INFORMATION TO CUSTOMERS AND SUPPLIERS
ON THE PROTECTION OF PERSONAL DATA PURSUANT TO ART. 12 and following EU REGULATION 679/2016 AND OF THE D.LGS. 196/2003 AS MODIFIED BY THE D.LGS. 101/2018
Pursuant to the new EU Regulation 679/2016, in accordance with the principle of accountability, any processing of personal data must be lawful and correct. The way in which personal data is collected, consulted or otherwise processed must be transparent to the interested person, as well as how the same data will be furthermore used or processed.
The principle of transparency requires that the information and communications related to the processing of such data are easily accessible and understandable and that simple and clear language is used.
With this in mind, please read the following information.
Tenuta di Arceno in its capacity as Data Controller, in the person of its pro tempore legal representative, pursuant to and for the purposes of EU Regulation 2016/679, hereby informs the interested party that his personal data, acquired by the Data Controller or that will be requested later and / or communicated by third parties, are necessary and will be used for the purposes indicated below.
PURPOSE AND LAWFULNESS OF THE PROCESSING
Pursuant to EU Regulation 679/2016, personal data:
- They are processed in a lawful, correct and transparent way towards the interested party (art. 5);
- and collected for specific, explicit and legitimate purposes, and subsequently treated in accordance of these purposes (art. 5);
The purposes for which the data are collected are as follows:
The pursuit of purposes functional of the performance of the existing contractual / pre-contractual relationship;
General accounting, invoicing, credit management, statutory and tax obligations required by law and for updating archives;
Detection of the degree of satisfaction of the interested party on the quality of the product and services rendered by the Data controller (or by Tenuta di Arceno) , including statistical analysis;
The data are processed for sending service communications, for the management of requests for clarification, for reports and for the management of complaints related to the contractual relationship established, as well as for its completion.
LEGAL BASIS OF THE PROCESSING
Treatment is lawful under the following conditions:
Pursuant to art. 6, paragraph 1, lett. b) EU Regulation 679/2016, the processing is necessary for the execution of a contract of which the interested party is a part or for the execution of pre-contractual measures adopted at the request of the same;
Pursuant to art. 6, paragraph 1, lett. c) EU Regulation 679/2016, the processing is necessary to fulfill a legal obligation to which the data controller is subject;
Pursuant to art. 6, paragraph 1, lett. f) EU Regulation 679/2016, the processing is necessary for the pursuit of the legitimate interest of the data controller.
The legitimate interest of the Data Controller is connected to the management of personal data for promotional and marketing purposes (soft spam) for products and / or services already provided.
PROCESSING METHODS AND CONFIDENTIALITY OBLIGATION
The data processing is performed through IT tools and / or paper supports, by subjects committed to confidentiality, related logically to the purposes and in any case in order to guarantee the security and confidentiality of the data. The collected data will not be disclosed or disseminated to third parties in accordance with the law.
You can be contacted via email for promotional purposes related to our products or services.
COMMUNICATION TO THIRD PARTIES
Your personal data may be communicated to third parties known to us only and exclusively for the aforementioned purposes and, in particular, to the following categories of subjects:
- External companies that perform services on our behalf present in the EU territory;
- Bodies and Public Administrations for legal obligations;
- Professionals who can be supportive on legal obligations;
- Supervisory Body, Board of Statutory Auditors, Auditor, for control and verification activities.
These subjects will process personal data as managers or independent data controllers.
Your data may be transferred both within the EU area and outside the EU area. In this second case, the transfer will take place, where present, in compliance with the adequacy decisions referred to in art. 45 EU Regulation 679/2016 or, in any case, based on art. 49, paragraph 1, lett. b of European legislation.
Pursuant to art. 5 of EU Regulation 679/2016, "Principles applicable to the processing of personal data", personal data are stored in a form that allows the identification of data subjects for a period of time not exceeding the achievement of the purposes for which they are processed. The personal data collected is kept for the times established by current tax, accounting, contracts, contractual liability laws and for longer periods for historical archive purposes.
RIGHTS OF THE INTERESTED PARTY
Pursuant to current legislation, the interested party may assert his rights towards the Data Controller, as expressed in art. 15 and following of EU Regulation 679/2016.
In addition to these rights, the interested party has the right to lodge a complaint with the supervisory authority. (Probably its meant : ) within the lawfull rights.
For further information in relation to how to exercise these rights, please read the "Data subject right procedure" on the online page of www.tenutadiarceno.com of the Data Controller .Tenuta di Arceno.
OWNER, POSSIBLE DPO AND PRIVACY NOTICES
The owner is the Tenuta di Arceno.
For any communication pursuant to the above articles of EU Regulation 679/2016, the Data Controller provides the address firstname.lastname@example.org
RIGHTS OF THE INTERESTED PARTY
PURSUANT TO ARTICLES 15 TO 23 OF REGULATION 679/2016
AND OF D.LGS. 196/2003 AS MODIFIED BY THE D.LGS. 101/2018
The EU Regulation 679/2016 on the protection of personal data provided among its cardinal points is the protection of the rights of the interested party in the processing of personal data.
These rights are subject to control over the types of data used, the methods of treatment and gives it the possibility to limit such use, to oppose and to delete personal data in certain circumstances.
The corollary of these rights is the right to complaints and judicial protection in case of violations regarding unregulated or illegal treatment.
This procedure intends first of all to identify these rights, as well as the setting of the response times and the methods of exercise. Finally, this document identifies the subject responsible for feedback to the instant subjects.
The purpose of this procedure is to facilitate the interested party pursuant to article 12 paragraph 2 of the exercise of his rights.
Right of access by the data subject
- The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and where that is the case, access to the personal data and the following information:
- the purposes of the processing;
- the categories of personal data concerned;
- the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
- the right to lodge a complaint with a supervisory authority;
- where the personal data are not collected from the data subject, any available information as to their source;
- the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
- Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Article 46 relating to the transfer.
- The controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.
- The right to obtain a copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of others.
Right to rectification
The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her . Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to erasure (‘right to be forgotten’)
- The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;
- the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
- the personal data have been unlawfully processed;
- the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
- the personal data have been collected in relation to the offer of information society services referred to in Article 8(1).
- Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
- Paragraphs 1 and 2 shall not apply to the extent that processing is necessary:
- for exercising the right of freedom of expression and information;
- for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3);
- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
- for the establishment, exercise or defence of legal claims.
Right to restriction of processing
- The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
- the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
- the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
- the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
- the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.
- Where processing has been restricted under paragraph 1, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
- A data subject who has obtained restriction of processing pursuant to paragraph 1 shall be informed by the controller before the restriction of processing is lifted.
Notification obligation regarding rectification
or erasure of personal data or restriction of processing
The controller shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Articles 16, 17(1) and 18 to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform the data subject about those recipients if the data subject requests it.
Right to data portability
- The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
- the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and
- the processing is carried out by automated means.
- In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
- The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to Article 17. That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
- The right referred to in paragraph 1 shall not adversely affect the rights and freedoms of others.
Right to object
- The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on points (e) or (f) of Article 6(1), including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
- Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
- Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
- At the latest at the time of the first communication with the data subject, the right referred to in paragraphs 1 and 2 shall be explicitly brought to the attention of the data subject and shall be presented clearly and separately from any other information.
- In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.
- Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1), the data subject, on grounds relating to his or her particular situation, shall have the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
Automated individual decision-making, including profiling
- The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
- Paragraph 1 shall not apply if the decision:
- is necessary for entering into, or performance of, a contract between the data subject and a data controller;
- is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or
- is based on the data subject’s explicit consent.
- In the cases referred to in points (a) and (c) of paragraph 2, the data controller shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
- Decisions referred to in paragraph 2 shall not be based on special categories of personal data referred to in Article 9(1), unless point (a) or (g) of Article 9(2) apply and suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests are in place.
- Union or Member State law to which the data controller or processor is subject may restrict by way of a legislative measure the scope of the obligations and rights provided for in Articles 12 to 22 and Article 34, as well as Article 5 in so far as its provisions correspond to the rights and obligations provided for in Articles 12 to 22, when such a restriction respects the essence of the fundamental rights and freedoms and is a necessary and proportionate measure in a democratic society to safeguard:
- national security;
- public security;
- the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security;
- other important objectives of general public interest of the Union or of a Member State, in particular an important economic or financial interest of the Union or of a Member State, including monetary, budgetary and taxation a matters, public health and social security;
- the protection of judicial independence and judicial proceedings;
- the prevention, investigation, detection and prosecution of breaches of ethics for regulated professions;
- a monitoring, inspection or regulatory function connected, even occasionally, to the exercise of official authority in the cases referred to in points (a), (b), (c), (d), (e) and (g);
- the protection of the data subject or the rights and freedoms of others;
- the enforcement of civil law claims.
- In particular, any legislative measure referred to in paragraph 1 shall contain specific provisions at least, where relevant, as to:
- the purposes of the processing or categories of processing;
- the categories of personal data;
- the scope of the restrictions introduced;
- the safeguards to prevent abuse or unlawful access or transfer;
- the specification of the controller or categories of controllers;
- the storage periods and the applicable safeguards taking into account the nature, scope and purposes of the processing or categories of processing;
- the risks to the rights and freedoms of data subjects; and
- the right of data subjects to be informed about the restriction, unless that may be prejudicial to the purpose of the restriction.
EU Regulation 679/2016 provides its Chapter VIII with the means of appeal to protect the interested party.
In particular, Articles 77 (Right to lodge a complaint with the Supervisory Authority), Article 78 (Right to an effective judicial remedy against the Supervisory Authority) and Article 79 (Right to effective judicial remedy against the owner of the treatment or data controller).
METHOD OF EXERCISE OF RIGHTS AND RESPONSE
The rights of the interested party can be exercised by email, pec, registered letter with return receipt.
To facilitate the exercise of these rights, the interested party can download the exercise form at the www.tenutadiarceno.com
For the exercise of these rights, the interested party may write to the email address:
The Data Controller, directly or through one of his agents, provides the interested party with information relating to the request submitted by the interested party without undue delay and, in any case, within 30 days from receipt of the request.
This deadline can be extended for a further 60 days, if necessary, taking into account the complexity and the number of requests. The data controller informs the interested party of this extension and of the reasons for the delay, within 30 days of receipt of the request. If the interested party submits the request by electronic means, the information is provided, where possible, by electronic means unless otherwise indicated by the interested party.
If the data controller does not comply with the request of the data subject, he / she informs the data subject without delay, and at the latest within 30 days of receipt of the request, of the reasons for the non-compliance and of the possibility of proposing a complaint to a supervisory authority and to bring a judicial appeal.
The information provided to the interested party and any communications and actions taken are free of charge.
If the requests of the interested party are manifestly unfounded or excessive, in particular for their repetitive nature, the data controller can:
- charge a reasonable expense contribution taking into account the administrative costs incurred to provide the information or communication or take the requested action € 100 or
- refuse to satisfy the request.
The burden of proving the manifestly unfounded or excessive nature of the request falls to the data controller.
If the data controller has reasonable doubts about the identity of the natural person who submits the request referred to in articles 15 to 21, he can request further information necessary to confirm the identity of the interested party.
PURSUANT TO EU REGULATION 679/2016 AND OF D.LGS. 196/2003 AS MODIFIED BY THE D.LGS. 101/2018
Following consultation of this site, data relating to identified or identifiable persons may be processed.
The Data Controller is the Tenuta di Arceno s.r.l. with headquarters in Loc. Arceno 53010 San Gusmè, Castelnuovo Berardenga Siena, Italy, p. VAT 01113960528, email email@example.com email address firstname.lastname@example.org.
PURPOSE OF THE TREATMENT
The purposes for which the data are collected are as follows:
Provide information on the services rendered by the writer;
Management of requests for information and clarifications.
LEGAL BASIS OF THE PROCESSING
The data are processed for the pursuit of the legitimate interest of the owner for the achievement of the aforementioned purposes.
PLACE OF DATA PROCESSING
The treatments connected to the web services of this site take place on the headquarters of Jackson Family Wines, Santa Rosa, CA and are only handled by personnel authorized to process. In case of need, the data connected to the newsletter service can be processed by the staff of the company that takes care of the maintenance of the technological part of the site, Jackson Family Wines, Santa Rosa, CA at the company headquarters it.
TYPES OF DATA PROCESSED
The following types of data are processed:
During their normal operation, the IT systems and software procedures used to operate this website acquire some personal data whose transmission is implicit in the use of Internet communication protocols.
This is information that is not collected to be associated with identified interested parties, but which by its very nature could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's computer environment.
These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site: except for this eventuality, at present the data on web contacts do not persist for more than seven days (except for any need for crime detection by of the judicial authority).
Data voluntarily provided by the user.
The optional, explicit and voluntary sending of e-mails to the addresses indicated on this site entails the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data included in the message.
Specific summary information will be progressively reported or displayed on the pages of the site prepared for particular services on request.
No personal user data is acquired by the site in this regard.
Cookies are not used to transmit personal information, and so-called persistent cookies are not used of any kind, or systems for tracking users.
The use of so-called session cookies (which are not stored permanently on the user's computer and disappear when the browser is closed) is strictly limited to, the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow safe and efficient site.
I c.d. session cookies used on this site avoid the use of other IT techniques that are potentially detrimental to the confidentiality of user navigation and do not allow the acquisition of the user's personal identification data.
METHOD OF TREATMENT
Personal data are processed by automated tools for the time strictly necessary to achieve the purposes for which they were collected.
Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access.
RIGHTS OF THE INTERESTED PARTIES
Pursuant to current legislation, the interested party may assert their rights towards the Data Controller, as expressed in art. 15 and following of EU Regulation 679/2016.
OWNER AND PRIVACY NOTICES
The owner is the Tenuta di Arceno.
For any communication pursuant to the above articles of EU Regulation 679/2016, the Owner provides the email address email@example.com.
Last Modified September 2020
"Cookies" are small pieces of information that are stored by your browser on your computer's hard drive. Cookies enable us to provide you with a more personal and interactive experience on our Site. This type of information is collected to make the Site more useful to you and to tailor the experience with us to meet your special interests and needs. Most web browsers automatically accept cookies, but allow you to turn off cookies as part of the browser options.
List of Cookies
Below is a list of the cookies we may use on this site and why we use them:
eCommerce and Compliance
eCommerce Cookies keep track of cart products, cart ids, and your user preferences when interacting with commerce carts. This can include personal data should you log into an account.
Compliance cookies are used to verify that you are old enough to use the site.
Sometimes we use tracking metrics to learn how users interact with our sites, including number of unique visits, how deep a user goes into the site, and where and when a user leaves the site, etc. No personal information is stored.
Enables functionality for Google maps and stores user preferences when viewing pages with maps.
Some platforms (i.e., Vimeo, Jobvite, Youtube, Invodo) have specific cookies linked to their respective sites to track progress and/or bandwidth.
This also includes Session/function cookies common to scripts and coding languages (JS and PHP) which help presentation/functionality of the site.
General session cookies used by the ASP and Coldfusion platform.
General Tracking Cookies
Sometimes we use trackers to learn how users interact with our sites, whether generally or for a specific campaign.
Social and Sharing
Social Networking Cookies
These cookies allow users to connect with social networks and to share content on the site.
Social Networking Sharing Cookies
These cookies are associated with various plug-ins that allow you to share content across various social networks or email.