In accordance with the duties set forth by the EU General Data Protection Regulation 2016/679 (GDPR), please be advised that Le Carezze s.r.l., as Data Controller and website operator of www.cantinalecarezze.it will process the personal data provided by you and / or by other subjects communicated, through the compilation of forms, navigation of web pages and use of services.
- DATA CONTROLLER
- DATA RETENTION
The data collected will be kept for the period strictly necessary, in any case not exceeding twelve (12) months from their collection for profiling or marketing purposes and ten (10) years from their collection for administrative or legal purposes.
- TYPES OF DATA BEING PROCESSED
During the navigation and use of the Website, the following information may be collected and processed for services security and improvement:
a) Site login page (using query parameters in the URL)
b) Source page that leads visitors
c) Date and time of access
d) Amount of data transferred Access status (translated page, page not found…)
e) Operating system and browser used
f) Ip address of the client and possibly domain name or name of the Internet service provider
g) Registration data, statistics on page views
In case of request for information (contact form) the following personal data will be requested:
- First and last name
- Company name
- Phone number
All data will be used exclusively to manage communications, check if you are already our customer and allow us to provide quick and accurate answers to your requests.
In the case of newsletter subscription through our website (newsletter form) you will be asked for the following personal data:
- First Name
All data will be used exclusively to provide you periodical information and news about Le Carezze.
Your data shall be processed for the following purposes:
a) As part of the ordinary course of our institutional affairs and/or in pursuit of our corporate purpose
b)For needs relating to the execution of a contract or engagement, performance thereunder, or amendments thereto, or any duty we are bound to under the same
c) Operational, organizational, management, tax, financial, insurance, or bookkeeping issues relating to any established contractual or pre-contractual relationship
d) To discharge any statutory or regulatory duty (national or EU).
e) Needs relating to monitoring how products are distributed, or services rendered, vendor relationships, and for contract-risk analysis/management
f) Traditional marketing, online marketing, web marketing, and web advertising (with your express consent).
g) To respond to requests and messages that you can forward, filling the appropriate contact form
- INFORMATION ABOUT THE PROCESSING OF PERSONAL DATA
Processing shall be performed in a non-automated or semi-automated manner, and may include the following operations: collection, recording, organization, retention, review, use, development, modification, selection, excerpting, comparison, mining, disclosure, dissemination, erasure, destruction, blocking, or limitation.
Processing shall be conducted using hard-copy or electronic instruments sufficient to ensure the security and privacy of such data in accordance with Art. 32 of the EU General Data Protection Regulation (EU 2016/679, the “GDPR”) with respect to adequate safeguards.
In carrying out processing operations, those technical, IT, organizational, logistical, and security-protocol procedures needed to comply with the minimum statutory requirements shall be implemented.
- SUBMISSION OF DATA
The submission of data is mandatory and does not require your consent for:
- the pursuit of purposes relating to statutory, or regulatory (national or EU) compliance.
- personal data essential for the proper functioning of the website (p.es. technical cookies).
- the personal data necessary to respond to your requests (e.g., contact form, newsletter subscription)
The submission of data is optional and requires your express consent for:
- some statistical features, such as p.es. analytics cookies. Your consent will be requested through a banner and can be expressed by ticking the appropriate box. Any refusal, even if legitimate, to provide all or part of the above data, could make the provision of services less simple but will not compromise the use of the site.
- marketing activities: in this case the consent will be requested through a special checkbox after the data acquisition forms (e.g., contact form)
- DATA PROCESSORS
The entities or individuals who may become aware of the data or to whom the data may be communicated are the following: IT consultants, collaborators, consultants or consulting firms, IT service providers (cloud, hosting, mailing), suppliers of other services.
Personal data may also be disseminated, but only in aggregate, anonymous form and for statistical purposes.
Should processing involve a certain type of data known as “sensitive personal data” (meaning data that might reveal a person’s race or ethnic background, religious beliefs, philosophical or other creed, party or union affiliation, membership in any religious, philosophical, political, or union association or organization, as well as data that might reveal a person’s health status, sex life, sexual orientation, genetic makeup, or biometric data) or “court-related data” (meaning data that might reveal proceedings in a court docket or record, registers of any fines predicated on criminal acts, or any pending charges as either defendant or party under investigation) the processing will be carried out in accordance with the guarantee measures ordered by the Data Protection Authority and conducted in a manner strictly tailored to company operations, and to those transactions relating to the delivery of products or rendering of services, to contractual or statutory/regulatory compliance. Personal data may also be communicated to Public Bodies, Police Forces or other Public and Private Subjects, but exclusively for the purpose of fulfilling legal obligations.
- DATA TRANSFER
The processed data are stored in the European Union. In some cases, our suppliers (e.g., Google, Microsoft etc.) could also transfer them outside the EU, but only based on an adequacy decision of the European Commission and in the presence of adequate privacy guarantees.
- YOUR RIGHTS
In any case, you can always request at any time a copy of your personal data, information about the location where your personal data are processed and an updated list with the identification details of all the Data Processors and IT.
At any time, you can freely revoke the consent given, without any burden and prejudice to the lawfulness of the processing carried out up to that moment. You may further exercise your data-subject rights as against the Data Controller as set forth in EU General Data Protection Regulation (EU 2016/679, the “GDPR”): Access, Correction, Erasure, Limitation, Objection, Data Portability, Complaints with the Data Protection Authority.
Le Carezze s.r.l.