INFORMATION ON THE PROCESSING OF PERSONAL DATA
PURSUANT TO ARTICLE 13 OF REGULATION (EU) 2016/679 ("GDPR")
Tua Rita Società Semplice Agricola (hereinafter also the “Company” or “Data Controller”) is committed to respecting and protecting your privacy and wants you to feel safe while simply browsing our website and if you decide to register by providing us with your personal data to take advantage of the products and services we offer to our Users and/or Customers. On this page, the Company provides information on the processing of personal data of users who visit or browse the e-commerce website accessible electronically from the address https://wineclub.tuarita.it/it/wine-club(hereinafter also the “Website”). The information is provided only for the Website of Tua Rita and not for other websites that may be consulted by the user via links (in which case please consult individual privacy policies). The reproduction or use, by any means and on any medium, of pages, materials and information contained on the Website is not permitted without the prior written consent of the Company. Copying and/or printing is permitted for personal and non-commercial use only (for requests and clarifications, contact the Company at the addresses indicated below). Other uses of the contents, services and information on this website are not permitted.
With regard to the contents offered and the information provided, Tua Rita endeavours to keep the contents of the Website reasonably updated and revised but cannot offer any guarantee of the adequacy, accuracy or completeness of the information provided and explicitly declines any responsibility for any errors of omission in the information provided on the Website.
1. Data Controller
The Data Controller for personal data is Tua Rita Società Semplice Agricola, with registered office in Località Notri, No 81 – 57028 Suvereto (LI), VAT number 01475690499, email firstname.lastname@example.org, PEC email@example.com.
2. Types of data processed
The computer systems and software procedures used to operate this Website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This category of data includes IP addresses or domain names of computers and terminals used by users, the addresses in URI/URL (Uniform Resource Identifier/Locator) notation of the requested resources, the time of the request, the method used in submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's computer environment.
These data, necessary for the use of web services, are also processed for the following purposes:
- to obtain statistical information on the use of services (most visited pages, number of visitors by time or day, geographical areas of origin, etc.);
- to check the correct functioning of the services offered.
Browsing data does not persist for more than seven days (except when required by the judicial authorities to ascertain criminal activity).
Data provided by the user
The optional, explicit and voluntary sending of messages to the contact addresses of the Data Controller, private messages sent by users to the institutional profiles/pages on social media (where this is possible), as well as the compilation and forwarding of Forms on the Website, involve the acquisition of the sender's contact details needed to receive a reply, as well as all personal data included in communications.
The Company processes the personal data freely entered by the User on the Website, including data necessary for completing the purchase of goods and/or services (such as, in particular, personal data, tax codes, contact details, telephone and/or fax numbers, e-mail addresses, etc.), as well as autonomously generated technical data (in particular, IP addresses, log files relating to navigation on the Site, purchases made, etc.).
The Data Controller will store, within the terms of the law, the log files and IP addresses used when making an online purchase, in order to prevent and ascertain any fraud in online transactions.
2.1. Credit card data
To make a payment on the Website by credit card, the User must enter the confidential data of the credit card (card number, holder, expiration date, security codes). These data will be acquired by the payment service provider, who will act as an independent data controller, without passing through Tua Rita's server. The data will be acquired in encrypted format and according to PCI certification security standards. The Company will keep track of only the last four digits of the credit card number and the expiration date of the card only and exclusively for the purpose of preventing online payment fraud. The payment service provider uses the Transport Layer Security (TLS) protocol.
3. Purpose and legal basis - Processing methods - Data storage period
The Data Controller processes User personal data for the following purposes:
- to register on the Website or to proceed with the purchase of goods or services through the Website and, therefore, to carry out any activity connected with, in particular, the selection of products, the pre-contractual phase and management of the basket, including so-called Abandoned Basket/Cart, sending orders and/or their acceptance, shipping, delivery and/or any exercise of the right of withdrawal and the consequent return of the goods or any other fulfilment provided for in the general conditions of sale of the Company;
- to enable the use of the services reserved for registered Users as indicated on the Terms and Conditions page of the Website where the provision of services at the User's request is envisaged, such as subscription services, sending of messages to receive customer assistance, booking of goods and services and sharing products on social networks;
- for the performance of any administrative and accounting activity connected to registration on the Website, making purchases through the Website and protection of interests in carrying out business activities for the proper functioning of the Website, and in order to fulfil legal obligations;
- for sending communications aimed at the promotion and/or direct sale of products or services similar to those already purchased/enjoyed by the User, pursuant to Article 130 c 4 of the Italian Personal Data Protection Code ("Codice Privacy"), using the e-mail address indicated on such occasions (so-called “soft spamming”), without prejudice at any time to the User's right to object, as indicated at the bottom of the communication or to the addresses shown below for the exercise of the rights referred to in Article 15 and onwards of the GDPR;
- for sending commercial communications on products and services of the Data Controller and/or third parties, special offers, promotions and newsletters and coupons, for carrying out market research, by means of automated systems, e-mails, text message or similar, and/or by means of the postal service (so-called "marketing purposes");
- for the analysis of User preferences and consumer habits and the processing of personal preferences and interests through automated systems and the transmission of personalised offers through the Website (so-called "profiling" purposes);
- for statistical and historical purposes (with anonymous data only).
The legal basis for processing is established:
- for the purposes sub a) and b), for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (Article 6, paragraph 1, letter b) GDPR);
- for the purpose sub c), for compliance with a legal obligation (Article 6, paragraph 1, letter c) GDPR);
- for the purposes sub d), for the legitimate interests pursued by the Data Controller (Article 6, paragraph 1, letter f) GDPR);
- for the purposes referred to in sub e) and f), by the free consent expressed by the Data Subject (Article 6, paragraph 1, letter a) GDPR).
Personal data are processed using manual and electronic means and are stored in the appropriate electronic data bank. The personal data contained in the aforementioned automated information system, as well as those stored in the electronic files of the Data Controller, are processed in accordance with the provisions of current legislation and the GDPR regarding security measures in order to minimise the risks of destruction, loss, modification, unauthorised disclosure or accidental or illegal access or of processing that does not comply with the purpose of the collection of the data.
Furthermore, personal data are kept for the time necessary to achieve the aforementioned purposes, as well as to fulfil the legal obligations imposed for the same purposes.
4. Consequences in the event of failure to provide to provide data.
The provision of data for the purposes referred to in points a), b) and c) of article 2 above is necessary and, therefore, failure to provide the personal data in question will make it impossible for the User to complete procedures for the purchase, sale, delivery and/or return of goods, to use the services reserved for registered Users or requested by them from time to time as indicated in the conditions of use of the Site, as well as the administrative and accounting activities carried out by Tua Rita.
With reference to the purpose referred to in point d) of Article 2 above, consent to processing is not necessary pursuant to current legislation, however the User's right remains to object at any time to the sending of communications as per the procedures indicated below.
With reference to the purpose of the processing referred to in points e) and f), consent to the processing of personal data is purely optional, on the understanding that failure to provide data will make it impossible
- for the User to receive information and/or commercial communications relating to products and/or services offered by Tua Rita or third parties, including those belonging to the product sectors indicated above, or to benefit from any promotions offered,
- for the Company to analyse the User's consumer habits in order to process and send specific offers based on the User's tastes and preferences.
The User is advised that, by law, when he receives promotional communications from third parties, they must release their own information - for which the Company is not responsible - containing, in addition to the elements provided for by articles 13 and 14 of the GDPR, also the origin of the personal data communicated to them, i.e. the indication that data is from Tua Rita, so that the User can also contact the Data Controller in order to oppose processing pursuant to Article 21 of the GDPR. Third parties must also provide the User with appropriate contact details (e.g. e-mail address) so that the User can usefully and quickly, economically and effectively exercise the rights referred to in the GDPR.
5. Data communication scope
The personal data provided by the User for the purposes described in Article 2 above, may be brought to the attention of and/or communicated to the following recipients:
- employees and/or collaborators in any capacity of the Data Controller for the performance of administration, accounting and IT and logistical support activities;
- public and/or private bodies, natural and/or legal persons (legal, administrative and tax consultancy firms, shippers and couriers, any IT companies and any other entity) that the Company uses to carry out the activities referred to in points a ), b) and/or c) of article 2;
- to private bodies, natural or legal persons also operating outside the EU territory (for example in the USA), without prejudice to the recourse in the contracts stipulated with such third parties in the application of the bilateral conventions in force and/or the standard contractual clauses for the transfer of personal data to them, which the Data Controller may use for carrying out the activities referred to in points d), e), f) of the preceding article 2 (e.g. companies that send information and/or promotional communications, companies that process the consumer habits of Users, etc.);
- to all those entities (including Public Authorities) that have access to data by virtue of regulatory or administrative provisions.
All personal data provided by Users in relation to registration on the Website and/or purchase through the Website are not subject to disclosure.
6. Rights of Data Subjects
Pursuant to articles 15 et seq. of the GDPR and current legislation, the User has the right, in addition to lodging a complaint with the Guarantor for the protection of personal data (www.garanteprivacy.it) and to revoking any consent given at any time (without prejudice to the lawfulness of the processing based on consent before revocation), to:
- obtain confirmation of the existence or not of personal data concerning the Data Subject and their communication in an intelligible form, receiving them in a structured, commonly used and legible format with the possibility of transmitting them to a different Data Controller ("Right to data portability");
- obtain indications:
- about the origin of the personal data, on the purposes and methods of processing, on the logic applied when processing is carried out with the aid of electronic tools;
- about the particulars of the Data Controller, the Data Processor(s) and the Data Protection Officer;
- about the entities or categories of entities to whom the data may be communicated or who may become aware of the same as representatives in the State, managers or appointees;
- the updating, correction or supplementation of data concerning the Data Subject or, in the event of a dispute regarding the correctness of the data, the limitation of their processing for the time necessary for appropriate checks,
- the transformation into anonymous form or the blocking of data processed in violation of the law, including data whose retention is necessary in relation to the purposes for which they were collected or subsequently processed,
- the attestation of the fact that the operations referred to in the preceding points have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disclosed, except when fulfilment of this is impossible or involves the use of means manifestly disproportionate to the protected right;
- object, in whole or in part
- to the processing of data concerning the Data Subject, even if pertinent to the purpose of its collection,
- to the processing of personal data concerning the Data Subject for the purposes of commercial information or sending advertising or direct sales material or for carrying out market research or commercial communication;
- obtain deletion without undue delay ("Right to be forgotten") in the event that the data are no longer necessary, with respect to the purposes for which they were collected or otherwise processed, or have been unlawfully processed or in the event that the User
- requests this or
- objects to the processing in whole or in part;
- obtain the limitation of processing in the event that the data
- have been processed unlawfully but the User opposes the deletion of the same,
- are necessary for the User to ascertain, exercise or defend a right,
- that an evaluation of the legitimacy of the reasons for the processing by the Data Controller is pending.
The above rights may be exercised by applying to Tua Rita Società Semplice Agricola, as Data Controller, using the e-mail address firstname.lastname@example.org.
Updated on 31/05/2021