Data Controller. If the provision of any data for this purpose is required, this provision will be optional.
It is understood that the processing of data for this purpose will be possible only with the consent of the interested party pursuant to Article 6 of the GDPR. The consent may be revoked at any time, freely in the ways indicated in the following point 9. Failure to issue or revoke the consent does not affect the execution of the Contract in any way;
b) the analysis of the habits of use of the products and services of the company Vinee’Ria Srl both in order to improve its products and services and to offer products that could respond more precisely to the needs of customers. It is understood that the processing of data for this purpose will be possible only with the consent of the interested party pursuant to art. 6 of the GDPR. The consent may be freely revoked at any time in the ways indicated in point 7 below; any failure to issue or revoke the consent does not affect the execution of the Contract in any way. Without prejudice to the hypotheses of exercise of the rights of cancellation of the Data and of the rights of opposition and limitation of the processing referred to in point 7 of this information,
4. Processing methods
The processing of your personal data is carried out by means of the operations indicated in art. 4 of the Privacy Code and art. 4 n. 2) GDPR and more precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. The Data will be processed by the company Vinee’Ria Srl with electronic and manual systems according to the principles of correctness, loyalty and transparency provided for by the applicable legislation on the protection of personal data and protecting the confidentiality of the interested party through technical and organizational security measures for ensure an adequate level of security.
5. Data retention
The Data necessary for the management of the Contract and the fulfillment of the obligations referred to in letters (a) and (b) of point 2 of this information will be kept by the Data Controller in its archives for 10 years following the registration of the operations in compliance with civil and fiscal obligations imposed by current legislation. Similarly, the Data referred to in point 3 necessary for protection in the event of a dispute or dispute will be kept for 10 years from the conclusion of the Contract.
6. Access, communication and dissemination of data
The Data will be processed, within the limits of what is necessary, by the authorized personnel, adequately trained and trained, of the Data Controller. In carrying out its ordinary business activities, the Data may, therefore, be communicated to subjects who carry out control, review and certification activities of the activities carried out by the Data Controller, consultants and freelancers in the context of tax, judicial and in case of corporate transactions for which it is necessary to evaluate the corporate assets, where this is necessary for the purposes of coordination and control, public bodies and administrations, including tax authorities where this is necessary, as well as subjects entitled by law to receive such information, Italian and foreign judicial authorities and other public authorities, for the purposes related to the fulfillment of legal obligations, or for the fulfillment of the obligations assumed and arising from the contractual relationship, including for the need for defense in court. In cases where the contractual relationship provides for the intervention of commercial partners, the Data Controller may share some Data with distributors and partners belonging to the distribution chain of products and services. The contact data could be communicated for completely occasional needs to customers and / or suppliers of the Data Controller, for example if they have to collaborate with these subjects for the purpose of providing services. The Data will in no case be disclosed nor will it generally be transferred outside the European Union. o for the fulfillment of the obligations assumed and arising from the contractual relationship, including for the need for defense in court. In cases where the contractual relationship provides for the intervention of commercial partners, the Data Controller may share some Data with distributors and partners belonging to the distribution chain of products and services. The contact data could be communicated for completely occasional needs to customers and / or suppliers of the Data Controller, for example if they have to collaborate with these subjects for the purpose of providing services. The Data will in no case be disclosed nor will it generally be transferred outside the European Union. o for the fulfillment of the obligations assumed and arising from the contractual relationship, including for the need for defense in court. In cases where the contractual relationship provides for the intervention of commercial partners, the Data Controller may share some Data with distributors and partners belonging to the distribution chain of products and services. The contact data could be communicated for completely occasional needs to customers and / or suppliers of the Data Controller, for example if they have to collaborate with these subjects for the purpose of providing services. The Data will in no case be disclosed nor will it generally be transferred outside the European Union. the Data Controller may share some Data with distributors and partners belonging to the distribution chain of products and services. The contact data could be communicated for completely occasional needs to customers and / or suppliers of the Data Controller, for example if they have to collaborate with these subjects for the purpose of providing services. The Data will in no case be disclosed nor will it generally be transferred outside the European Union. the Data Controller may share some Data with distributors and partners belonging to the distribution chain of products and services. The contact data could be communicated for completely occasional needs to customers and / or suppliers of the Data Controller, for example if they have to collaborate with these subjects for the purpose of providing services. The Data will in no case be disclosed nor will it generally be transferred outside the European Union.
7. Rights of the interested party
As an interested party, you can exercise, at any time, the rights provided for by the Regulations listed below against the Data Controller, by sending a specific request in writing to the email address Asta@vineeria.it or to the certified email address. vineeria@legalmail.it, or by registered letter with return receipt to the seller’s registered office.
In the same way, you can revoke the consents expressed with this Notice at any time.
a) Right of access : You can obtain from the Data Controller confirmation that your Personal Data is being processed or not and, in this case, obtain access to the Personal Data and information provided for by art. 15 of the Regulation, including, by way of example: the purposes of the processing, the categories of Personal Data processed etc … If requested, the Company may provide you with a copy of the Personal Data being processed.
b) Right of rectification : You can obtain from the company Vinee’Ria Srl the rectification of your Personal Data which are inaccurate as well as, taking into account the purposes of the processing, the integration of the same, if they are incomplete, by providing a supplementary declaration.
c) Right to cancellation: You can obtain from the Data Controller the cancellation of your Personal Data, if one of the reasons provided for by art. 17 of the Regulation, including, by way of example, if the Personal Data are no longer necessary with respect to the purposes for which they were collected or otherwise processed or if the consent on which the processing of your Personal Data is based has been revoked by you. and there is no other legal basis for the processing. We inform you that the company Vinee’Ria Srl will not be able to proceed with the cancellation of your Personal Data if their processing is necessary, for example, for the fulfillment of a legal obligation, for reasons of public interest, for the verification, exercise or defense of a right in court.
d) Right to limitation of processing : You may obtain the limitation of the processing of your Personal Data if one of the hypotheses provided for by art. 18 of the Regulation, including, for example: in the event of your dispute regarding the accuracy of your Personal Data being processed or if your Personal Data are necessary for the ascertainment, exercise or defense of a right in court, although the Data Controller no longer needs it for the purposes of the processing.
e) Right to object : You may object at any time to the processing of your Personal Data if the processing is carried out for the execution of an activity of public interest or for the pursuit of a legitimate interest of the Data Controller (including the activity of profiling). If you decide to exercise the right of opposition described here, the Company will refrain from further processing your personal data, unless there are legitimate reasons to proceed with the processing (reasons overriding the interests, rights and freedoms of the data subject ), or the processing is necessary for the assessment, exercise or defense in court of a right.
f) Right to lodge a complaint with the Guarantor Authority for the protection of personal data : Without prejudice to your right to appeal in any other administrative or judicial office, if you believe that the processing of your Personal Data by the Data Controller is in violation of the Regulation and / or applicable legislation may lodge a complaint with the competent Personal Data Protection Authority.