Dear User, we welcome you to www.caiarossa.com. Caiarossa S.r.l Società Agricola, in its capacity as Data Controller, wish to inform you, pursuant to and for the purposes of art. 13 of General Data Protection Regulation (“GDPR”), that your personal data will be processed in compliance with the national and European legislation and in accordance with the principles of fairness, lawfulness, transparency and protection of your privacy and your rights.
Pursuant to Articles 4 and 24 of the GDPR, the Data Controller is:
Caiarossa s.r.l. Società Agricola – Loc. Serra all’Olio 59 – 56046 Riparbella (PI)
E-mail address: email@example.com
Type of data processed
The Data Controller can collect and process the following data:
- common data (name, telephone number, email address), as well as any other personal data contained in the “message” area, sent by you by filling out the appropriate forms (“Visit the Cellar” and “Contact“), when requesting reservations for visits and tastings or general information. These data are treated exclusively for the purpose of processing your requests;
- any personal data that you provide voluntarily and explicitly to the email address firstname.lastname@example.org to request information or to complete and execute orders and purchases. In this case, the Data Controller acquire the sender’s address and all other personal data, included in the message. These data are used exclusively for the purpose of fulfilling and executing your specific requests;
- any personal data and details contained in the CVs that may be sent to the address email@example.com In this case, the Data Controller – in accordance with the provisions and guidelines of the Italian Privacy Authority – will provide the policy on the processing of personal data contained in the CVs at the time of the first useful contact with the candidate;
- navigation data. The computer systems and software procedures used for this web site operation acquire, during their normal operation, personal data, whose transmission is implicit in the use of Internet communication protocols. However, this information is not collected in order to be associated with identified data subjects but are information which could – through processing and associations with data held by third parties – allow users to be identified. This category of data includes IP addresses or domain names of computers used by users who connect to the website, requested resources addressed in URI (Uniform Resource Identifier) notation, the browser, the time of the request and other parameters relating to the operating system and computer environment of the User. These data are used only to receive anonymous statistical information on the use of the website and to check its proper functioning. They are deleted immediately after processing.
Legal ground and purpose of the processing
The data provided will be processed in accordance with the principles of lawfulness ex art. 6 of the GDPR for the following purposes:
- to carry out your requests and answer the questions you have asked by filling in the forms “Visit the Cellar” and “Contacts” or at the e-mail address indicated on the site. The data processing has as its legal basis the legitimate interest of the Data Controller (art. 6 (f), of the GDPR) to be more efficient, provide information on the services offered, as well as improve and develop new products and services;
- to execute all pre-contractual measures taken at your request and all related operational requirements. The legal basis in this case is the need to execute the contract to which you are party or to execute pre-contractual measures (Art. 6 (b) of the GDPR);
- to comply with the legal obligations to which the Data Controller is subject. In this case, the legal basis is the need to comply with legal obligations requiring the Controller to collect and/or process certain types of personal data (Art. 6 (c) of the GDPR).
- the processing of the special data contained in the CVs received is lawful as it is necessary to carry out pre-contractual measures (art. 6 (b) GDPR) taken at the request of the person concerned. The processing of particular data is lawful on the basis of the authorization of the Italian Privacy Authority no. 1/2016, the effectiveness of which has been extended pursuant to art. 21 of Legislative Decree no. 101/2018.
Treatments that require your express consent
Your express consent is necessary in order to proceed with the processing of your personal data for marketing and promotional purposes (newsletter service). If you give your consent, therefore, you may receive commercial communications through automated contact tools (e-mail).
Your personal data will be processed at the Data Controller headquarters by internal staff specifically designated for this purpose as authorized subjects, using computer and telematic as well as paper supports.
In any case, the Data Controller adopts adequate security and confidentiality measures in order to reduce the risk of destruction, loss, modification, disclosure or unauthorized access to data or processing not allowed or not in accordance with the purpose of collection.
Mandatory or optional nature of the provision of the data
The provision of data marked with an asterisk (name and email), required to fill in the forms “Visit the Cellar” and “Contact“, is mandatory to send the request and any refusal to provide them would make it impossible for the Data Controller, to carry out the specific request. The provision of further data is purely optional.
Data retention period
In compliance with the provisions of art. 5, comma 1, letter e) of the GDPR, the information acquired, in compliance with the principles of necessity and proportionality, is processed for the time needed to achieve the purposes of collection, after which the data will be deleted or made anonymous permanently.
The retention period is linked to the time required to reply to correspondence received or provide the services requested, or it corresponds to the period of execution of the pre-contractual or contractual agreements that have been stipulated. However, some types of data can be stored for longer periods in order to allow the Data Controller to comply with legal obligations.
The data collected for marketing purposes will be processed for a maximum of 24 months from the date of last contact.
In any case, you can always ask for the interruption of the treatment or the cancellation of the data.
Your personal data are in no case subject to disclosure and/or communication to third parties.
Your data may be disclosed to third parties to comply with legal obligations, to comply with orders from public authorities or to comply with requests from judicial authorities.
Your personal data will not be transferred abroad to countries outside the EU that do not ensure adequate levels of data protection.
If necessary, within the limits strictly related to the pursuit of the activities described, The Controller assure you that the transfer of data is carried out only based on standard contractual clauses and decision of adequacy, in compliance with the provisions of art. 44 et seq. Of GDPR.
You have specific legal rights in relation to the personal information we hold about you which are recognized by Articles 15-22 EU Regulation 679/2016. These rights include:
- accessing your data (in full and by obtaining a copy) and knowing if the Data Controller holds and/or processes personal data relating to you. On this occasion you also have the right to obtain access to your personal data and information regarding the processing purposes, the categories of personal data in question, the receivers or categories of receivers to whom the personal data have been or will be communicated;
- verifying, updating and obtaining the rectification of inaccurate data or the integration of incomplete personal data with no unjustified delay;
- obtaining the cancellation or removal of your personal data;
- obtaining the restriction of the treatment;
- when applicable, receiving the personal data concerning you which you have provided to the Data Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another Controller (right to portability);
- objecting to the processing;
- lodging a complaint with the competent data protection supervisory authority (Italian Privacy Authority http://www.garanteprivacy.it/) or take legal action.
If you wish ask the Data Controller any of the rights above, or have any other queries, please do not hesitate to contact the Controller at firstname.lastname@example.org