INFORMATION ON THE PROCESSING OF PERSONAL DATA in accordance with EU Regulation 679/2016 (“GDPR”)
This website collects certain personal data of its users in a way that complies with the Privacy legislation in force.
Address of the Data Controller: LEA Winery S.r.l. – Viale dei Comunali, 5 – 33078 San Vito al Tagliamento (PN) – ITALIA
Email Address of the Data Controller: firstname.lastname@example.org
TYPES OF DATA COLLECTED
Among the Personal Data collected by this Website, either independently or through third parties, there are name and e-mail.
Users assume responsibility for the Personal Data of third parties obtained, published or shared through this Website and guarantees that they the right to communicate or disseminate them, releasing the Owner from any liability towards third parties.
HOW AND WHERE THE DATA COLLECTED ARE PROCESSED
METHODS OF PROCESSING
The Data Controller adopts appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of Personal Data. The processing is carried out using computer and/or telematic instruments, with organizational methods and logics strictly related to the purposes indicated. In addition to the Data Controller, in some cases, other subjects involved in the organization of this Website (administrative, commercial, marketing, legal, system administrators) or external subjects (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) also appointed, if necessary, as Data Processors by the Data Controller, may have access to the Data. The updated list of Data Processors can always be requested from the Data Controller.
LEGAL BASIS FOR PROCESSING
The Data Controller processes Personal Data relating to the User if one of the following conditions exists:
-the User has given consent for one or more specific purposes. Please note that in some jurisdictions the Controller may be allowed to process Personal Data without the User’s consent or any of the other legal bases specified below, until the User opts out of such processing. However, this does not apply where the processing of Personal Data is governed by European legislation on the protection of Personal Data;
-processing is necessary for the performance of a contract with the User and/or the execution of pre-contractual measures;
-processing is necessary to fulfil a legal obligation to which the Controller is subject;
-processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
-processing is necessary for the pursuit of the legitimate interests of the Controller or of third parties.
However, it is always possible to ask the Controller to clarify the concrete legal basis of each processing operation and in particular to specify whether the processing is based on law, required by a contract or necessary to conclude a contract.
PLACE OF PROCESSING
The Data are processed at the operational headquarters of the Controller and in any other place where the parties involved in the processing are located. For further information, please contact the Data Controller.
The User’s Personal Data may be transferred to a country other than the one where the User is located. For further information on the location of the processing, please refer to the section on Personal Data processing details. The User is entitled to obtain information on the legal basis for the transfer of Data outside the European Union or to an international organization under public international law or formed by two or more countries, such as the UN, as well as on the security measures taken by the Data Controller to protect the Data. You may verify whether any of the above transfers take place by reviewing the section of this document relating to the details of the processing of Personal Data or by contacting the Controller at the address given at the beginning of this page.
DATA RETENTION PERIOD
The Data are processed and retained for the time required by the purposes for which they were collected.
Personal Data collected for purposes related to the execution of a contract between the Data Controller and the User will therefore be retained until the execution of such contract is completed.
Personal Data collected for purposes related to the legitimate interest of the Data Controller will therefore be retained until such interest is satisfied. The User may obtain further information on the legitimate interest pursued by the Controller in the relevant sections of this document or by contacting the Controller.
When the processing is based on the User’s consent, the Controller may keep the Personal Data for a longer period until such consent is revoked. In addition, the Controller may be obliged to retain Personal Data for a longer period in compliance with a legal obligation or by order of an authority.
At the end of the retention period, the Personal Data will be deleted. Therefore, at the end of this period, the right of access, cancellation, rectification, and the right to data portability can no longer be exercised.
PURPOSES OF DATA COLLECTION
The User’s Data are collected to enable the Data Controller to provide the Service, to comply with legal obligations, to respond to requests or enforcement actions, to protect its rights and interests (or those of Users or third parties), to detect any malicious or fraudulent activities, and to contact the User.
To obtain detailed information on the purposes of the processing and the Personal Data processed for each purpose, the User may refer to the section “Detailed information on the processing of Personal Data”.
Users may exercise certain rights with reference to the Data processed by the Data Controller. In particular, Users have the right to:
-revoke consent at any time. Users may revoke the consent to the processing of their Personal Data previously expressed.
-object to the processing of their Data. Users may object to the processing of their Data when it is done on a legal basis other than consent. Further details on the right to object are set out in the section below.
-access to their Data. Users have the right to obtain information on the Data processed by the Controller, on certain aspects of the processing and to receive a copy of the Data processed.
-verify and request rectification. Users may verify the accuracy of their Data and request that they be updated or corrected.
-obtain the limitation of processing. When certain conditions are met, Users may request the limitation of the processing of their Data. In this case, the Data Controller will not process the Data for any purpose other than their preservation.
-obtain the deletion or removal of their Personal Data. When certain conditions are met, Users may request the deletion of their Data by the Data Controller.
-receive their Data or have them transferred to another owner. Users have the right to receive their Data in a structured, commonly used and machine-readable format and, where technically feasible, to have it transferred without hindrance to another owner. This provision is applicable when the Data are processed by automated means and the processing is based on the User’s consent, on a contract to which the User is a party or on contractual measures related thereto.
-propose a complaint. Users may lodge a complaint with the competent data protection supervisory authority or take legal action.
DETAILS ON THE RIGHT TO OBJECT
When Personal Data are processed in the public interest, in the exercise of public authority vested in the Controller or in pursuit of a legitimate interest of the Controller, Users have the right to object to the processing on grounds relating to their particular situation.
Users are reminded that if their Data are processed for direct marketing purposes, they may object to the processing without providing any reasons. To find out whether the Controller processes data for direct marketing purposes, Users may refer to the respective sections of this document.
HOW TO EXERCISE RIGHTS
In order to exercise the User’s rights, Users may address a request to the contact details of the Controller indicated in this document. Requests are filed free of charge and processed by the Controller as soon as possible, in any case within one month.
FURTHER INFORMATION ON DATA PROCESSING
DEFENCE IN COURT
The User’s Personal Data may be used by the Data Controller in legal proceedings or in the preparatory phases of such proceedings in order to defend the User against abuses in the use of this Website or related Services.
The User declares to be aware that the Data Controller may be obliged to disclose the Data by order of public authorities.
SYSTEM LOGS AND MAINTENANCE
For operational and maintenance purposes, this Website and any third party services used by it may collect system logs, i.e. files that record interactions and which may also contain Personal Data, such as the User’s IP address.
INFORMATION NOT CONTAINED IN THIS POLICY
Further information in relation to the processing of Personal Data may be requested at any time from the Data Controller using the contact details.
RESPONSE TO “DO NOT TRACK” REQUESTS
This Website does not support “Do Not Track” requests. To find out whether any third-party services used support them, the User is invited to consult their respective privacy policies.
If the changes affect processing whose legal basis is consent, the Data Controller will collect the User’s consent again, if necessary.
TYPES OF COOKIES
This type of cookie allows certain sections of the Site to function correctly and is divided into two categories:
– persistent: once the browser is closed, they are not destroyed but remain until a preset expiry date
– session cookies: these are destroyed each time the browser is closed.
These cookies, which are always sent from the domain you are browsing, are necessary to display the site correctly and in relation to the technical services offered and will therefore always be used and sent unless you change the settings in your browser.
Analytical cookies are used to collect anonymous information on the use of the Site, in order to improve the use of the Site and to make the content more interesting and relevant to the wishes of users. This type of cookie collects data in an anonymous form on the activity of users and how they arrived at the Site. Analytical cookies are sent by the Site itself or by third-party domains.
ANALYTICAL COOKIES FROM THIRD-PARTY SERVICES
These cookies are used to collect information on the use of the Site by users in an anonymous form such as: pages visited, time spent, traffic origin, geographical origin, age, gender, and interests for marketing campaigns. These cookies are sent from third party domains external to the Site.
COOKIES TO INTEGRATE THIRD-PARTY SOFTWARE PRODUCTS AND FUNCTIONS
This type of cookie integrates features developed by third parties within the pages of the Site such as icons and preferences expressed in social networks in order to share the content of the site or for the use of third-party software services (such as software to generate maps and other software offering additional services). These cookies are sent from third party domains and partner sites that offer their functionality between the pages of the Site.
OTHER TYPES OF COOKIES OR THIRD-PARTY TOOLS THAT MAY MAKE USE OF THEM
Some of the services listed below collect statistics in aggregate form and may not require the User’s consent or may be managed directly by the Owner – depending on what is described – without the help of third parties.
If, among the tools indicated below, there are services managed by third parties, these may – in addition to what is specified and also without the knowledge of the Owner – carry out tracking activities on the User. For detailed information on the subject, we recommend that you consult the privacy policies of the services listed.
INTERACTION WITH SOCIAL NETWORKS AND EXTERNAL PLATFORMS
These services make it possible to interact with social networks or other external platforms directly from the pages of this Application.
Interactions and information acquired by this Application are in any case subject to the User’s privacy settings for each social network.
If a service for interaction with social networks is installed, it is possible that, even if Users do not use the service, it will collect traffic data relating to the pages on which it is installed.
THIRD PARTY WEBSITES AND SERVICES