Pursuant to EU Regulation 2016/679 (GDPR).
Information on the processing of personal data pursuant to Articles 13 and 14 of EU Regulation 2016/679
Last updated: November 2022
This page describes how the website is managed with regard to processing personal data of users who visits www.carusvini.it. It is a statement intended for all users who interact with that web services as well as any other address that results under the domain www.carusvini.it and possibly fill the forms of the sections “Shop”, “Newsletter” and/or “Tastings”.
You are therefore asked to pay attention to the following information, bearing in mind that:
- It responds specifically in accordance to Article 13 of EU Regulation 679/2016 for personal data protection, accessible electronically from the address www.carusvini.it, corresponding to the home page of this website;
- The information is valid only for the official website of www.carusvini.it and not also for other website that may be consulted through links.
- The information is inspired by the most reliable codifications regarding the requirements for the collection of personal data online (manner, timing and nature of the information that data controllers must provide to users when they connect to , regardless of the purposes of the connection, recommended and/or suggested by the EEC directives (Article 29 of Directive No. 95/46/EC)).
The data provided by you as a user of the website will be processed by CarusVini Società Agricola S.r.l., headquartered at Largo Usilia 12, 53036 Poggibonsi (SI), CF 01313790527, contactable at the e-mail address firstname.lastname@example.org, as the Data Controller (hereafter, “Controller or CarusVini”).
2. TIPY OF DATA PROCESSED
The Data Controller may process, in accordance with this Policy, the following personal data collected through the website:
- Personal data (e.g., first name, last name);
- Contact data (e.g., e-mail, telephone);
- Address data (e.g., address, zip code, city);
- Payment data (e.g., cardholder, number, CVC and CVP, expiration date);
3. Purpose, Legal Basis and Explanation
|a) Booking experiences, purchasing products||Execution of contract and/or pre-contractual measures||We will process your personal data for the purpose of handling bookings and to enable you to purchase products in our e-shop.|
|b) Administrative-accounting purposes||Legal obligation||Tratteremo i tuoi dati personali per assolvere eventuali obblighi di legge, contabili e fiscali.|
|c) Contact and customer care||Execution of contract and/or pre-contractual measures||We will process your personal data if you have requested information via email@example.com or firstname.lastname@example.org or email@example.com.|
|d) Newsletters and communications with promotional content||Consent||We will process your personal data in order to send you – via e-mail – communications with promotional, informative and/or advertising content in relation to CarusVini services. You can stop receiving these communications, without any consequences for you (other than the fact that you will not receive any further such communications) by using firstname.lastname@example.org or the other addresses indicated above.|
|e) Soft spam||Legitimate interest||We will process your personal data to send you – via email – communications regarding services similar to those you have purchased through the Website. You can stop receiving these communications without any consequences to you by writing to email@example.com.|
|f) Detecting or preventing fraudulent activity||Legal obligation||We may need to process your personal data in the case of countering third party attacks on our computer systems or our website.|
|g) Compliance with orders from judicial or other public authorities||Legal obligation||We may have to provide your Data to judicial or other public authorities pursuant to legal obligations or express requests.|
4. Nature of conferment
In relation to the purpose a) of the previous paragraph, the provision of personal data is optional. However, failure to provide make it impossible for the Data Controller to allow registration on the website and the related functions.
In relation to purpose b) of the previous paragraph, the provision of personal data is mandatory. Failure to provide such data will make it impossible for the Controller to proceed with the conclusion of the contract and the management of all related activities, as well as the performance of administrative-accounting purposes connected with the fulfilment of obligations provided for by current legislation.
With reference to purpose c) of the previous paragraph, the provision of personal data is optional. However, failure to provide it will make it impossible to access customer service activities.
With reference to the purpose referred to in point d) of the previous paragraph, the provision of personal data and consent to their processing is optional. However, failure to provide consent will result in the impossibility for the Data Controller to proceed with sending promotional communications relating, for example, to new arrivals and exclusive offers, unless the conditions for soft spam referred to in point e) are met.
In relation to purposes f) and g), the provision of personal data and consent to their processing is mandatory.
5. Method of data processing
Your personal data are processed by computer and/or on paper and are protected by appropriate security measures to ensure confidentiality and security.
The use of any automated decision-making process is not envisaged.
6. Communication of data
For the purposes indicated in Section 3, your personal data may be transferred to the following categories of recipients, located within the European Union:
- Our internal administrative staff;
- Service providers that provide assistance and/or consultancy to the Data Controller with reference to the activities of the sectors (e.g. legal and accounting, insurance, dedicated to credit recovery, fraud control and/or all the checks on the property of interest to be carried out at Municipal Technical Offices, Land Registry and/or other Institutions, Agencies or Registries, patronages, companies or bodies appointed by us as responsible for the specific processing);
- Subjects who need access to the data for purposes connected to the contractual relationship in place with CarusVini, to the extent strictly necessary for the performance of their duties (such as, for example, banks and credit institutions, IT service providers, hosting providers, communication and marketing agencies);
- Partners of CarusVini, for whom the communication of data is necessary in order to guarantee the services purchased (such as shipping companies);
- Subjects and authorities whose right to access the personal data of Users is expressly recognized by law, regulations or provisions issued by the competent authorities.
These recipients, depending on the circumstances, will process personal data as data controllers or data processors. Such entities may act, depending on the circumstances, as autonomous Data Controllers or Processors. A full list of Data Processors can be obtained by contacting the Controller.
7. Data transfers abroad
Personal data may be freely transferred outside the national territory to countries within the European Union. Any transfer of the User’s personal data to countries outside the European Union will take place, in any case, in compliance with the appropriate and adequate safeguards for the purposes of the transfer itself in accordance with the applicable legislation and in particular Articles 45 and 46 of the GDPR.
8. Interaction with third-party platforms
Through the pages of the website, you can interact with third-party platforms (e.g. Instagram, Twitter, Facebook and YouTube).
9. Data retention periods
- for the Contractual and Legitimate Interest Purposes, personal data will be kept for a period equal to the fruition of the services referred to in the website and for 10 years after the termination, except in cases where the retention for a later period is required for possible litigation, requests of the competent authorities or pursuant to applicable legislation;
- for Marketing Purposes, personal data will be retained for the duration of the User’s registration with the website, and thereafter for a period of 6 months following deactivation or cancellation;
Once the above terms have expired, the User’s data may be deleted, anonymized and/or aggregated.
10. Rights of data subjects
You have the right, at any time, to request from the Data Controller access to your personal data (Art. 15), rectification (Art. 16) or cancellation (Art. 17) of the same, or restriction of processing (Art. 18) or to object to their processing (Art. 21), to the portability of your personal data (Art. 20) and finally to lodge a complaint with the Supervisory Authority (Personal Data Protection Authority).
You will be able to assert your rights as expressed in EU Regulation 2016/679 by contacting the Data Controller, by sending an e-mail to firstname.lastname@example.org or by writing to the Data Controller’s office indicated above.
11. Changes and updates
The Controller reserves the right to make changes to this policy whenever necessary. Users will be notified of relevant changes and additions via the website.