Articles. 13-14 of the EU Reg. 2016/679
The information is a general obligation that must be fulfilled before or at the latest when initiating the direct collection of personal data. In the case of personal data not collected directly from the interested party, the information must be provided within a reasonable time, or at the time of communication (not of registration) of the data (to third parties or to the interested party). Pursuant to the General Regulation for the Protection of Personal Data of Natural Persons (GDPR - Reg. (EU) 2016/679), the undersigned organization, data controller, informs of the following:
SOURCES AND CATEGORIES OF PERSONAL DATA
The personal data held by the undersigned organization are collected directly from the interested parties. This site does not collect sensitive data, for which we mean those suitable to reveal racial or ethnic origin, philosophical or other religious beliefs, political opinions, membership of trade unions, associations or organizations of a religious, philosophical or political nature or union, health and sex life.
During their normal operation, the IT systems and software procedures used to operate the website acquire some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified interested parties, but which by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's computer environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.
Profiling data are not directly acquired regarding the consumption habits or choices of the interested party. It is however possible that through links or by incorporating third-party elements, such information may be acquired by independent or separate subjects. See in this regard the section of third-party cookies.
As others, this website saves cookies on the browser used by the user concerned for the transmission of personal information and to enhance the experience. Infact, cookies are small text strings that the sites visited by the user send to his terminal (usually to the browser), where they are stored, sometimes even with characteristics of wide temporal persistence, to be then retransmitted to the same sites at the next visit.
As explained below, it's possible choosing whether and which cookies to accept, bearing in mind that refusing their use can affect the ability to perform some transactions on the site or the accuracy and adequacy of some of the customizable contents proposed or the ability to recognize the user from a visit to the next. If no choice is made in this regard, the default settings will be applied and all cookies will be activated: however, at any time, it will be possible to communicate or change the decisions in this regard.
In particular, the so-called session cookies are used, which are not stored permanently on the user's computer and disappear when the browser is closed and whose use is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow the safe and efficient exploration of the site and which avoid the use of other IT techniques potentially prejudicial to the confidentiality of users' browsing and do not allow the acquisition of the user's personal identification data. Then we use analytics cookies that help to understand how visitors interact with the contents of the site, collecting information (geographical and web origin, technology used, language, entry, visited, exit pages, residence times, etc.) and generating website usage statistics without personal identification of individual visitors. All these are to be considered technical cookies for which, since consent is not required, the opt-out mechanism applies. Technical cookies are not disclosed to third parties as necessary or useful for the operation of the site; therefore they are processed only by persons qualified as persons in charge, data processors or system administrators.
Third party cookies
Finally, the site incorporates cookies and other elements (tags, pixels, etc.) of third parties (autonomous and on which the Owner has no responsibility) who also carry out profiling activities and for which reference is made to the respective sites:
Shopify (see the Merchant storefronts section)
Data provided voluntarily by the user
The optional, explicit and voluntary sending of e-mails to the addresses indicated on the site entails the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data included in the email. Even the sending, explicit and voluntary, of the forms that can be filled in on the site containing data of the interested party involves processing to follow up on the pre-contractual obligations or the execution of the services provided by sending the forms. This information in the forms may relate to personal data, contact details, contact details, telephone numbers, email addresses of the interested parties and identified and identifiable third parties having cause with the user of the site. However, specific summary information will be progressively reported or displayed on the pages of the site prepared for particular services on request.
Newsletter and mailing list
The e-mail contacts used for sending communications from the site come from voluntary registrations by the recipient to whom a confirmation request is always subjected, as well as from information acquired in a context of sale of products or services of the Owner or otherwise similar . This includes sending information, promotional communications and material. It is emphasized that contacts are not acquired from public subscriber lists. In the event that communications are not of interest to the recipient, it is possible to avoid any further contact by clicking on the appropriate link contained in each message, or by writing to the contact details at the bottom, exercising their right to unsubscribe from the newsletter (for which it is used the Mailchimp system). Payments on vicinodivino.myshopify.com The payment system provides for the communication of some data to the bank providing the service (Paypal, Shopify Payments, Google Pay, etc.). The requested data is freely provided by the interested party: some of these (Name, Surname, E-mail) are indispensable; others are optional (notes, reason, etc.). E-commerce on vicinodivino.myshopify.com These are the data processed for the management of the carts, orders, any profile of the registered user and include personal data, addresses, purchase list, reports and notes. The personal data provided also processed through delegated third parties (home delivery, mailing and data entry companies) for the administrative management of orders and purchases; the management of any participation in loyalty programs; the processing of anonymous statistics related to the detection of purchasing behavior; sending advertising material relating to products and offers, possibly through the use of emails or telephone messages. Reserved area on vicinodivino.myshopify.com The information (texts, videos and images) that the user uploads to the reserved area are protected by encryption and authentication systems and are accessible only to authorized users, or to those directly involved and / or to the intermediaries involved. This information is not subject to disclosure operations.
PURPOSE AND LEGAL BASIS OF THE PROCESSING
Personal data are used (ref.art.6 (b) of the GDPR): to allow navigation on the site and possibly to perform the service or provision requested as part of the normal activity carried out by the undersigned organization (code ateco 47.25 wine shop).
Furthermore, all personal data can be processed: for purposes related to obligations established by law, as well as by provisions imparted by authorities legitimated by the law (ref. articles 6 (c) and 9 (b, g, h) of the GDPR);
for the assessment, exercise or defense of a right in court and out of court (legitimate interest) of the undersigned organization (ref. articles 6 (f) and 9 (f) of the GDPR);
for direct marketing purposes according to the legitimate interest of the Owner in particular;
for cookies, the advertising ids used to show advertisements and announcements;
for e-mail addresses for sending the newsletter;
for browsing and use logs to protect the site and service from cyber-attacks;
in these cases, the interested party can always deny consent so that the Data Controller will refrain from processing (ref. articles 6 (f) of the GDPR);
for purposes functional to the activity for which the interested party has the right to express consent or not, such as subscribing to the newsletter to receive information and promotion messages and the sale of products and services, detection of the degree of satisfaction, communication of data to third parties for receiving the sending of informative and promotional communications and marketing (GDPR art.6 (a))
CONSEQUENCES OF REFUSAL TO PROVIDE DATA
The provision of data collected from the interested party is optional but essential for the purpose of processing it for the purposes of letters a) and b). In the event that the interested parties do not communicate their essential data and do not allow treatment, it will not be possible to carry out and implement the proposed services and follow up on the contractual obligations undertaken, with consequent prejudice for the correct fulfillment of regulatory obligations , such as e.g. accounting, tax and administrative, etc. Apart from what is specified for navigation data, the user is free to provide personal data for cookies and specific requests through forms e.g. on products and / or services. Their absence can make it impossible to obtain what is requested. For all non-essential data, including sensitive ones, the provision is optional. In the absence of consent or incomplete or incorrect provision of certain data, including sensitive ones, the required fulfilments could be so incomplete as to cause prejudice or in terms of penalties or loss of benefits, both for the impossibility of guaranteeing the adequacy of the treatment itself to the obligations for which it is carried out, and for the possible mismatch of the results of the treatment itself to the obligations imposed by the law to which it is addressed, meaning that the undersigned organization is exempt from any and all responsibility for any penalties or afflictive measures.
METHODS OF DATA PROCESSING
The treatments connected to the website's web services are processed with automated tools for the time strictly necessary to achieve the purposes for which they were collected; they take place at the server in Italy or in the EU and are handled only by technical personnel in charge of processing, or by any persons in charge of maintenance and administration operations. Specific security measures are observed to prevent the loss of data, illicit or incorrect use and unauthorized access and the loss of confidentiality. The structure is equipped with anti-intrusion devices, firewalls, logs and disaster recovery. Specific mechanisms of data encryption and segregation and user authentication and authorization are used.
Data processing means their collection, registration, organization, storage, processing, modification, cancellation and destruction or the combination of two or more of these operations. In relation to the aforementioned purposes, the processing of personal data takes place using manual, IT and telematic tools, with logic strictly related to the purposes themselves and, in any case, in order to guarantee the security and confidentiality of personal data will therefore be treated in compliance with the methods indicated art. 5 EU Reg. 2016/679, which provides, among other things, that the data are processed in a lawful and correct manner, collected and recorded for specific, explicit and legitimate, exact, and if necessary updated, relevant purposes, complete and not excessive in relation to the purposes of the processing, in compliance with the fundamental rights and freedoms, as well as the dignity of the interested party with particular reference to confidentiality and personal identity, through protection and security measures. The undersigned organization has prepared and will further improve the data access and storage security system. An automated decision-making process (e.g. profiling) is not carried out.
EXTRA EU TRANSFERS
The treatment does not take place in non-EU countries.
Personal data will be kept, in general, as long as the purposes of the processing continue according to the category of data processed.
CATEGORIES OF RECIPIENTS
The data (only the indispensable ones) are communicated to persons in charge and data processors, both internal to the organization of the writer, and external, who perform specific tasks and operations (site administration, analysis of navigation, traffic, profiling data, management of emails and forms sent voluntarily by the user, fulfillment of e-commerce requests and orders, etc.) in the cases and subjects required by law The data will not be disclosed unless otherwise provided by law or after anonymization. Except as specified for third-party cookies and elements, without the prior general consent of the interested party to communicate to third parties, it will be possible to proceed only with services that do not provide for such communications. In case of need, specific and prompt consents will be requested and the subjects who will receive the data will use them as autonomous owners. In some cases (not subject to the ordinary management of this site) the Authority may request news and information, for the purpose of checking the processing of personal data. In these cases, the reply is mandatory under penalty of an administrative penalty.
RIGHTS OF THE INTERESTED PARTY
At any time you can: exercise your rights (access, rectification, cancellation, limitation, portability, opposition, absence of automated decision-making processes) when required against the data controller, pursuant to articles from 15 to 22 of the GDPR (link to the standard); propose a complaint to the Guarantor (www.garanteprivacy.it); if the treatment is based on consent, revoke this consent given, taking into account that the withdrawal of consent does not affect the lawfulness of the treatment based on consent before the revocation. Disabling cookies Almost all browsers offer the possibility to manage and not enable cookies, in order to respect user preferences. In some browsers it is possible to set rules to manage cookies site by site, an option that offers more precise control over user privacy; another function available on some browsers is the incognito mode, so that all cookies created in this mode are deleted after closing. See the following instructions for managing cookies in the relevant browsers: Chrome, Firefox, Internet Explorer, Safari, Opera.
ADDRESSES AND CONTACTS
The data controller is Prodotti di Langa srl, in the person of its pro tempore legal representative. The registered office is in Via Umberto I 29, zip code 12064, La Morra (CN). The contact details are: telephone 0173 509838; e-mail firstname.lastname@example.org The complete list of data processors is available on request.