Below we are pleased to provide you with the necessary information regarding the processing of your personal data, in particular regarding the purposes and methods of processing, as well as the scope of communication and dissemination of the same, the nature of the data in our possession, their conferral and the storage period.
The purpose of this document is to accurately describe the methods for managing the processing of your personal data collected when you navigate the Site or use the services it offers. The information is not to be considered valid for other websites that may be consulted through links on the Owner’s website, which is not to be considered in any way responsible for the websites of third parties.
The Data Controller of the data collected through this Website is the Winery “Cantina ZEHNHOF di Rossi Giacomo”, with registered office in Via Antonio Rosmini, 52A, Roverè della Luna (TN) Italy, VAT no. 00510610223 (hereinafter referred to as “Cantina Zehnhof”): the Data Controller decides autonomously on the purposes and methods of processing, as well as the security procedures to be applied in order to guarantee the confidentiality, integrity and availability of the data.
Purpose of processing
The Data Controller processes personal, identification and non-sensitive data (in particular, name, surname, email, telephone number – hereinafter, “personal data” or also “data”) communicated by you in order to request information and/or to use the newsletter service offered by the Data Controller.
Modalities and storage of your data
The processing of your Personal Data is carried out by means of the operations indicated in art. 4 n. 2) GDPR and in compliance with the principles of lawfulness, correctness and transparency and the other principles indicated in art. 5 GDPR.
Personal Data will be processed and stored for the time necessary to pursue the processing purposes for which they were collected.
1) Personal Data collected in order to respond to your requests for information and to allow you to navigate correctly on the Site will be stored for as long as necessary to fulfil these purposes.
2) Personal Data collected for purposes related to the legitimate interest of the Data Controller will be retained until such interest is satisfied.
3) When the processing is based on your consent, the Controller may keep your Personal Data longer until your consent is revoked. In addition, we may be obliged to retain Personal Data for a longer period in compliance with a legal obligation or by order of an authority.
At the end of the retention period the Personal Data will be deleted. Therefore, at the end of this period, the right of access, deletion, rectification and the right to data portability can no longer be exercised.
The management and storage of Personal Data will take place on servers located within the European Union owned by the Data Controller and/or third party companies appointed and duly appointed as Data Processors. It is in any case understood that the Data Controller, if necessary, may move the location of the servers to Italy and/or the European Union and/or non-EU countries. In this case, the Data Controller assures as of now that the transfer will take place in compliance with the applicable provisions of law, stipulating, if necessary, agreements that guarantee an adequate level of protection and/or adopting the standard contractual clauses provided for by the European Commission.
Purposes of the processing and legal basis of the processing
Personal data voluntarily provided will be processed for the following purposes
1) navigation on the Site;
2) responding to your requests for information;
3) to fulfil the obligations provided for by the Law, by a Regulation, by Community legislation or by an order of the Authority;
4) to prevent or discover fraudulent activities or abuses that are harmful to the website;
5) to exercise the rights of the Data Controller, for example the right to defence in court;
6) your identification necessary to be able to purchase the Owner’s products, as well as to allow the proper development of the activity in your support;
7) the completion of the order and the management of the collection with the necessary control and security measures on the transaction
8) the preparation and delivery of orders
9) the management of the invoicing of orders and the completion of the related administrative and fiscal processes
10) the after-sales service and the management of support and contact requests;
11) subject to your consent, for the development of marketing activities as well as to analyze and understand our customers, to improve our service (including the user interface experience) and to optimize the selection of products offered.
For the purposes referred to in points 1 to 10, the processing of data is necessary i) to allow the correct navigation on the Website; ii) for the execution of pre-contractual and contractual measures taken at your request; iii) to comply with a legal obligation to which the Controller is subject and, finally, iv) for the pursuit of the legitimate interest of the Controller such as the right to defence in court and to prevent or discover fraudulent activities or abuses harmful to the Website.
For the purpose referred to in point 11, the processing of your data is lawful only if you have given your consent.
The processing of your data will in no way be subject to profiling and/or automated decisions.
Optional or compulsory nature of providing data; necessity of consent and consequences of non-consent.
Apart from that specified for navigation data, you are free to provide your personal data.
The provision of personal data for the purposes referred to in points 1 to 10 is optional but necessary in order to use the services requested from time to time from the Data Controller and to perfect the specific functions. Failure to provide such data may make it impossible to obtain what has been requested or to use the services of the Data Controller.
Consent to the processing of data for the purposes referred to in point 11 – i.e. for promotional, commercial communication and/or marketing purposes in general by the Data Controller – is always optional. Failing this, the Data Controller may still provide the services referred to in points 1 to 10 and you may still be able to complete the other functions and use the services provided by the Data Controller. You may then decide not to give consent for the processing of your data for this purpose or to revoke subsequently and at any time the consent to process data already provided for the purpose referred to in point 11, but the revocation will not affect the lawfulness of the processing based on the consent before revocation. The right to object to the processing for the purposes referred to in point 11 may be made at any time by automated means of contact.
Parties or categories of parties to whom your data may be disclosed
Your data will be communicated to third parties only with your express consent, except in cases where such communication is obligatory by law or is necessary for purposes provided for by law for the pursuit of which the person’s consent is not required; in such cases, the data may be made available to third parties who will process the data autonomously and solely for the aforementioned purposes (for example, in the case of a request made by the police or the courts or other competent bodies or to perform obligations arising from the contract concluded with you). Your data will not be disseminated in any way.
Parties who may process your personal data
The Owner may use third parties to process your personal data for certain activities. The third parties who carry out these operations have been adequately selected and are experienced, capable and reliable, and offer suitable guarantees of full compliance with the provisions in force regarding processing, including the profile of data security.
These third parties will be appointed “Data Processors” for this purpose and will carry out their activities according to the instructions given by the Controller and under its control. We periodically check that the Processors have fulfilled the tasks entrusted to them punctually and that they continue to provide suitable guarantees of full compliance with the provisions on the protection of personal data. An updated list of the Data Processors can always be requested from the Data Controller. Your data are then processed by our Trustees in charge of the individual services.
However, Owner cannot guarantee its users that the measures adopted for the security of the Site and the transmission of data and information on the Site limit or exclude any risk of unauthorised access or loss of data by devices belonging to the user: We recommend that you ensure that your computer is equipped with appropriate software for the protection of network data transmission, both incoming and outgoing (such as up-to-date antivirus systems) and that your Internet service provider has taken appropriate measures for the security of network data transmission (such as firewalls and spam filters).
Links to other websites
Our Site may contain links to other websites which may have no connection with us.
Rights of the interested parties
In your capacity as a data subject, you may exercise the rights set out in Articles 15 to 22 GDPR, in particular the right to access, rectify or erase data, request restriction or object to processing, as well as the right to data portability.
Data subjects who believe that the processing of personal data relating to them carried out through this website or its services is in breach of the provisions of the GDPR have the right to lodge a complaint with the Supervisory Authority, or to take appropriate legal action.
In the event of a breach of the personal data of the data subject, taking into account the provisions of Article 34 GDPR, the Data Controller shall notify the data subject of the breach.
Contacts for the exercise of the data subject’s rights
You may exercise your rights under current legislation by sending an email to firstname.lastname@example.org.
This Site and the Services of the Owner are not intended for minors under 18 years of age and the Owner does not intentionally collect personal information referring to minors. In case that information on minors is involuntarily recorded, the Owner will delete it in a timely manner, at the request of users.
Social plugins and social networks
Our web pages contain plug-ins from social networks (e.g. Facebook, Linkedin, Instagram, etc.). If you access one of our web pages with such a plug-in, your internet browser connects directly to the social network’s servers and the plug-in is displayed on your screen through your browser connection. If an interested user of a social network visits our web pages while logged into their social account, their personal data may be associated with their social account. Even if you use the plug-in functions, your information will be associated with your social account. Further information about the collection and use of data by social networks in general, as well as the rights and ways available to protect the privacy of the data subject in this context, can be found on the social network pages of the account, on data protection. If the data subject does not wish to associate a visit to our web pages with his or her social network account, he or she must log-off from the social network before visiting them.
Personal data are collected for the following purposes and using the following services: Interaction with social networks and external platforms. These services allow for interactions with social networks, or with other external platforms. The interactions and information acquired are in any case subject to the user’s privacy settings for each social network. If an interaction service with social networks is installed, it is possible that, even if users do not use the service, it will collect traffic data relating to the pages where it is installed.