PRIVACY POLICY
Pursuant to Legislative Decree No. 196 of 30 June 2003, as amended (“Personal Data Protection Code”) and European Regulation No. 679 of 2016 (the “General Data Protection Regulation [GDPR]”), San Marzano Vini S.p.A. wishes to inform you and all users and/or visitors to the website www.pietrosa.com (the “Users” and the “Site”, respectively), regarding the use of personal data collected via the Site.
1. Data Controller, Data Processors and Data Protection Officer
The Data Controller is (VAT number 03017840731), with registered address at 74020 San Marzano di S.G. (TA), Via Monsignor Bello 9, email privacy@sanmarzanovini.com (hereinafter the “Data Controller”).
The updated list of designated data processors can be provided upon the request of data subjects and/or Users to be sent to the Controller’s e-mail address.
In the event that a Data Protection Officer is appointed (pursuant to Article 37 of the General Data Protection Regulation), their contact details will be posted on the website www.pietrosa.com.
2. Personal Data processed
2.1. Information Gathered Automatically by the Site
As with all websites, our Site also uses log files, which store information collected automatically when you visit it. The computer systems and software procedures used to operate the Site automatically acquire some personal data, the transmission of which is implicit in the use of internet communication protocols.
The following information is collected:
- Internet protocol (IP) address, or the domain name of the device you used;
- Type of browser and parameters of the device used to connect to the Site;
- URIs (Uniform Resource Identifiers) for the resources requested or the method used to submit the request to the server;
- Name of the internet service provider (ISP);
- Date and time visited;
- Referral page and exit page of the User;
- Potentially, the number of clicks;
- The size of the file obtained in response;
- The numerical code indicating the status of the response given by the server (successful, error, etc.);
- Other parameters relating to the operating system and IT environment of your device.
This information is processed in an automated form and collected exclusively in aggregate form to ensure the Site is working properly.
2.2 Information provided by you to use the Site
The information needed to use the Site and access the services offered and requested therein (e.g. Contact Us, etc.) is common identification and contact data.
3. The Personal Data you Provide us with by Using the Site: What Purposes we Process it for
Your data is processed for the following purposes:
(i) to fulfil legal obligations;
(ii) to carry out the technical management of the Site;
(iii) benefit from the “Contact us” service, which allows you to contact the Data Controller, as per the specific data protection information available at [ Contact Privacy Policy ].
The data you provide will be processed mainly with computerised tools under the authority of the Data Controller, by parties that have been specifically authorised and instructed to process it, in accordance with Article 29 of the General Data Protection Regulation and 2-quaterdecies of the Personal Data Protection Code. Please be advised that appropriate security measures are also observed pursuant to Articles 5 and 32 of the General Data Protection Regulation to prevent loss of data, unlawful or incorrect use and unauthorised access.
4. Nature of the Provision of Data and Legal Basis for Processing Data
With reference to the purpose referred to in section 3, point (iii), please see the specific information referred to in that point of this Data Protection Policy.
For the purposes referred to in points (i) and (ii) of section 3 above, the provision of your personal data is necessary as otherwise you will not be able to use the services offered by the Site. As a result, for the purposes referred to in point (i), the lawful basis of the processing is compliance with legal obligations, pursuant to Article 6, section 1(c) of the General Data Protection Regulation, while for the purposes referred to in point (ii), the lawful basis for the processing is the execution of the services provided through the Site and requested by you, in accordance with Article 6, section 1(b) of the General Data Protection Regulation.
5. Scope of Data Transfer and Who we can Share your Data with
Your data may be shared only within the EU, to the institutions, parties and external companies (including consultants and service providers) that the Data Controller uses for the management of the Site and for the performance of related activities, whether instrumental or consequent to the execution of the services offered by the Site.
Further details about the above can be found in the specific information provided or displayed on the Site and arranged for the related services on request.
6. Your Rights
Articles 15 ff. of the GDPR cover the data subject’s right to obtain the following, in the manner and within the limits established in Article 2-undecies of the Personal Data Protection Code and Article 12 of the GDPR:
- confirmation of the existence or otherwise of their personal data, even if not yet recorded, and disclosure of it in an intelligible manner;
- indication of the source of the personal data, the purposes and methods of the processing, the logic applied in the case of processing carried out with the aid of electronic tools, the identification details of the Data Controller;
- update, rectification, addition, removal, anonymisation or block of unlawfully processed data – including those ones which do not need to be kept for the purposes for which they were collected or subsequently processed – confirmation that such operations have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disclosed to, except where it proves impossible or involves the use of resources that is clearly disproportionate to the protected right.
The data subject also has the right to:
- revoke their consent (if given) to the processing of personal data at any time (without prejudice to the lawfulness of the processing based on the consent given before the revocation);
- object to all or part of the processing of his/her personal data for legitimate reasons, even if pertinent to the purpose of their collection;
- object to all or part of the processing of his/her personal data for the purpose of sending advertising materials, for direct sales or for market research or commercial communications;
- lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) in the cases provided for by the GDPR, by contacting the Garante per la protezione dei dati personali directly: Website www.garanteprivacy.it, E-mail: protocollo@gpdp.it, Switchboard: (+39) 06.69677.1;
- the portability of personal data within the limits referred to in Article 20 of the GDPR.
The full form to exercise your rights can be found via the link [ model exercise of rights ] with instructions for completion and on how to submit it to the Data Controller.
7. Processing Duration
Without prejudice to legal obligations, personal data will be retained for a specified period, based on criteria linked on the nature of the services provided. In particular, browsing data will be stored for a maximum of 7 days.
For more details about the other processing purposes highlighted above and governed by specific policies, please refer to what is expressly indicated therein.
8. Security Measures
Your data is processed through the Site in compliance with applicable law and using appropriate security measures in compliance with current regulations, including pursuant to Articles 5 and 32 of the General Data Protection Regulation.
In this regard, we also confirm the adoption of appropriate security measures targeting the prevention of unauthorised access, theft, disclosure, modification or destruction of your data.
9. Amendments to the Privacy Policy
The Data Controller reserves the right to make changes to this Privacy Policy. In this case, you will be promptly informed, when you use the Site again.