Information on the processing of personal data ex art. 13-14 EU Reg.to 2016/679
Enoteca Regionale di Nizza, in its capacity as the Data Controller of your personal data, pursuant to and in accordance with EU Reg. 2016/679 hereinafter ‘GDPR’, hereby informs you that the aforementioned legislation provides for the protection of data subjects with respect to the processing of personal data and that such processing will be based on the principles of fairness, lawfulness, transparency and protection of the confidentiality and rights of the data subjects.
Purposes and legal basis of processing: in particular, personal data will be processed for the following purposes related to the implementation of fulfillments related to legislative obligations:
- Legally required tax and accounting compliance.
- customer management;
- customer billing history;
- after-sales support;
- scheduling of activities.
- Personal data will, in addition, be used for the following purposes related to the execution of measures and services offered and requested by the user, related to contractual or pre-contractual obligations as well as prior consent:
- to make information about future business initiatives of new products, services, offers and events both by us and by affiliated and/or subsidiary companies and business partners.
- for contact management (contact forms, mailing lists, newsletters)
- for the provision of services to the User or for the sale of products, including payment and eventual delivery.
- possibly to satisfy market surveys, statistics and for promotional activities inherent also to the mailing of advertising and promotional material;
- possibly for tourist and cultural activities;
- possibly for customer satisfaction surveys
Methods of processing. Personal data may be processed in the following ways:
entrusting third parties with processing operations;
processing by means of electronic computers;
manual processing by means of paper archives.
All processing is carried out in accordance with the modalities set out in Articles 6, 32 of the GDPR and through the adoption of the appropriate security measures provided.
Personal data will be processed only by competent and duly appointed persons for the performance of the services necessary for the proper management of the relationship, with guaranteed protection of the rights of the data subject, as well as by personnel expressly authorized by the Data Controller.
- Communication: Personal data may be communicated to external parties for the proper management of the relationship and in particular to the following categories of Recipients, acting as Data Processors pursuant to Article 28 of the GDPR:
- consultants and freelancers, including in associated form;
- subjects that provide services for the management of the web and the information system;
- operators of web platforms (management software e.g. Mailchimp for sending newsletters);
- competent authorities for fulfillment of legal obligations, upon request;
- banks and credit institutions;
- shippers, service operators for logistics in case of orders for the sale of the offered products.
- Retention Period. We point out that, in accordance with the principles of lawfulness, purpose limitation and data minimization, pursuant to Article 5 of the GDPR, the period of retention of personal data is:
- established for a period of time not exceeding the achievement of the purposes for which they are collected and processed for the execution and fulfillment of contractual purposes;
- established for a period of time not exceeding the performance of the services provided;
- established for a period of time not exceeding the achievement of the purposes for which they are collected and processed and in compliance with the mandatory time limits prescribed by law.
Data Controller: the Data Controller, according to the Law, is Enoteca Regionale di Nizza, based in Nizza Monferrato (AT) via Crova n. 2, e-mail: email@example.com, telephone: 0141 439294, mobile 320 1414335; P.Iva: 01410770059) in the person of its legal representative pro tempore.
The User has the right to obtain from the Controller the deletion (right to be forgotten), limitation, updating, rectification, portability, opposition to the processing of personal data concerning him/her, as well as in general he/she may exercise all the rights provided for in Articles 15, 16, 17, 18, 19, 20, 21, 22 of the GDPR.
EU Reg. 2016/679: Articles 15, 16, 17, 18, 19, 20, 21, 22 – Rights of the Data Subject
- The interested party has the right to obtain confirmation of the existence or non-existence of personal data concerning him/her, even if not yet registered, their communication in intelligible form and the possibility of making complaints to the Control Authority.
- The interested party has the right to obtain indication of:
Of the origin of the personal data;
Of the purposes and methods of processing;
of the logic applied in case of processing carried out with the aid of electronic instruments;
of the identification details of the data controller, data processors and the representative designated pursuant to Article 5, paragraph 2;
of the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of them in their capacity as designated representative in the territory of the State, managers or appointees.
- The interested party has the right to obtain:
the updating, rectification or, when interested, the integration of data;
the cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed;
certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected;
portability of the data.
- The data subject has the right to object, in whole or in part:
on legitimate grounds, to the processing of personal data concerning him/her, even if pertinent to the purpose of collection;
to the processing of personal data concerning him/her for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication.