- THE DATA CONTROLLER
Angelini Wines & Estates Società Agricola a r.l., with registered office in Via Roma n. 117, 60031, Castelpiano (AN), in person of its legal representative for the time being is the Controller of the processing of your personal data. (“Angelini” or the “Data Controller”), which can be contacted at the following e-mail address: email@example.com.
- THE DATA PROTECTION OFFICER
The Controller has appointed a Data Protection Officer (“Data Protection Officer” or “DPO”). The DPO can be contacted by e-mail at firstname.lastname@example.org or by writing to the following address:
Data Protection Officer
c/o Angelini Wines & Estates Società Agricola a r.l.
Via Roma n. 11, 60031
- PERSONAL DATA DEFINITION
“Personal Data” is any information that relates to an identified or identifiable natural person, in this case, you browsing the Website (“Data”).
The Data Controller may process the following Data:
- the IP address, domain name and URL of the device used;
- geolocation data, browser type and operating system;
- browsing data (e.g., number of visits to the Website and time spent on the Website);
- the browsing history.
Furthermore, for the purposes of your registration in the private area of the Website, the Data Controller will collect and process the following Data:
- first and last name;
- company affiliation and corporate role;
- e-mail address;
- country of origin;
- telephone number;
- type of company activity;
When you visit the Website, the Data Controller may collect your Data both indirectly (e.g., by tracking the IP address and URL of your device in order to monitor the Website’s traffic) and directly (e.g., if you submit a request to the Data Controller or register in the personal area).
The Data Controller may also collect and process special categories of personal data under Art. 9 of the GDPR (“Sensitive Data”) that you may voluntarily provide when making a request to the Data Controller via the appropriate link on the Website, to the extent that this is made necessary by your request for information.
In any case, the Data Controller will only collect data that is adequate, relevant and limited to what is strictly necessary to achieve the purposes of the processing each time, and that this does not result in a restriction or other violation of your rights and freedoms as a data subject.
- PURPOSES OF THE PROCESSING AND RELEVANT LEGAL BASIS
4.1 Website management
The Data Controller will process your Data to carry out activities concerning the management and administration of the Website. In addition, the Data Controller may process your Data in order to improve the visitors’ browsing experience. The processing of your Data is based on the condition of lawfulness pursuant to Art. 6, par. 1, lett. f), GDPR, i.e., the legitimate interests pursued by the Data Controller.
4.2 Compliance with a legal obligation
The Data Controller will process your Data should it be necessary to fulfil legal and regulatory obligations or provisions of public authorities, under Art. 6, par. 1, lett. c), GDPR., i.e., compliance with a legal obligation.
For this purpose, the provision of Data is mandatory. If you fail to provide the Data, the Data Controller will not be able to guarantee you the navigation of the Website, as well as the satisfaction of your requests..
4.3 Defense of rights
The Data Controller may process your Data to assert and defend its rights. If necessary, processing will be based on the condition of lawfulness referred to in Art. 6, par. 1, lett. f), GDPR, i.e., the legitimate interests pursued by the Data Controller.
For this purpose, the provision of Data is optional. However, if you do not provide it, the Data Controller will not be able to guarantee you navigation on the Website.
4.4 Registration to the private area of the Website
The Data Controller collects and processes your Data in order to allow you to register in the private area of the Website, under Art. 6, par. 1, lett. b), GDPR, i.e., for the performance of a contract of which you are a party or of pre-contractual measures taken at your request.
For this purpose, the provision of Data is mandatory. If you fail to provide the Data, you will not be able to register to the private area of the Website.
- TRANSFER OF DATA
The server where the Website is located is within the European Economic Area.
Your Data may be shared with other companies of the Angelini Group, as well as with third party companies located within the European Economic Area that offer the Controller maintenance and development services for the Website and, in general, IT services, specifically appointed as Processors pursuant to Article 28, GDPR. Where required by law, your Data may also be communicated to other companies, competent Authorities or Public Entities located within the European Economic Area. These subjects will process your data for their own purposes as independent data controllers.
- APPLICABLE RETENTION PERIODS
As a principle, the Data Controller is committed to ensure that your Data will be processed for the time strictly necessary to fulfil the purposes of the processing.
For each of the purposes mentioned in paragraph 4 you might find here below information about the retention period provided for by the Data Controller:
- Management of the Website: your Data will be kept for the time strictly necessary to carry out the management and optimization activities of the Website;
- Fulfillment of a legal obligation/Defense of one's rights: your Data will be kept for the time strictly necessary to comply with any legal or regulatory obligations incumbent on the Controller and/or necessary for the defense of rights in court;
- Registration to the private area: your Data will be kept for 10 years from the termination of the contractual relationship.
We reserve the right to retain the so-called log data for longer periods in order to be able to deal with any crimes committed against the Website (e.g., hacking).
At the end of the period described above, your Data will be permanently deleted or otherwise irreversibly anonymised.
- DATA SUBJECTS RIGHTS
You, as a data subject, have the right to:
- access to Personal Data collected and request copies of the Data;
- request the rectification or updating of the Data, where inaccurate or incomplete;
- request, under certain circumstances, the deletion of the Data or the limitation of processing involving Data;
- request the portability of the Data;
- object to the processing of the same (where applicable);
- withdraw consent, where the processing of Data was based on the aforementioned legal basis.
The exercise of these rights is not subject to any formal constraints and is free of charge.
- HOW TO FILE A COMPLAINT
Should you wish to file a motion as to how your Data is being processed by the Data Controller, or as to how your complaint has been handled, you have the right to lodge a complaint directly before the Data Protection Authority (Garante per la protezione dei dati personali, Piazza Venezia 11, 00187 - Roma, Italia, Telephone +39 06696771, E-mail: email@example.com, www.garanteprivacy.it).
- FINAL PROVISIONS
[Version updated May 2023]