Privacy Policy

Information policy pursuant to art. 13 of the European Regulation 679/2016

Pursuant to art. 13 of the European Regulation (EU) n. 2016/679 (hereafter GDPR), Cantina del Pino Società Agricola, based in Barbaresco (CN), 12050, Strada Ovello n. 31, as data controller, informs you that your data will be processed in the following manner and for the following purposes.

1.1. Object of the processing

The Owner treats your personal identification data (such as name, company name, tax code and VAT number, address, telephone numbers, bank details) you have communicated in the context of contractual relationships.

2.2 Purpose of the processing

Your personal data are processed without your express consent, pursuant to art. 6 lett. b) of the GDPR, for the following purposes:

• fulfill the pre-contractual, contractual and tax obligations deriving from relations with you;

• fulfill the obligations established by law, regulations, community legislation or an order of the Authority (such as for anti-money laundering cases);

• exercise the rights of the owner such as, for example, the right to defense in court;

3. Legal basis

Processing is necessary for the execution of a contract for which each customer is a party or for the execution of pre-contractual measures taken at the request of the customer.

4. Failure to provide data

The provision of data for the purposes referred to point 2 is a necessary requirement for the execution of the contract. Therefore, the failure to communicate such data implies the impossibility for the Owner to follow up on the activities related to the main processing, namely:

- contract management;

- the obligations, including legal ones, deriving from the relationship established.

5. Method of treatment

Your personal data are subjected to both paper and electronic and / or automated processing, also by inserting them into databases, lists and registers suitable for storing and managing data, in the manner and within the limits necessary for the pursuit of the aforementioned purposes.

Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access. By way of example and not exhaustively: firewall, antivirus, antimalware, backup.

Your data will be processed exclusively by persons authorized to treatment expressly appointed and instructed.

6. Storage

The Data Controller will process personal data for the time necessary to fulfill the aforementioned purposes and for the period prescribed by the laws relating to the conservation obligations for tax and statutory purposes.

7. Access to data

Personal data processed by the Data Controller will not be disclosed, or will not be disclosed to indeterminate subjects, in any possible form, including that of their availability or simple consultation.

Your data may be made accessible for the purposes referred to in point 2:

• to employees and collaborators of the Data Controller, in their capacity as agents and / or data processors;

• to third party companies or other subjects (as an indication, credit institutes, professional firms, consultants, etc.) who carry out outsourcing activities on behalf of the Owner, in their capacity as external managers of the processing.

Therefore, some of the personal data collected may be communicated as an example to:

- Consultants and freelancers, including associates, companies and law firms, etc., for administrative and accounting purposes, for professional consultancy and tax and legal assistance;

- Banks and credit institutions for the management of receipts and payments;

- Insurance companies;

- Financial administrations and public bodies in fulfillment of regulatory obligations;

- Data processing and IT services companies (eg web hosting, data entry, management and maintenance of infrastructures and IT services, etc.).

They can be communicated to the persons authorized to access it by virtue of provisions of law, regulations, community regulations.

The updated list of external managers is in any case available at the headquarters of the owner.

Furthermore, on the basis of the work tasks performed, some authorized to process have been entitled to process personal data, within the limits of their powers and in accordance with the instructions given to them by the Owner.

The updated list of persons authorized to process personal data is in any case available at the headquarters of the Data Controller.

8. Rights of the interested party

The art. 15 and following of the GDPR (*), give you the right to obtain:

• confirmation of the existence or not of personal data concerning you, even if not yet registered, and their communication in an intelligible form;

• the indication of the origin of personal data, of the purposes and methods of processing, of the logic applied in case of treatment carried out with the aid of electronic tools, of the identity of the Data Controller;

• the updating, rectification, integration, cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including those whose retention is not necessary in relation to the purposes for which the data are collected or subsequently processed;

• the attestation that these operations have been brought to the attention, also with regard to their content, of those to whom the data have been communicated, except in the case in which this fulfillment proves impossible or involves a use of means clearly disproportionate to the protected right.

You also have the right:

• to revoke at any time the consent given to the processing of personal data (without prejudice to the lawfulness of the treatment based on the consent given prior to the revocation);

• to object, in whole or in part, for legitimate reasons, to the processing of personal data concerning you, even if pertinent to the purpose of the collection;

• to object, in whole or in part, to the processing of personal data concerning you for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication;

• to propose a claim to the Guarantor for the protection of personal data in the cases provided for by the GDPR;

• to obtain from the data controller the limitation of processing when one of the hypotheses provided for by art. 18 of the Regulations;

• to the portability of personal data within the limits set out in Article 20 of the GDPR.
  
  

9. Modalities to exercising rights 

The interested party may at any time exercise the aforementioned rights by sending a communication:

• by e-mail, to the address cantina@cantinadelpino.com;  

• or by mail via registered mail addressed to Cantina del Pino Società Agricola, Strada Ovello

  n.31, 12050 Barbaresco (CN).

The Owner is required to provide an answer within one month of the request, extending up to two months in case of particular complexity of the request itself.

10. Identity and contact details of the Data Controller 

The data controller is Cantina del Pino Società Agricola, based in Strada Ovello n. 31, 12050 Barbaresco (CN), phone number 0173.635147, e-mail address cantina@cantinadelpino.com 

Signature

(Franca Miretti, legal representative of Cantina del Pino Società Agricola)