Privacy Policy
Disclosure pursuant to and for the purposes of articles 13 et seq. of EU Regulation no. 679/2016 of 27 April 2016 GDPR, (General Data Protection Regulation – G.D.P.R.) “concerning the protection of natural persons with regard to the processing of personal data, as well as the free movement of such data (general regulation on data protection)”.
By carrying out the procedure for consulting the pages of the site and/or registering for our services, users voluntarily communicate their personal data to CANTINA DI RUSCIO S.R.L., the data controller. The personal data sent will be processed in compliance with the personal data protection principles established by EU Regulation no. 679/2016 and other current regulations on the matter.
Data controller
The Data Controller is CANTINA DI RUSCIO SRL (hereinafter also the “Data Controller”) and can be contacted by written communication to be sent to: Campofilone (FM) – 63828 – Via Valdaso, 49 or to the email address info@cantinadiruscio .it
Nature of the data processed
The usage and navigation data are processed to the extent that the computer systems and software procedures used to operate this website acquire information whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified interested parties, but which however could, through processing and association with data held by third parties, allow users to be identified (e.g. IP addresses, domain names of the computers used by users who connect to the site, the URI notation addresses of the requested resources, the time of the request, the method used to submit the request to the server and other parameters relating to the operating system, browser and computer devices of the user). Among the technologies used to collect and store information, cookies are of particular and independent importance, to whose specific information the attention of the user/interested person is referred (indicate the link to the cookie information). The data voluntarily provided by you, during registration, subscription to our site and/or contact, and/or made manifestly public by you, including your personal identification data, name, surname, address, email, telephone number, fax number, content of any of your messages, etc. etc. as well as data of an economic nature which are strictly necessary for the performance of existing or future contractual relationships. No so-called particular, sensitive or judicial data, which may fall within those indicated by art. 4, letter d) and letter e) of the privacy code and art. 9 EU Reg. 2016/679, the treatment of which, however, is prohibited by art. 9 paragraph 1 of the aforementioned Reg EU 2016/679, except for specific and mandatory exceptions contemplated by the same article.
Purpose and legal basis of the processing
Personal data collected with registration or subscription to our site are processed in order to allow access to products, services and contents reserved for registered users. The legal basis for being able to process the data obtained is represented, pursuant to art. 6 EU Reg. 2016/679, from the following conditions:
– the interested party has given his consent to the processing of his personal data;
– the processing is necessary for the execution of the contract of which the interested party is a part or for the execution of pre-contractual measures adopted at the request of the same;
– the processing is necessary to fulfill a legal obligation to which the Data Controller is subject.
– the processing is necessary for the pursuit of the legitimate interest of the data controller or of third parties (see also recital n. 47 GDPR), provided that the interests or fundamental rights and freedoms of the data subject who require protection do not prevail of personal data, in particular if the data subject is a minor. In the latter case, it should be noted that the legitimate interests of the Data Controller are the defense of one’s right, the need for fraud prevention, and/or the development of promotional activities on services/products for direct marketing purposes.
In the event that the user/interested party has given consent at the time of activation of the service, or expresses it subsequently and until the revocation of the same, his personal data may be processed by CANTINA DI RUSCIO SRL for:
– allow access to products, services and content;
– send, in the event that users have given their consent when activating the service, or give it subsequently, and until the revocation of the same, commercial communications on their own products and services or those of third-party companies, also using methods automated, for direct sales purposes, as well as for sending market research and for verifying the degree of user satisfaction;
– carry out, in the event that users have given their consent at the time of activating the service, or express it subsequently, and until the revocation of the same, also by means of electronic tools, analysis activities of specific behaviors and consumption habits, in so as to improve the services provided and direct the commercial offers of interest to the user, also offering third parties the aggregated summary data of the openings and clicks obtained through a tracking system using “cookies”.
– communicate and transfer user data to third parties, in the event that they have given their consent at the time of activating the service, or do so subsequently, and until the revocation of the same, for the sending of communications of a commercial on products and services of third-party companies, also with automated methods, for direct sales purposes, as well as for sending market research;
– Cantina Di Ruscio SRL will also use personal data for administrative and accounting purposes and for the execution of contractual obligations towards users who are part of its customers.
Processing methods
The personal data sent via the registration/registration form can be processed by Cantina Di Ruscio S.r.l. with automated tools and paper supports. The possibility remains for Cantina Di Ruscio S.r.l. to process the aforesaid data in aggregate form, in compliance with the measures prescribed by the Guarantor Authority and by virtue of the specific exemption from the consent provided for by the same, for electronic analysis and processing (e.g.: classification of all customers into homogeneous categories by level of services, consumption, expenditure, etc.) aimed at periodically monitoring the development and economic trend of the activities of Cantina Di Ruscio S.r.l., at directing the related industrial and commercial processes, at improving services, as well as at planning and implementing marketing campaigns commercial communication. Therefore, these are legitimate and necessary treatments to ensure a service that responds better and better to the expectations of users/customers. Specific security measures are observed by the Data Controller to prevent data loss, illicit or incorrect use, and unauthorized access. The treatments connected to the web services of this site take place both at the aforementioned headquarters of the Cantina Di Ruscio S.r.l. and are handled only by technical personnel authorized to process both at the premises of the Software House Company of our reference for site management. In any case, personal data is recorded and stored in electronic databases located in Italy, in countries belonging to the European Economic Area (EEA) and in third countries which guarantee an adequate level of data protection.
Obligation or right to provide data
The provision of data is optional. However, failure to provide the data deemed mandatory will prevent correct registration on the site as well as, consequently, the possibility of using the services reserved for registered users, and, in the event of a purchase, the acceptance by Cantina Di Ruscio S.R.L of the proposal order and the execution of the related contract.
Scope of knowledge of your data
The following categories of subjects may become aware of your data, as external or internal data processors appointed by the Data Controller: – Internal personnel assigned to administrative-accounting activities; – Internal staff assigned to the execution of contracts; – Administrators, accountants and external consultants for accounting and administrative activities. The processing of personal data provided by users may also be carried out by companies, organizations or consortia, appointed as data processors pursuant to art. 28 of the aforementioned EU Regulation, which, on behalf of Cantina Di Ruscio S.r.l., provide specific processing services or connected, instrumental or support activities (such as, by way of example: software developers and website managers, IT companies, network providers, electronic communication services, IT and telematic services for archiving and IT data management, shippers, transport companies; or consultants, lawyers or collaborators of the company, tax consultants of the company, subjects who perform tasks of a technical and organizational nature; credit agencies , banks, financial companies, insurance companies; companies or persons who provide customer assistance; companies that resell our products), to the extent strictly necessary to carry out their duties at our or their organization, subject to our letter of assignment which imposes the duty to confidentiality and security.
Communication and dissemination
The personal data provided by users will not be disclosed by us, with this term meaning giving knowledge to indeterminate subjects in any way, including by making them available or consulting them, but they may be communicated by us, i.e. giving knowledge to one or more specified and qualified subjects, in the following terms: – to investee or associated companies; – to subjects to whom the right to access personal data is recognized by provisions of the law, by regulations or by community legislation; – to subjects to whom the communication is required by law or regulation, or by public subjects for the performance of their institutional functions.
Rights of the interested party
The user/interested party may exercise the rights provided for in articles 15-22 of the GDPR at any time by contacting the owner of this site. We report below the extract of article 15 Reg Eu 2016/679, relating to your right of access to us to remind you that you can obtain the following information: “The interested party has the right to obtain from the data controller the confirmation that whether or not personal data concerning him is being processed and in this case, to obtain access to personal data and the following information: a) the purposes of the processing; b) the categories of personal data in question; c) the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if recipients from third countries or international organizations; d) when possible, the envisaged retention period for personal data or, if this is not possible, the criteria used to determine this period; e) the existence of the right of the interested party to ask the data controller to rectify or cancel personal data or limit the processing of personal data concerning him or to oppose their treatment; f) the right to lodge a complaint with a supervisory authority; g) if the data are not collected from the interested party, all the information available on their origin”. Furthermore, the interested party has the right: to obtain from the data controller the rectification of inaccurate personal data concerning him without unjustified delay, pursuant to art. 16 EU Reg. 2016/679; to obtain the cancellation of personal data concerning him without justified delay where one of the reasons listed in art. 17 EU Reg. 2016/679; to the limitation of treatment when one of the hypotheses described in art. 18 EU Reg. 2016/679; to oppose at any time the processing of data concerning him in the cases referred to in art. 21 EU Reg. 2016/679; to receive, in a structured format, commonly used and readable by an automatic device, the personal data concerning him provided to a data controller and to transmit such data to another data controller without impediments by the data controller to whom he provided them , in the cases provided for by art. 20 EU Reg. 2016/679; to revoke the consent at any time, if the treatment is exclusively based on the art. 6, paragraph 1, letter a), or on art. 9, paragraph 2, letter a), in any case without prejudice to the lawfulness of the treatment based on the consent given before the revocation; to lodge a complaint, pursuant to art. 77 EU Reg. 2016/679, to the competent Supervisory Authority Privacy Guarantor, especially in the EU Member State in which he habitually resides, works, or the place where the alleged violation occurred, in addition to the ordinary right to bring a judicial appeal effective, pursuant to art. 79 EU Reg. 2016/679, if you believe that the rights you enjoy pursuant to the aforementioned EU Regulation have been violated following a treatment.
Data retention period
The retention period of the personal data referred to above is in line with the current regulatory provisions: in compliance with the principles of minimisation, proportionality and necessity, the data will not be kept for periods longer than those indispensable for the achievement of the purposes indicated above and , therefore, to the service offered or to the specific legal provisions (e.g. a term of at least 10 years is in force in our legal system for the conservation of company administrative documents). In any case, the company will ensure the secure deletion or irreversible anonymization of the data without delay when the retention of personal data is no longer justified.
Further information
This information may be subject to changes. If substantial changes are made to the use of personal data by the Data Controller, or the latter intends to further process the personal data for a purpose other than that for which they were collected, the latter will be required to inform in advance and interested parties again.