Privacy policy
What is a privacy policy
This privacy policy explains what types of Personal Data are collected by GRIGIO DEL CASENTINO® Srl (hereinafter referred to as ‘GRIGIO DEL CASENTINO®’) and how these Personal Data are processed when Users visit the website and use the web services provided by GRIGIO DEL CASENTINO®, available at https://grigiodelcasentino.it/ (hereinafter referred to as the ‘Website’) and pursuant to Article 13 of the Italian Legislative Decree No 196/2003 (Italian Personal Data Protection Code, hereinafter referred to as ‘Code’), as well as pursuant to Article 13 of the Regulation (EU) No 2016/279 (hereinafter referred to as ‘GDPR’). This policy shall not apply to third-party web pages which may be consulted by Users through links, and Personal Data collected by them. GRIGIO DEL CASENTINO® is under no circumstances liable for the privacy policies and/or practices applied by third parties. Whenever Users consult another website or use a service provided by third parties, they should read the privacy policy of this website/service. The term ‘Personal Data’ refers to any information related to a natural person, either identified or identifiable, even indirectly, by reference to any other information.
GRIGIO DEL CASENTINO® can rectify, integrate or regularly update this policy, including also amendments to the applicable regulations. Rectifications and updates to this policy will be applied and will be brought to the attention of interested parties as soon as they are adopted, by updating the link to the privacy policy on the Website. Therefore, Users are invited to periodically consult the Website to check the latest version of the policy.
Processing of Personal Data
Access to several sections of the Website and/or any request for information or services by Users of the Website may require the insertion of Personal Data. Furthermore, any contact with GRIGIO DEL CASENTINO®, such as for instance through customer service or the optional, explicit and voluntary dispatch of electronic mails or postal mails to the addresses of GRIGIO DEL CASENTINO® indicated on the Website, entails the subsequent acquisition of the sender’s address, and email where relevant, or the telephone number, necessary to respond to these requests, as well as any other Personal Data included in the message.
As Data Controller, GRIGIO DEL CASENTINO® informs that the processing of Personal Data as mentioned above will take place in accordance with the Code and the GDPR.
This policy is intended to inform Users of Personal Data processing by GRIGIO DEL CASENTINO® before they access various areas of the Website and provide their Personal Data. Users must read it before providing any Personal Data, by filling the relevant gaps in the appropriate areas of the Website.
Purposes of Data Processing
Depending on the different needs of Users accessing different areas of the Website, Personal Data provided directly by Users can be used in the following ways:
- to allow the registration on the Website, which is required to access certain areas of the Website itself and to provide and manage the wide range of services offered on the Website;
- upon Users’ specific prior consent and as long as this consent is not revoked, to carry out marketing activities (such as, for illustrative, yet incomplete purposes, distribution of promotional and advertising material, communication of marketing campaigns or promotions, conduction of analysis of registered users and customer satisfaction surveys, which allow GRIGIO DEL CASENTINO® to improve the services and products offered to its clients), including via email, MMs and SMS, calls or by ordinary post; Users shall have the right to object at any time to receiving such communications;
- upon Users’ specific prior consent and as long as this consent is not revoked, to send newsletters with updates about the Website and other news about GRIGIO DEL CASENTINO®;
- to provide assistance and respond to Users’ requests concerning GRIGIO DEL CASENTINO® products, advertisements or the Website (‘Contacts’ section of the Website);
- Social Networks: to provide advertising and engage Users on GRIGIO DEL CASENTINO®’s Social Networks (such as Facebook, Twitter, Instagram, Pinterest etc.) through the use of their Personal Data deriving from Users interaction with third-party Social Network features (such as the ‘Like’ features). Users can learn more about how these features work, which profile Personal Data GRIGIO DEL CASENTINO® obtains and how to withdraw consent, by consulting the privacy policies of the relevant third-party Social Networks;
- Communications concerning orders: if an order is placed on the e-commerce platforms, GRIGIO DEL CASENTINO® will use the Users’ Personal Data to process and send orders as well as to send purchase confirmation emails, delivery confirmation emails and requests for feedback. The processing of Personal Data is necessary for the provision of services by GRIGIO DEL CASENTINO®, therefore the legal basis for this Personal Data Processing is Article 6 (1) (b) of the GDPR. Users are contractually required to provide these Personal Data, without which GRIGIO DEL CASENTINO® would not be able to send communications regarding Users’ orders;
- legal reasons or merger/acquisition: should GRIGIO DEL CASENTINO® be acquired or merged with another society, GRIGIO DEL CASENTINO® shall have the right to transfer Personal Data to any legal successor. Furthermore, GRIGIO DEL CASENTINO® may disclose Personal Data to third parties (a) as required by applicable law; (b) to respond to legal processes; (c) in response to a competent law enforcement agency’s request; (d) to protect its own rights, privacy, safety or property; (e) to fulfil the terms of any contract or the terms of its own website.
Users are not required to register on the Website to access certain services provided by GRIGIO DEL CASENTINO®; however, in order to respond to Users’ requests concerning these services, Users will be invited to provide Personal Data which will be processed solely for relevant purposes for no longer than necessary.
Means of data processing
Personal Data will be processed by operations of collection, recording, organisation, storage, consultation, processing, rectification, selection, extraction, comparison, use, interconnection, blocking, communication, erasure and destruction of Personal Data.
Personal Data will be processed primarily by automated means, but also in paper format, with means strictly related to the aforementioned purposes.
Nature of the provision of Users’ Personal Data
The provision of Personal Data is optional, but partly necessary, to ensure that GRIGIO DEL CASENTINO® meets the needs of Users with regards to the services provided on the website and for the aforementioned purposes. Failure to provide Personal Data, or the partial or inaccurate provision thereof, being necessary for the provision of the services requested, will render this provision impossible; failure to provide optional Personal Data that are not necessary, or the partial or inaccurate provision thereof, will have no consequences.
Categories of Personal Data subject to processing
As well as Personal Data provided directly by Users (such as name, surname, postal address, email address, password, age, birth date, gender, image, profession, civil status etc.) when connecting to the Website, information systems and software procedures employed by the Website acquire, both automatically and indirectly, some Personal Data, whose transmission is implicit in the use of internet communication protocols (e.g. IP address or domain names of computers used by Users connecting to the website, URI address – Uniform Resource Identifier – of requested resources, the time of the request, method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of response from the server – successful, error etc. – and other parameters regarding the User’s operating system and IT environment).
Such Personal Data are processed with the purpose of carrying out anonymous statistical surveys on the use of the Website and checking its correct functioning, and are deleted immediately after processing. Personal Data could be used to determine potential liabilities in the event of hypothetical computer crimes against the Website.
Categories of entities to which Users’ Personal Data may be disclosed
Personal Data may be disclosed to employees or partner companies of the Data Controller or of the company in Italy and abroad, who or which, working under the direct authority of the Controller, are appointed Data Processors and/or persons in charge of data processing and will receive adequate operational instructions in this regard.
Scope of communication or disclosure of Users’ Personal Data
Personal Data provided directly by Users through the completion of online forms may be communicated to external service providers responsible for the management of Personal Data for the purposes for which the Personal Data were originally collected; GRIGIO DEL CASENTINO® shares Users’ Personal Data to the extent necessary to enable these external service providers to provide the service on behalf of GRIGIO DEL CASENTINO® or on their behalf (e.g. executing orders, services and processing payments, managing credit cards, recovering credits, managing the functioning of the website and the e-commerce platform, providing support services, promotions, developing the website, providing email services to send emails and/or newsletters and/or SMS/MMS on its own behalf, analysing Personal Data etc.). These providers, whose Personal Data may be requested by contacting the Data Controller mentioned below, are appointed Data Processors and should provide their employees or company partners, to whom Personal Data may be communicated, with appropriate instructions.
GRIGIO DEL CASENTINO® does not share, sell, transfer or otherwise disclose Users’ Personal Data to third parties, unless otherwise required by law pursuant to article 6(1) (c) of the GDPR, unless otherwise required in the contract pursuant to article 6(1) (b) or unless the User has expressly agreed to pursuant to article 6 (1) (a).
The same Personal Data may be disclosed, should the Website list the names of winners in the event of competitions or prize contests promoted by GRIGIO DEL CASENTINO® via the Website.
Data Controller and Data Processors
The Data Controller is GRIGIO DEL CASENTINO® with registered office and corporate office in: Via Nazionale 51/A- 52011 Soci (AR), Fiscal code and VAT number 02132460516.
The updated list of Data Processors and persons in charge of data processing can be requested by contacting the Data Controller at the above-mentioned contact details.
Users rights recognised in article 7 of the Code and article 15 of the GDPR
The data subject shall have the right to obtain confirmation as to whether or not Personal Data concerning him/her are being processed, even if not yet been recorded, and communication of such data in intelligible form as well as access to their content.
1. Data subjects shall have the right to obtain the following information:
- the origin of Personal Data;
• purposes and means of processing;
• the logic involved in the processing, if the latter is carried out with the help of electronic means;
• identity of the Data Controller, Data Processors and the designated representative in the Italian territory, where applicable; - the individuals or entities to whom Personal Data may be communicated, or that have access to them in their capacity as designated representative in the Italian territory, Data processors or persons in charge of data processing.
2. Data subjects shall have the right to obtain:
• updating, rectification or, when interested therein, integration of Personal Data;
• erasure, anonymisation or blocking of Personal Data that have been processed unlawfully, including data whose retention is unnecessary for the purposes for which they were collected or subsequently processed;
• certification to the effect that the operations described above have been notified, as also related to their content, to those to whom or which Personal Data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effect compared to the right that is to be protected.
3. Data subjects shall have the right to object, in whole or in part:
• on legitimate grounds, to the processing of Personal Data concerning him/her, even though they are relevant to the purpose of the collection;
• to the processing of Personal Data concerning him/her, where it is carried out for the purpose of sending advertisement materials or direct selling, or else for the performance of market or commercial communication surveys.
4. Data subjects, where applicable, shall also enjoy the rights specified in article 16-21 of the GDPR (right to rectification, right to erasure, right to restriction of processing, right to data portability, right to object), as well as the right to lodge a complaint with the Data Protection Supervisor.
The above rights may be exercised either directly or by conferring, in writing, a proxy or power of attorney to persons or organisations.
Retention of Personal Data
In accordance with applicable laws, GRIGIO DEL CASENTINO® will retain Personal Data as long as necessary to achieve the purposes for which they were collected (as described in the section ‘Purposes of Data Processing’) or in order to comply with applicable legal requirements.
Modalities for the exercise of the rights and to obtain a complete list of Data Processors
Users may, at any given moment, exercise their aforementioned rights and obtain the complete list of Data Processors, by sending an email to the Data Controller’s address or a letter by regular or certified post, or a certified email.
Furthermore, Users, if consent has previously been given, shall have the right to withdraw at any time their consent to process their Personal Data for the purposes outlined in points 2 and 3 of the ‘Purposes of Data Processing’, by clicking on the specific ‘link’ found in every email message or by contacting the Data Controller in the manners described in the previous paragraph.
