INFORMATION ON THE PROCESSING OF PERSONAL DATA
This information is provided pursuant to art. 13 Legislative Decree 30.06.2003, 196 (“Code regarding the protection of personal data”) and art. 13 of EU Regulation no. 2016/679 (“European General Regulation on the Protection of Personal Data”).
Users are invited to periodically visit this section, in order to always be updated on any regulatory changes.
Any possible reform and/or new legislation on the matter will be reported with a specific banner on the Home Page with simultaneous adaptation of this information.
This information is aimed at describing the methods of processing the personal data of users who consult and use the site: www.tenutadicasteldardo.it
This information concerns only the site: www.tenutadicasteldardo.it and not other sites, pages or online services accessible via hypertext links possibly published on the site but referring to resources external to the domain of the Data Controller.
Following and while browsing the aforementioned site, personal data relating to identified or identifiable natural persons may be processed.
The individual agricultural enterprise Tenuta di Casteldardo di Foscolo Alvise (hereinafter referred to as the company), with registered and administrative headquarters in Via Casteldardo n. 3 – 32028Borgo Valbelluna (BL), tax code and registration in the Treviso – Belluno Company Register no. FSCLVS52C31L736O, REA BL 77885, VAT number 00267080257, PEC (Certified Electronic Mail) email@example.com, as Data Controller (hereinafter, “Data Controller”), informs pursuant to art. 13, Legislative Decree 06.30.2003, 196 (hereinafter, “Privacy Code”) and art. 13, EU Regulation no. 2016/679 (hereinafter, “GDPR”) that the data will be processed in the following ways and for the following purposes:
1. Object of the Processing
The Data Controller processes common personal identification data, in particular, name, surname, tax code, e.g. VAT, email, telephone number (hereinafter personal data or data), released voluntarily and knowingly by the user, or otherwise acquired within the limits of the provisions of the art. 14, paragraph 5, GDPR, in the context of commercial relationships with the company.
In relation to sensitive information released by the user for the execution of transactions with electronic money (bank transfer, debit/credit card), the responsibility for the processing of the aforementioned information lies with the banking institution or the third party system in charge and in charge of the operation. The company, in fact, uses a third-party system for economic transactions and will not have access to the aforementioned information at any time.
In any case, in relation to the information processed by the Data Controller and the Data Processors, the use of procedures and protocols is guaranteed that do not allow third parties to have access to any of the aforementioned information.
2. Type and origin of personal data processed
The computer systems and software procedures used to operate this site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This category of data includes the IP addresses or domain names of the computers and terminals used by users, the addresses in URI/URL (Uniform Resource Identifier/Locator) notation of the requested resources, the time of the request, the method used in the submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s IT environment.
Data communicated by the user.
The optional, explicit and voluntary sending of messages to the contact addresses of the Owner, the private messages sent by users to the page as well as the compilation and forwarding of the forms present on the sites, the access to the reserved area possibly available, entail the acquisition of the sender’s contact data, necessary to respond, as well as all personal data included in the communications.
3. Purpose and methods of processing
Personal data is collected for the purpose of registering the user and activating the procedures for the use of this website, as well as the related communications, in addition to the correct performance of the service offered, they are also used for profiling purposes. of users, study of marketing strategies, sending of marketing campaigns, sending of purchase reminder emails.
The aforementioned data, in any case, are processed electronically in compliance with the laws in force and may only be exhibited upon request of the judicial authority or other authorities for this purpose authorized by law and will not be transmitted to third parties other than the Owner and formally designated Managers.
The processing of your personal data is carried out by means of the operations indicated in the art. 4, Privacy Code and art. 4, no. 2), GDPR and precisely: collection, recording, organisation, conservation, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data.
The processing of your data will be based on the principles of correctness, lawfulness and transparency and may also be carried out through automated methods aimed at storing, managing and transmitting them and will take place using suitable tools, to the extent reasonable and state of the art, to guarantee security. and confidentiality through the use of appropriate procedures that avoid the risk of loss, unauthorized access, illicit use and dissemination.
Statistical information and the correct functioning of the services.
The navigation data processed, necessary for the use of web services, are also processed for the purpose of: obtaining statistical information on the use of the services (most visited pages, number of visitors per time slot or daily, geographical areas of origin, etc. ); check the correct functioning of the services offered. The legal basis is constituted by the legitimate interest of the Data Controller pursuant to art. 6.I letter. f) of EU Reg. 679/16 and therefore your consent is not necessary.
Response to interested parties’ requests.
The data communicated by the user will be processed by the Data Controller for the sole purpose of verifying the requests of the interested parties and will not be communicated externally or used for purposes other than those described in this information. The legal basis of the processing is constituted by art. 6. I letter. b) of EU Reg. 679/16 and therefore your consent is not necessary.
4. Method of granting consent. Active contribution.
This website does not use automatic or predefined boxes for the acquisition of consent from the interested party to the processing of personal data.
In fact, as required by EU Regulations, the user must express their consent in a clear, determined and informed way by clicking on the appropriate button and entering the code requested by the system, only after having carefully read the text of the information.
In this way, consent to the processing and storage of personal data by the system will have been acquired.
The user, once he has consciously given consent, by carrying out the procedure guided by the system, assumes responsibility for having read the information, relieving the Data Controller from any liability.
Giving consent to the processing of data is not mandatory, but is preparatory to the fulfillment of the essential purposes pursued by the website and the service it provides.
Any consent given will be tracked via the contact form and/or the site registration form.
5. Access to data
The personal data processed by the Data Controller will not be disclosed, or will not be disclosed to indeterminate subjects, in any possible form, including that of making them available or simple consultation. However, they may be communicated to the workers who work for the Data Controller and to some external parties who collaborate with them.
In particular, your data may be made accessible to:
• employees and collaborators of the Data Controller, in their capacity as internal Managers and/or Persons in charge of processing personal data and/or System Administrators;
• third-party companies or other subjects (by way of example: credit institutions, professional firms, consultants, insurance companies, etc.) who carry out outsourced activities on behalf of the Data Controller, in their capacity as external Managers and/or Data Controllers processing of personal data.
In these cases, the interested party’s consent to the communication of personal data is not necessary.
Your data may also be communicated, within the strictly necessary limits, to subjects who, for the purpose of processing orders or other requests or providing services relating to the transaction or contractual relationship with the Data Controller, must provide goods and/or perform services or services on behalf of the Owner. Finally, they may be communicated to subjects entitled to access them pursuant to legal provisions, regulations and community regulations.
In any case, excluding the above cases, the data being processed will not be communicated to third parties, to be understood as subjects ofdifferent from the owner and those responsible for the processing.
6. Data communication
Without your express consent (pursuant to art. 24 letter a), b), d), Privacy Code and art. 6 lett. b), c), GDPR), the Data Controller may communicate your data for the purposes indicated to Supervisory Bodies, Judicial Authorities as well as to all other subjects to whom communication is mandatory by law for the fulfillment of the said purposes.
7. Data transfer
The management and storage of personal data will take place on the servers of the Data Controller and/or third-party companies appointed and duly appointed as Data Processors, located within the European Union, or in compliance with the provisions of the articles. 45 et seq., GDPR. The servers are currently located in ITALY, at the NETSONS S.R.L. webfarm, with headquarters in Via Tirino n. 99 – PESCARA, in a dedicated SSD server and in a “mysql” database protected by SSL utf-8- Italy.
The data will not be transferred outside the European Union. In any case, it is understood that, should it become necessary to transfer the location of the servers to Italy and/or the European Union and/or non-EU countries, such movement will always take place in compliance with the articles. 45 et seq., GDPR.
In this case, however, the Data Controller hereby ensures that the transfer of non-EU data will take place in compliance with the applicable legal provisions by stipulating, if necessary, agreements that guarantee an adequate level of protection and/or adopting the standard contractual clauses. provided by the European Commission.
8. Rights of the interested party
In your capacity as an interested party, you have the rights referred to in the art. 7, Privacy Code and art. 15, GDPR and precisely the rights of:
1. obtain confirmation of the existence or otherwise of personal data concerning you, even if not yet registered, and their communication in an intelligible form;
2. obtain indication of: a) the origin of the personal data; b) the purposes and methods of processing; c) of the logic applied in case of processing carried out with the aid of electronic instruments; d) the identification details of the owner, managers and representative designated pursuant to art. 5, paragraph 2 Privacy Code and art. 3, paragraph 1, GDPR; e) of the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of them in their capacity as designated representatives in the territory of the State, managers or agents;
3. obtain: a) updating, rectification or, when you are interested, integration of data; b) the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including those whose retention is not necessary in relation to the purposes for which the data were collected or subsequently processed; c) certification that the operations referred to in letters a) and b) have been brought to the attention, also with regard to their content, of those to whom the data have been communicated or disseminated, except in the case in which this requirement is proves impossible or involves a manifestly disproportionate use of means compared to the protected right;
4. object, in whole or in part: a) for legitimate reasons to the processing of personal data concerning you, even if pertinent to the purpose of the collection; b) to the processing of personal data concerning you for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication, through the use of automated call systems without the intervention of an operator by email and/or by traditional marketing methods by telephone and/or paper mail.
Where applicable, you also have the rights referred to in the articles. 16 – 21, GDPR (Right of rectification, right to be forgotten, right to limit processing, right to data portability, right to object), as well as the right to complain to the Guarantor Authority.
9. Method of exercising rights
You have the right to ask the Data Controller for access to the Data concerning you, their rectification or cancellation, the integration of incomplete Data, the limitation of processing; to receive the Data in a structured, commonly used and machine-readable format; to revoke any consent given relating to the processing of your sensitive data at any time and to oppose, in whole or in part, the use of the data; to lodge a complaint with the Authority, as well as to exercise the other rights recognized to you by the applicable regulations.
You may exercise your rights at any time by sending a registered letter with return receipt to: The individual agricultural company Tenuta di Casteldardo di Foscolo Alvise, with registered and administrative headquarters in Via Casteldardo n. 3 – 32028Borgo Valbelluna (BL); or an e-mail to the address: firstname.lastname@example.org
10. Reporting procedure
In case of violation of the rulesme to protect personal data or events that lead to the loss of the aforementioned data by the Data Controller, Regulation 679/2016 imposes the following procedure:
• Obligation of reporting by the interested party
If the interested party is aware of the violation of their personal data, they must make an urgent communication to the Data Controller, using one or more contacts among those indicated in point 15 of this information.
The Data Controller must, within 72 hours, communicate the violation to the Privacy Authority, together with the measures adopted to deal with the violation.
• Report by the Data Controller
The Data Controller who becomes aware of the violation from other sources of control (DPO – Data Controller – Data Processors). You must notify the Privacy Authority within 72 hours, also indicating the measures to deal with the violation, as well as the interested party.
The interested party also has the right to lodge a complaint with the Supervisory Authority. For further information on the procedures, the user is invited to visit the website www.garanteprivacy.it
• Compensation for damage
The interested party who has suffered damage caused by the loss, unauthorized or illicit dissemination of his/her data has the right to proceed to the appropriate offices to obtain compensation.
11. Competent authority
For reports relating to the violation of personal data or damage suffered as a result, the Guarantor Authority www.garanteprivacy.it is competent
In the event of disputes relating to the interpretation of this document, the Consumer Court will be competent, pursuant to Legislative Decree 206/2005.
Where the person providing the data is under the age of 16, such processing is lawful only if and to the extent that such consent is given or authorized by the holder of parental responsibility for whom the identification data and copy of the data are acquired. identification documents.
14. Owner and Manager of the Processing of Personal Data
The Data Controller is: Foscolo Alvise