Processing of Personal Data
Access to several sections of the Website and/or any request for information or services by Users of the Website may require the insertion of Personal Data. Furthermore, any contact with GRIGIO DEL CASENTINO®, such as for instance through customer service or the optional, explicit and voluntary dispatch of electronic mails or postal mails to the addresses of GRIGIO DEL CASENTINO® indicated on the Website, entails the subsequent acquisition of the sender’s address, and email where relevant, or the telephone number, necessary to respond to these requests, as well as any other Personal Data included in the message.
As Data Controller, GRIGIO DEL CASENTINO® informs that the processing of Personal Data as mentioned above will take place in accordance with the Code and the GDPR.
This policy is intended to inform Users of Personal Data processing by GRIGIO DEL CASENTINO® before they access various areas of the Website and provide their Personal Data. Users must read it before providing any Personal Data, by filling the relevant gaps in the appropriate areas of the Website.
Purposes of Data Processing
Depending on the different needs of Users accessing different areas of the Website, Personal Data provided directly by Users can be used in the following ways:
Means of data processing
Personal Data will be processed by operations of collection, recording, organisation, storage, consultation, processing, rectification, selection, extraction, comparison, use, interconnection, blocking, communication, erasure and destruction of Personal Data.
Personal Data will be processed primarily by automated means, but also in paper format, with means strictly related to the aforementioned purposes.
Nature of the provision of Users’ Personal Data
The provision of Personal Data is optional, but partly necessary, to ensure that GRIGIO DEL CASENTINO® meets the needs of Users with regards to the services provided on the website and for the aforementioned purposes. Failure to provide Personal Data, or the partial or inaccurate provision thereof, being necessary for the provision of the services requested, will render this provision impossible; failure to provide optional Personal Data that are not necessary, or the partial or inaccurate provision thereof, will have no consequences.
Categories of Personal Data subject to processing
As well as Personal Data provided directly by Users (such as name, surname, postal address, email address, password, age, birth date, gender, image, profession, civil status etc.) when connecting to the Website, information systems and software procedures employed by the Website acquire, both automatically and indirectly, some Personal Data, whose transmission is implicit in the use of internet communication protocols (e.g. IP address or domain names of computers used by Users connecting to the website, URI address – Uniform Resource Identifier – of requested resources, the time of the request, method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of response from the server – successful, error etc. – and other parameters regarding the User’s operating system and IT environment).
Such Personal Data are processed with the purpose of carrying out anonymous statistical surveys on the use of the Website and checking its correct functioning, and are deleted immediately after processing. Personal Data could be used to determine potential liabilities in the event of hypothetical computer crimes against the Website.
Categories of entities to which Users’ Personal Data may be disclosed
Personal Data may be disclosed to employees or partner companies of the Data Controller or of the company in Italy and abroad, who or which, working under the direct authority of the Controller, are appointed Data Processors and/or persons in charge of data processing and will receive adequate operational instructions in this regard.
Scope of communication or disclosure of Users’ Personal Data
Personal Data provided directly by Users through the completion of online forms may be communicated to external service providers responsible for the management of Personal Data for the purposes for which the Personal Data were originally collected; GRIGIO DEL CASENTINO® shares Users’ Personal Data to the extent necessary to enable these external service providers to provide the service on behalf of GRIGIO DEL CASENTINO® or on their behalf (e.g. executing orders, services and processing payments, managing credit cards, recovering credits, managing the functioning of the website and the e-commerce platform, providing support services, promotions, developing the website, providing email services to send emails and/or newsletters and/or SMS/MMS on its own behalf, analysing Personal Data etc.). These providers, whose Personal Data may be requested by contacting the Data Controller mentioned below, are appointed Data Processors and should provide their employees or company partners, to whom Personal Data may be communicated, with appropriate instructions.
GRIGIO DEL CASENTINO® does not share, sell, transfer or otherwise disclose Users’ Personal Data to third parties, unless otherwise required by law pursuant to article 6(1) (c) of the GDPR, unless otherwise required in the contract pursuant to article 6(1) (b) or unless the User has expressly agreed to pursuant to article 6 (1) (a).
The same Personal Data may be disclosed, should the Website list the names of winners in the event of competitions or prize contests promoted by GRIGIO DEL CASENTINO® via the Website.
Data Controller and Data Processors
The Data Controller is GRIGIO DEL CASENTINO® with registered office and corporate office in: Via Nazionale 51/A- 52011 Soci (AR), Fiscal code and VAT number 02132460516.
The updated list of Data Processors and persons in charge of data processing can be requested by contacting the Data Controller at the above-mentioned contact details.
Users rights recognised in article 7 of the Code and article 15 of the GDPR
The data subject shall have the right to obtain confirmation as to whether or not Personal Data concerning him/her are being processed, even if not yet been recorded, and communication of such data in intelligible form as well as access to their content.
1. Data subjects shall have the right to obtain the following information:
Retention of Personal Data
In accordance with applicable laws, GRIGIO DEL CASENTINO® will retain Personal Data as long as necessary to achieve the purposes for which they were collected (as described in the section ‘Purposes of Data Processing’) or in order to comply with applicable legal requirements.
Modalities for the exercise of the rights and to obtain a complete list of Data Processors
Users may, at any given moment, exercise their aforementioned rights and obtain the complete list of Data Processors, by sending an email to the Data Controller’s address or a letter by regular or certified post, or a certified email.
Furthermore, Users, if consent has previously been given, shall have the right to withdraw at any time their consent to process their Personal Data for the purposes outlined in points 2 and 3 of the ‘Purposes of Data Processing’, by clicking on the specific ‘link’ found in every email message or by contacting the Data Controller in the manners described in the previous paragraph.
Please enter your details to receive the latest Grigio del Casentino® price lists
Inserisci i tuoi dati per ricevere il listino Grigio del Casentino® con gli ultimi prezzi aggiornati.