Pursuant to EU Regulation 2016/679 (GDPR).
Information on the processing of personal data pursuant to Articles 13 and 14 of EU Regulation 2016/679

Last updated: November 2022


This page describes the privacy policy.

This page describes how the website is managed with regard to processing personal data of users who visits It is a statement intended for all users who interact with that web services as well as any other address that results under the domain and possibly fill the forms of the sections “Shop”, “Newsletter” and/or “Tastings”.

You are therefore asked to pay attention to the following information, bearing in mind that:

  • It responds specifically in accordance to Article 13 of EU Regulation 679/2016 for personal data protection, accessible electronically from the address, corresponding to the home page of this website;
  • The information is valid only for the official website of and not also for other website that may be consulted through links.
  • The information is inspired by the most reliable codifications regarding the requirements for the collection of personal data online (manner, timing and nature of the information that data controllers must provide to users when they connect to , regardless of the purposes of the connection, recommended and/or suggested by the EEC directives (Article 29 of Directive No. 95/46/EC)).
The data provided by you as a user of the website will be processed by CarusVini Società Agricola S.r.l., headquartered at Largo Usilia 12, 53036 Poggibonsi (SI), CF 01313790527, contactable at the e-mail address, as the Data Controller (hereafter, “Controller or CarusVini”).

The Data Controller may process, in accordance with this Policy, the following personal data collected through the website:

  • Personal data (e.g., first name, last name);
  • Contact data (e.g., e-mail, telephone);
  • Address data (e.g., address, zip code, city);
  • Payment data (e.g., cardholder, number, CVC and CVP, expiration date);
  • Navigation and geolocation data, collected through cookies and in accordance with the cookie policy provided below (e.g., IP address).

3. Purpose, Legal Basis and Explanation

Purpose Legal Basis Explanation
a) Booking experiences, purchasing products Execution of contract and/or pre-contractual measures We will process your personal data for the purpose of handling bookings and to enable you to purchase products in our e-shop.
b) Administrative-accounting purposes Legal obligation Tratteremo i tuoi dati personali per assolvere eventuali obblighi di legge, contabili e fiscali.
c) Contact and customer care Execution of contract and/or pre-contractual measures We will process your personal data if you have requested information via or or
d) Newsletters and communications with promotional content Consent We will process your personal data in order to send you – via e-mail – communications with promotional, informative and/or advertising content in relation to CarusVini services. You can stop receiving these communications, without any consequences for you (other than the fact that you will not receive any further such communications) by using or the other addresses indicated above.
e) Soft spam Legitimate interest We will process your personal data to send you – via email – communications regarding services similar to those you have purchased through the Website. You can stop receiving these communications without any consequences to you by writing to
f) Detecting or preventing fraudulent activity Legal obligation We may need to process your personal data in the case of countering third party attacks on our computer systems or our website.
g) Compliance with orders from judicial or other public authorities Legal obligation We may have to provide your Data to judicial or other public authorities pursuant to legal obligations or express requests.

4. Nature of conferment

In relation to the purpose a) of the previous paragraph, the provision of personal data is optional. However, failure to provide make it impossible for the Data Controller to allow registration on the website and the related functions.

In relation to purpose b) of the previous paragraph, the provision of personal data is mandatory. Failure to provide such data will make it impossible for the Controller to proceed with the conclusion of the contract and the management of all related activities, as well as the performance of administrative-accounting purposes connected with the fulfilment of obligations provided for by current legislation.

With reference to purpose c) of the previous paragraph, the provision of personal data is optional. However, failure to provide it will make it impossible to access customer service activities.

With reference to the purpose referred to in point d) of the previous paragraph, the provision of personal data and consent to their processing is optional. However, failure to provide consent will result in the impossibility for the Data Controller to proceed with sending promotional communications relating, for example, to new arrivals and exclusive offers, unless the conditions for soft spam referred to in point e) are met.

In relation to purposes f) and g), the provision of personal data and consent to their processing is mandatory.

5. Method of data processing

Your personal data are processed by computer and/or on paper and are protected by appropriate security measures to ensure confidentiality and security.

The use of any automated decision-making process is not envisaged.

6. Communication of data

For the purposes indicated in Section 3, your personal data may be transferred to the following categories of recipients, located within the European Union:

  • Our internal administrative staff;
  • Service providers that provide assistance and/or consultancy to the Data Controller with reference to the activities of the sectors (e.g. legal and accounting, insurance, dedicated to credit recovery, fraud control and/or all the checks on the property of interest to be carried out at Municipal Technical Offices, Land Registry and/or other Institutions, Agencies or Registries, patronages, companies or bodies appointed by us as responsible for the specific processing);
  • Subjects who need access to the data for purposes connected to the contractual relationship in place with CarusVini, to the extent strictly necessary for the performance of their duties (such as, for example, banks and credit institutions, IT service providers, hosting providers, communication and marketing agencies);
  • Partners of CarusVini, for whom the communication of data is necessary in order to guarantee the services purchased (such as shipping companies);
  • Subjects and authorities whose right to access the personal data of Users is expressly recognized by law, regulations or provisions issued by the competent authorities.

These recipients, depending on the circumstances, will process personal data as data controllers or data processors. Such entities may act, depending on the circumstances, as autonomous Data Controllers or Processors. A full list of Data Processors can be obtained by contacting the Controller.

7. Data transfers abroad

Personal data may be freely transferred outside the national territory to countries within the European Union. Any transfer of the User’s personal data to countries outside the European Union will take place, in any case, in compliance with the appropriate and adequate safeguards for the purposes of the transfer itself in accordance with the applicable legislation and in particular Articles 45 and 46 of the GDPR.

The website uses cookies. For more information, please consult the Cookie Policy at the URL

8. Interaction with third-party platforms

Through the pages of the website, you can interact with third-party platforms (e.g. Instagram, Twitter, Facebook and YouTube).

You can find out what information is collected by the third-party platforms by consulting their respective cookie policy.

9. Data retention periods

The User’s personal data will be kept for the period of time necessary to pursue the specific purposes for which they were collected, as indicated in this privacy policy, and in any case:

  • for the Contractual and Legitimate Interest Purposes, personal data will be kept for a period equal to the fruition of the services referred to in the website and for 10 years after the termination, except in cases where the retention for a later period is required for possible litigation, requests of the competent authorities or pursuant to applicable legislation;
  • for Marketing Purposes, personal data will be retained for the duration of the User’s registration with the website, and thereafter for a period of 6 months following deactivation or cancellation;

Once the above terms have expired, the User’s data may be deleted, anonymized and/or aggregated.

10. Rights of data subjects

You have the right, at any time, to request from the Data Controller access to your personal data (Art. 15), rectification (Art. 16) or cancellation (Art. 17) of the same, or restriction of processing (Art. 18) or to object to their processing (Art. 21), to the portability of your personal data (Art. 20) and finally to lodge a complaint with the Supervisory Authority (Personal Data Protection Authority).

You will be able to assert your rights as expressed in EU Regulation 2016/679 by contacting the Data Controller, by sending an e-mail to or by writing to the Data Controller’s office indicated above.

11. Changes and updates

The Controller reserves the right to make changes to this policy whenever necessary. Users will be notified of relevant changes and additions via the website.