DATA PROTECTION POLICY
Pursuant to Legislative Decree No. 196 of 30 June 2003, as amended (“Personal Data Protection Code”) and European Regulation No. 679 of 2016 (the “General Data Protection Regulation [GDPR]”), Terre di Sava S.r.l. wishes to inform you and all users and/or visitors to the website https://www.notterossa.wine/ (the “Users” and the “Site”, respectively), regarding the use of personal data collected via the Site.
1. Data Controller, Data Processors and Data Protection Officer
The Data Controller is Terre di Sava S.r.l. (tax code and VAT number 02721500730), with registered address at 74028 – Sava (TA), S.S. 7 ter km 16, email privacy@terredisava.com (hereinafter the “Data Controller”).
The updated list of designated data processors can be provided upon the request of data subjects and/or Users.
In the event that a Data Protection Officer is appointed (pursuant to Article 37 of the General Data Protection Regulation), their contact details will be posted on the Site.
2. Personal Data processed
2.1 Information gathered automatically by the Site
As with all websites, our Site also uses log files, which store information collected automatically when you visit it. The computer systems and software procedures used to operate the Site automatically acquire some personal data, the transmission of which is implicit in the use of internet communication protocols.
The following information is collected:
- Internet protocol (IP) address, or the domain name of the device you used;
- Type of browser and parameters of the device used to connect to the Site;
- URIs (Uniform Resource Identifiers) for the resources requested or the method used to submit the request to the server;
- Name of the internet service provider (ISP);
- Date and time visited;
- Referral page and exit page of the User;
- Potentially, the number of clicks;
- The size of the file obtained in response;
- The numerical code indicating the status of the response given by the server (successful, error, etc.);
- Other parameters relating to the operating system and IT environment of your device.
This information is processed in an automated form and collected exclusively in aggregate form to ensure the Site is working properly.
2.2 Information You provide to use the Site
The information required to use the Site and access the services offered and requested therein (e.g., contact requests) consists of common identification and contact data.
3. Social network plug-in
The Site contains social network plug-ins (e.g. Facebook, Instagram). If you access one of our web pages equipped with such a plug-in, your internet browser connects directly to the social network’s servers, and the plug-in is displayed on the screen through the browser’s connection. The plug-in informs the social network’s server about which pages the data subject has visited. If a user of a social network visits our web pages while logged into their social account, their personal data may be associated with that social account. Even when using the functions of the plug-in (for example, by clicking the “Like” button or posting a comment), the information will be associated with the social network account.
Further information on the collection and use of data by social networks in general, as well as on the rights and methods available to protect the data subject’s privacy in this context, can be found on the social networks’ pages. If the data subject does not wish to associate the use of the Site with their social network account, they must log out of the social network before visiting it.
4. The personal data you provide us with by using the Site: what purposes we process it for
Your data is necessary for us to enable you to access the Site and browse it.
Your data is processed for the following purposes:
- (i) to fulfil legal obligations;
- (ii) to carry out the technical management of the Site;
- (iii) to use the “Contacts” service, which allows you to contact the Controller, as described in the specific privacy notice available at the following link [DATA PROTECTION NOTICE].
The data you provide will be processed mainly with computerised tools under the authority of the Data Controller, by parties that have been specifically authorised and instructed to process it, in accordance with Article 29 of the General Data Protection Regulation and 2-quaterdecies of the Personal Data Protection Code. Please be advised that appropriate security measures are also observed pursuant to Articles 5 and 32 of the General Data Protection Regulation to prevent loss of data, unlawful or incorrect use and unauthorised access.
5. Nature of the provision of data and legal basis for processing data
With reference to the purpose referred to in section 4, point (iii), please see the specific information referred to in that point of this Data Protection Policy.
For the purposes referred to in points (i) and (ii) of section 4 above, the provision of your personal data is necessary as otherwise you will not be able to use the services offered by the Site. As a result, for the purposes referred to in point (i), the lawful basis of the processing is compliance with legal obligations, pursuant to Article 6, section 1(c) of the General Data Protection Regulation, while for the purposes referred to in point (ii), the lawful basis for the processing is the execution of the services provided through the Site and requested by you, in accordance with Article 6, section 1(b) of the General Data Protection Regulation.
6. Scope of data transfer and who we can share your data with
Your data may be shared only within the EU, to the institutions, parties and external companies (including consultants and service providers) that the Data Controller uses for the management of the Site and for the performance of related activities, whether instrumental or consequent to the execution of the services offered by the Site.
Further details about the above can be found in the specific information provided or displayed on the Site and arranged for the related services on request.
7.Your Rights
At any time, by sending an email to the Data Controller’s email address, you may exercise the rights set out in Articles 15 et seq. of the Privacy Regulation, regarding access, rectification, transformation, blocking, erasure, and restriction of processing, in the manner and within the limits established by Article 12 of the Privacy Regulation.
The complete form for exercising these rights is available at the following link: [EXERCISE OF RIGHTS].
In the event of a lack of timely response or an inadequate reply from this company, or if you believe that a violation of the Privacy Code and/or the Privacy Regulation has occurred, you may lodge a complaint with the Italian Data Protection Authority at the following contacts: www.gpdp.it – www.garanteprivacy.it, Email: protocollo@gpdp.it, Telephone switchboard: (+39) 06.69677.1.
8. Processing duration
Without prejudice to legal obligations, personal data will be retained for a specified period, based on criteria linked on the nature of the services provided. In particular, browsing data will be stored for a maximum of 7 days.
For more details about the other processing purposes highlighted above and governed by specific policies, please refer to what is expressly indicated therein.
9. Security measures
Your data is processed through the Site in compliance with applicable law and using appropriate security measures in compliance with current regulations, including pursuant to Articles 5 and 32 of the General Data Protection Regulation.
In this regard, we also confirm the adoption of appropriate security measures targeting the prevention of unauthorised access, theft, disclosure, modification or destruction of your data.
10. Amendments to the Privacy Policy
The Data Controller reserves the right to make changes to this Privacy Policy. In this case, you will be promptly informed, when you use the Site again.