Lorem ipsum dolor sit amet, consectetur adipiscing elit. Morbi eu nulla vehicula, sagittis tortor id, fermentum nunc. Donec gravida mi a condimentum rutrum. Praesent aliquet pellentesque nisi.
vino@elated-themes.com

Contact privacy policy

HomeLegalsContact privacy policy

POLICY ON THE PROTECTION OF PERSONAL DATA

 

Pursuant to Legislative Decree no. 196 of 30 June 2003 No. 196, as amended (“Personal Data Protection Code”) and European Regulation. 679 of 2016 (the “GDPR” [General Data Protection Regulation]), San Marzano Vini S.p.A., (VAT number 03017840731), with registered address at 74020 San Marzano di S.G. (TA), Via Monsignor Bello 9, email privacy@sanmarzanovini.com, as Data Controller (hereinafter, the “Data Controller”), wishes to inform you that your personal data will be processed to handle your request to be contacted by the Data Controller.

You may describe your request for us via the “Contact us” area. However, please do not provide any data that is defined under the GDPR as special category data (such as that relating to your health status, religious beliefs, etc.).

The lawful basis of the processing is the provision of a service, pursuant to Article 6, section 1(b) of the GDPR and therefore, no express consent will be required on your part for your request to be handled.

The data you provide will be processed mainly via paper means and/or computerised tools under the authority of the Data Controller, by parties that have been specifically authorised and instructed to process it (in accordance with Article 2-quaterdecies of the Personal Data Protection Code and 29 of the GDPR). We inform you that appropriate security measures are also observed pursuant to Articles 5 and 32 of the GDPR to prevent loss of data, unlawful or incorrect use and unauthorised access.

The data may be shared with the following parties, within the EU and in full compliance with the provisions of the GDPR: to organisations and/or public authorities, where this is required by law or upon their request; to external institutions, parties and companies used by the Data Controller to carry out activities connected, instrumental or consequential to the execution of the “Contact us” service; to external consultants, even when not designated in writing as Data Processors. The updated list of designated data processors can be provided upon the request of data subjects o be sent to the Data Controller’s e-mail address.

In the event that a Data Protection Officer is appointed (pursuant to Article 37 of the GDPR), their contact details will be posted on the website of the Data Controller.
Without prejudice to further legal obligations, personal data will be stored in a form that allows the identification of the Data Subject for a period of time not exceeding 10 days from the date of termination of the interaction necessary to respond to the request made through the ‘Contact’ area. In the event of a possible dispute in relation to the response, we may need to process your data until the final conclusion of the dispute, which may coincide with the passage of res judicata of the dispute.

Articles 15 ff. of the GDPR cover the data subject’s right to obtain the following, in the manner and within the limits established in Article 2-undecies of the Personal Data Protection Code and Article 12 of the GDPR:

  •  confirmation of the existence or otherwise of their personal data, even if not yet recorded, and disclosure of it in an intelligible manner;
  • Indication of the source of the personal data, the purposes and methods of the processing, the logic applied in the case of processing carried out with the aid of electronic tools, the identification details of the Data Controller;
  • update, rectification, addition, removal, anonymisation or block of unlawfully processed data – including those ones which do not need to be kept for the purposes for which they were collected or subsequently processed – confirmation that such activity operations have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disclosed to, except where it proves impossible or involves the use of resources that is clearly disproportionate to the protected right.

The data subject also has the right to:

  • revoke their consent (if given) to the processing of personal data at any time (without prejudice to the lawfulness of the processing based on the consent given before the revocation);
  • object to all or part of the processing of his/her personal data for legitimate reasons, even if pertinent to the purpose of their collection;
  • object to all or part of the processing of his/her personal data for the purpose of sending advertising materials, for direct sales or for market research or commercial communications;
  • lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) in the cases provided for by the GDPR, by contacting the Garante per la protezione dei dati personali directly: Website www.garanteprivacy.it, E-mail: protocollo@gpdp.it, Switchboard: (+39) 06.69677.1;
  • to the portability of personal data within the limits referred to in Article 20 of the GDPR.

The full form to exercise your rights can be found via the link [ model exercise of rights] with instructions for completion and on how to submit it to the Data Controller.