Disclosure regarding processing of personal data from the website www.monteverro.com/it and customers of Monteverro S.r.L.

Monteverro S.r.L. Società Agricola, with registered headquarters at Strada Aurelia Capalbio 11, 58011 Capalbio (GR), tax and VAT number 04032300966, Grosseto Economic and Administrative Section (R.E.A.) no. 112377, in the capacity of Data Controller (hereafter “Controller”), hereby informs you, pursuant to EU Regulation 679/2016 (“GDPR”) and previous laws, including national law, on protecting personal data (“Privacy Law”), that your data will be processed in the following manners for the following purposes:

1. Subject-matter of processing

In managing the site, the Controller processes non-sensitive identification data obtained from either website browsing or from the user’s voluntary provision of data when a contact request is sent through the appropriate form. More details on the subject-matter of the two types of processing are provided below.

Identification data obtained from browsing
During the course of their normal operation, the information systems and software procedures responsible for the functioning of this website acquire certain personal data which is transmitted while using internet communication protocols.
This information is not collected in order to be associated with identified data subjects, but due to its nature, through processing and association with data held by third parties, it could be used to identify users.
This category of data includes IP addresses or domain names of the computers utilized by individuals who connect to the site, addresses that contain URIs (Uniform Resource Identifiers) for the resources requested, URLs (Uniform Resource Locators), i.e. the address of the website you used to contact us, the time of the request, the method used to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the response from the server (success, error, etc.), the type of browser and the operating system used, and other parameters related to the operating system and the user’s IT environment.
These data are utilized solely to obtain anonymous statistical information regarding site use and to control its proper functioning, and are deleted immediately after processing. The data could be utilized to ascertain liability in case of hypothetical cybercrimes against the site: therefore, data on web contacts could be retained for and limited to this purpose. Solely for the purpose of ascertaining said liability, the IP address and domain name of the computers utilized would make it possible to trace additional user identification details (in particular, first and last name, email address, telephone number, etc.).
In order to browse and consult the site, no sensitive data or data that could reveal religious or political beliefs or the user’s state of health will be processed.

Data voluntarily provided by the user
In order to obtain detailed information on the products and services offered, as well as advertising information related to said products, it may be necessary to provide some personal identifying data (such as first and last name, email address, mailing address, date of birth and telephone number, etc.).
In that case, the user will be requested to provide personal data only to complete the form which collects data on the quote. In particular, we offer you the possibility of signing up for our mailing list. When you join the list, we create a personal account for you with our online store and we send you exclusive offers for the current year. A request to send email requires us to obtain certain personal data, including the user’s first and last name, email address, telephone number, date of birth, and municipality of residence.
The email address you provide also acts as an access code to your personal account. Once registration is complete, you will automatically receive email confirmation and an access password, which must be changed after the first login. In the personal section of your account, you can update your personal data at any time and enter additional information.
We also offer you the possibility of ordering through our online store, access to which requires you to enter your email address and password. Your delivery address is already automatically part of your personal account, but you can change it during the order process.

2. Purpose of processing

a) execution of the contract or meeting pre-contractual commitments; in particular:

  • to manage your contact request;

  • to manage and maintain the website;

  • to verify the accuracy of your data;

  • to process purchase agreements concluded with us in our online store;

  • to make it possible to sign up for the mailing list;

  • to contact you, if necessary, to process purchase agreements concluded with us in our online store.

b) the Controller’s legitimate interest; in particular:

  • to analyze cookies – as indicated in the Cookie Policy – arising from your use of the Website;

  • to prevent or reveal fraudulent activities or abuses harmful to the Website;

  • to exercise the Controller’s rights, for example the right to present a defense in court.

The Data you voluntarily provide are processed, with your prior consent, for the following marketing purposes:

  • to send you periodic newsletters with information on our wine cellar and our products (mailing list);

3. Methods of processing

Your Data are electronically processed through collection, registration, updating, organization, storage, consultation, elaboration, modification, selection, extraction, comparison, utilization, interconnection, blocking, erasure, and destruction of the Data.

4. Data storage

The Controller processes the data for the time necessary to fulfill your request and achieve the above purposes. For contact data (online store – mailing list registration form), this is no more than 10 years after the date of collection, and for data processed for marketing purposes (mailing list, sending newsletters), this is 2 years after collection and in any case no longer than provided in the privacy law previously in effect. Browsing data are erased when the web page visited is closed.

5. Access to Data

The following parties may access your Data for the above purposes:

  • the Controller’s employees and/or collaborators, in their capacity as data processors and/or in-house persons in charge of data processing and/or system administrators;

  • outside companies or other parties (such as shipping companies, credit institutions, Customer Care operators, IT service providers, suppliers, professional offices, providers of payment processing services – Unzer E-Com GmbH - etc.) who are outsourced on behalf of the Controller, in their capacity as outside data processors.

6. Communication of Data

Even without your consent, for the above purposes your Data may be communicated to supervisory bodies, law enforcement, or the courts, who will process them, at their express request, as autonomous data controllers for institutional purposes and/or pursuant to the law during investigations and controls. Your Data may also be communicated to outside parties (such as partners, independent professionals, agents, etc.), as autonomous data controllers, in order to engage in activities instrumental to the above purposes.

7. Transfer of Data

Your data will not be disseminated or transferred to non-EU countries.

8. Nature of the provision of Data and consequences of refusing to respond

Provision of data for the purposes indicated in this disclosure is optional. If you decide not to provide the data, however, it will not be possible to guarantee full use of the services provided by the Controller.

9. Rights of the data subject

As a data subject, you have the right:

  • to obtain confirmation of whether or not Personal Data regarding you exists, even if not yet registered, and to have it made available to you in intelligible form;

  • to be informed and if necessary receive a copy of: a) the Personal Data’s origin and category; b) the logic used if processing is carried out using electronic instruments; c) the processing purposes and methods; d) the identifying details of the Controller and data processors; e) the parties or categories of parties to whom the Personal Data can be communicated or who may become aware of them, in particular if the recipients are in other countries or international organizations; e) when possible, the period of time the Data will be stored or the criteria used to determine that period of time; f) the existence of an automated decision-making process, and if so, the logic used, and the importance and anticipated consequences for the data subject; g) the existence of adequate guarantees if the Data are transferred to a non-EU country or an international organization;

  • to obtain, without unjustified delay, the updating and rectification of inaccurate data or, if desired, the supplementation of incomplete data;

  • to obtain the erasure, transformation into anonymous form or blocking of data: a) processed unlawfully; b) that is no longer necessary for the purposes for which it was collected or subsequently processed; c) if the consent on which the processing is based is revoked and there is no other legal foundation; d) if there is opposition to the processing and there is no other prevailing legitimate reason to continue the processing; e) to meet a legal obligation; f) if the Data regard minors. The Controller may refuse to erase the Data only in the following cases: a) when exercising the right to freedom of expression and information; b) when meeting a legal obligation, performing a duty in the public interest, or exercising public powers; c) for public health reasons; d) archiving in the public interest, for scientific or historic research, or for statistical purposes; e) exercising a right before the courts;

  • to limit processing in the following cases: a) to contest the accuracy of the Personal Data; b) the Controller’s unlawful processing to prevent its erasure; c) if you are exercising a right within a judicial process; d) to determine whether the Controller’s legitimate reasons prevail over those of the data subject;

  • if processing is performed using automated methods, to receive your Personal Data in a structured format in common use and readable by an automatic device, and to transmit it to another data controller without hindrance or, if technically feasible, to have it transmitted directly from the Controller to another data controller;

  • to oppose, in whole or part: a) for legitimate reasons, the processing of your Personal Data, even if pertinent to the purpose of the collection; b) the processing of your Personal Data for purposes of sending advertising material, or for direct sales, or to perform market research, or for promotional purposes, through the use of automated calling systems without the assistance of an operator through email, and/or through traditional marketing methods by telephone and/or through the postal service;

  • to file a complaint with the Personal Data Protection Authority.

In the above cases, if necessary, the Controller will advise the third parties to whom your personal data are communicated if you have exercised any of your rights, except in specific cases (for example, if this is impossible to do or if it would involve methods which are manifestly disproportionate to the right protected).

10. Method of exercising rights

Method of exercising rights
You may exercise these rights at any time:

11. Connections to other websites

Our Website could contain connections to the websites of other suppliers. We cannot influence their compliance with data protection laws, and thus our privacy policy does not extend to them.

12. Data controller and data processor

The data controller is Monteverro S.r.L. Società Agricola, Strada Aurelia Capalbio 11, 58011 Capalbio (GR).

The updated list of in-house and outside data processors is kept at the Controller’s headquarters on Strada Aurelia Capalbio 11, 58011 Capalbio (GR).

Capalbio, November 15, 2018

Monteverro S.r.L. Società Agricola