INFORMATION ON THE PROCESSING OF PERSONAL DATA PURSUANT TO ART. 13 OF REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL OF 27 APRIL 2016 (“GENERAL DATA PROTECTION REGULATION – GDPR”)

Version 1.0 – Update: 12/27/2023

INFORMATION AND CONTACT DETAILS OF THE DATA CONTROLLER

Data Controller

CANTINE POVERO s.r.l., with registered office in Via Mattutina, 6 – Frazione San Matteo, 14010 Cisterna d’Asti (AT), VAT number 00171840051

Contact details of the Data Controller

E-mail: cantinepovero@cantinepovero.com

privacy@cantinepovero.com

Tel:(+39) 0141.979258

Fax:(+39) 0141.979450

CANTINE POVERO s.r.l., as Data Controller of your personal data (hereinafter also “Cantine Povero” or “Data Controller”), informs you, pursuant to articles 12 and 13 of Regulation (EU) 2016/679 (General Data Protection Regulation, hereinafter referred to for brevity as “GDPR”), that your personal data will be processed by specifically authorized subjects and limited to the purposes and with the methods that will be specified below.

Cantine Povero is the owner and manager of this website https://cantinepovero.com/, to which the information contained in this information applies (hereinafter also “Site”).

Cantine Povero believes in the importance of privacy for all its users and uses the data collected only to improve the experience of using the Site, respecting the standards required by European (GDPR) and national (Privacy Code) regulations, updating the information and allowing for easier reading and understanding.

The GDPR is a regulation aimed at strengthening and unifying data protection for all subjects within the European Union and which requires a high level of transparency on how personal data is collected, stored and used and more generally on the processing of personal data. and imposes stringent limits on their use.

OBJECT AND PURPOSES OF THE PROCESSING

The Data Controller informs you that it will specifically process your common personal data, i.e. name and surname, address of residence, tax code; contact data, i.e. email address, telephone number; banking and postal data, username and password, and IP address, according to the purposes and methods defined and specified below.

In particular, the personal data provided to the Data Controller will be processed for the pursuit of the following purposes:

  1. For the use and purchase of the services and/or products offered by the Data Controller through the Site, and in particular with reference to all the functions made possible by interaction with the Site through the specific buttons (Contacts, Tours & Tastings, Wine Club, Our Wines, Typical Products).
  2. To guarantee the correct functioning of the Site and all the technical functions relating to it, in order to allow the user the best possible browsing and purchasing experience of the services and/or products offered on the Site.

The data requested following your optional consent may be used for the following purpose:

    3.For the sending of commercial communications (direct marketing) by the Data Controller through the use of traditional (telephone with operator, paper communications) and automated means (email, sms, mms, fax, telephone without operator, posts on accounts of social networks), including the possible subscription to the “Newsletter”.

This information is effective only with reference to the Site, but not with reference to other different websites, for which the Data Controller is in no way responsible.

The processing of the data provided by the user will be carried out, also following automatic collection during navigation, for the sole purpose of verifying and/or controlling access to the Site and/or for the sole purpose of improving its functionality, in order to to ensure a better browsing experience.

As regards the processing of IP addresses and domain names, as well as all user browsing data, carried out by the Data Controller for the purposes indicated in point 2 above), please refer to Cookie Policy.

LAWFULNESS OF PROCESSING

Except as specified above for navigation data, the communication by you to the Data Controller of the personal data specified above has the following legal bases as prerequisites for the lawfulness of the processing:

  • Article 6, par. 1 letter f) of the GDPR (legitimate interest) for the purposes referred to in points 1 and 2 above.
  • Article 6, par. 1, letter a) of the GDPR (consent) for the purposes referred to in point 3 above.

The provision of your personal data is, therefore, necessary for the complete fulfillment of the purposes referred to in points 1 and 2 above, and, consequently, your possible refusal to provide personal data may result in the failure to provide the aforementioned services and functions of the Site, preventing all or part of its functionality.

The provision of your data is instead optional for the complete fulfillment of the purposes referred to in point 3 above and, consequently, your possible refusal to provide personal data does not lead to the failure to carry out the aforementioned services and functions of the Site, nor does it prevent all or part of its functionality. The data subject has the right to withdraw his/her consent at any time and the withdrawal of consent does not affect the lawfulness of the processing based on consent before the withdrawal. Consent is revoked as easily as it is given.

Soft Spam. On the basis of current legislation, the Data Controller may use the email coordinates provided by the user when purchasing a service and/or product to offer you services and products similar to those already purchased. However, if you do not wish to receive such communications, the user may object by notifying the Data Controller at any time, by writing to the address indicated below or by directly using the link present in the email communications received (so-called “opt out”). In this case, the Data Controller will interrupt the aforementioned activity without delay. The legal basis that legitimizes the sending of the promotional communications in question is found in the legitimate interest of the Data Controller pursuant to art. 6, par. 1 letter f) of the GDPR. For more information and/or to object to the service, you can contact the Data Controller at the email address privacy@cantinepovero.com.

MEANS OF THE PROCESSING

The processing of the personal data communicated by you is carried out by means of all or some of the operations indicated in the art. 4 no. 2) of the GDPR (“collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction”).

The personal data communicated by you are subjected to automated processing by the Data Controller for the time strictly necessary to achieve the purposes for which they were collected, with technical and organizational methods adopted to prevent data loss, illicit and/or incorrect use and access unauthorized, and such, therefore, as to guarantee a level of safety adequate to the risk pursuant to art. 32 of the GDPR, by specifically authorized subjects, in compliance with the provisions of the art. 29 of the GDPR, or employees and/or collaborators of the Data Controller in their capacity as authorized subjects and/or system administrators, who will be able to carry out consultation, use, processing, comparison and any other appropriate operation in compliance with the provisions of the law necessary to guarantee, among other things, the confidentiality and security of the data as well as the accuracy, updating and relevance of the data in compliance with the declared purposes and methods.

It is specified, in particular, that the personal data communicated by you will be processed only at the Data Controller’s headquarters, except as specified below, they will therefore not be disclosed, and, pursuant to art. 13, paragraph 1, letter (e), they may only be processed by authorized parties and/or by any data processors pursuant to art. 28 of the GDPR (in the person of individual professionals and/or complex professional associations), and/or by subjects who operate as independent data controllers, and which explicitly include hosting and/or personnel companies technician in charge of the management and/or maintenance of the Site, but only and exclusively for the purposes expressly and specifically indicated above.

SCOPE OF DATA COMMUNICATION

In relation to the purposes indicated above, personal data may be communicated to the following subjects and/or the categories of subjects indicated below, or they may be communicated to companies and/or people who provide services, including external ones, on behalf of the Data Controller.

Among these, for greater clarity, the following are indicated by way of example but not limited to: professionals and consultants, including those in associated form; entities that provide services for the management of the IT system and telecommunications networks (including email and management of web portals and websites – cloud storage – hosting services); banking institutions; factoring companies, debt collection companies, credit insurance companies; legal, administrative and tax consultancy firms; competent authorities and/or supervisory bodies for the fulfillment of legal obligations; subjects who carry out control, review and certification obligations of the activities carried out by the Data Controller which operate as external data processing subjects pursuant to art. 28 of the GDPR, or in total autonomy as subjects distinct from the Data Controller.

With exclusive reference to navigation data and IP addresses, the Site may share some of the data collected with services located outside Italy and the European Union area. In the event that this should become necessary for any reason, the Data Controller hereby ensures that the transfer of data will take place in compliance with the applicable legal provisions and, in particular, in accordance with articles 44 – 45 – 46 – 47 – 48 and 49 of the GDPR and other applicable legal provisions.

They are installed on the Site some plugins with advanced user privacy protection functions that do not send cookies or access the cookies present on the user’s browser when the page is opened but only after clicking on the plugin.

The collection and use of information by the subjects listed below are governed by their respective privacy policies to which please refer to the links indicated.

Instagram: https://www.instagram.com/

Facebook: https://www.facebook.com/

Whatsapp: https://www.whatsapp.com/

Youtube: https://www.youtube.com/

DATA RETENTION PERIOD

In compliance with the principles of lawfulness, limitation of purposes and conservation and minimization of data, pursuant to art. 5 of the GDPR, the retention period of your personal data is established for a period of time not exceeding the achievement of the purposes indicated above for which they are collected and processed, or for the entire duration of the fulfillment of the aforementioned purposes, and, therefore, once the purposes of the processing have been completed, your data will be deleted from all physical and IT media.

In particular, personal data will be retained until the conclusion of the contractual relationship and for retention times dictated by binding laws for the administrative and accounting purposes referred to in points 1 and 2 above; and until the consent is revoked and in any case no later than 2 years for the commercial purposes referred to in point 3.

AUTOMATED DECISION-MAKING AND PROFILING

The Data Controller informs that, for the purposes of processing your personal data, it does not make use of automated decision-making processes, i.e. those aimed at making decisions based solely on technological means based on predetermined criteria (i.e. without human involvement) and does not carry out profiling with the aid of first and/or third party profiling cookies within the limits and with the methods best indicated in the Cookie Policy to which express and complete reference is made.

RIGHTS OF THE USER (DATA SUBJECT)

Right of Access pursuant to art. 15 of the GDPR and Right to Rectification pursuant to art. 16 of the GDPR

The user, pursuant to art. 15 of the GDPR, has the right to obtain from the Data Controller confirmation of the existence or otherwise of processing of personal data concerning him, to obtain access to the same and to all the information referred to in the same art. 15, paragraph 1, letters from (a) to (h), by issuing a copy of the data being processed in a structured, commonly used, machine-readable and interoperable format.

The user, pursuant to art. 16 of the GDPR, has also the right to obtain from the Data Controller the rectification and/or integration of the data being processed if they are not updated and/or inaccurate and/or incomplete.

Right to erasure pursuant to art. 17 of the GDPR and Right to restriction of processing pursuant to art. 18 of the GDPR

The user has the right to obtain exclusively in the cases referred to in the art. 17, paragraph 1, letters (a) to (f), of the GDPR, the cancellation of data concerning him – with the exception of the hypotheses specifically provided for by the art. 17 paragraph 3.

The user, pursuant to art. 18 paragraph 1, letters (a) to (d), of the GDPR, has also the right to request and obtain from the Data Controller the restriction of the processing of your personal data, or that such data are not subjected to further processing and can no longer be modified. The Data Controller ensures that the limitation of processing is implemented using adequate technical devices that guarantee its inaccessibility and immutability.

Right to data portability pursuant to art. 20 of the GDPR

The user has the right to receive, pursuant to art. 20 of the GDPR, from the Data Controller the personal data concerning him/her, the processing of which is carried out by automated means, in a structured format, commonly used and readable by an automatic device, and also has the right to transmit such data to another data controller processing, or to obtain from the Data Controller, where technically feasible, the direct transmission of such data to another specifically identified data controller.

Right to object to processing pursuant to art. 21 of the GDPR

The user has the right to object at any time for reasons related to his particular situation to the processing of personal data concerning him/her pursuant to art. 6, par. 1, letters e) and f) including profiling on the basis of these provisions. The Data Controller refrains from further processing personal data, unless it demonstrates the existence of compelling legitimate reasons to proceed with the processing which prevail over the interests, rights and freedoms of the data subject or for the assessment, exercise or the defense of a right in court.

If personal data is processed for direct marketing purposes, the user has the right to object at any time to the processing of personal data concerning him/her carried out for such purposes, including profiling to the extent that it is connected to such direct marketing. If the user objects to the processing for direct marketing purposes, the personal data will no longer be processed for these purposes.

HOW TO EXERCISE USER’S RIGHTS

The user may exercise the rights listed above by sending a request via email to privacy@cantinepovero.com.

The Data Controller will confirm receipt of the request and provide information relating to the action taken, with reference to the exercise of the rights provided for in articles 15 to 22 of the GDPR, within 1 (one) month of receipt of the request itself. If necessary, and taking into account the complexity and number of requests, the Data Controller may extend this deadline by 2 (two) months, subject to a reasoned communication to be sent within 1 (one) month of receipt of the request.

The Data Controller will communicate any rectification, erasure, limitation or object to all recipients, as identified by the art. 4, paragraph 1, n. 9 of the GDPR, to which such data were transmitted, unless this proves impossible and/or involves a disproportionate effort.

Following the sending of the request for rectification, erasure, limitation, object, if the Data Controller has reasonable doubts about the user’s identity, it will request further information to confirm it. Such communications will be sent by email from the aforementioned address and will be processed by the person specifically authorized for this purpose.

Finally, we would like to remind you that the user has the right to lodge a complaint with the Supervisory Authority (Garante per la protezione dei dati personali), as specified pursuant to art. 13, paragraph 2, letter (d) and governed by articles 77 et seq. of the GDPR and 141 et seq. of Legislative Decree 196/2003, as amended by Legislative Decree 101/2018.