Disclosure on personal data processing pursuant to articles 13 and 14 of the GDPR EU 679/2016 (“GDPR”)
The GDPR EU 679/2016 has the purpose of guaranteeing that the processing of the personal data is carried out in respect of the fundamental rights and freedom, as well as of the dignity of the data subject with particular reference to confidentiality and to the personal identity and to the right to data protection. Pursuant to arts. 13 and 14 of the GDPR, Polsinelli Enologia S.r.l. (“Data Controller” or “POLSINELLI’”) provides this disclosure to describe the processing of the user’s personal data collected through the website currently online at the URL https://www.polsinelli.it/en/ (“Website”), the purposes and the method of processing and the safety measures adopted to guarantee the confidentiality in full respect of the applicable laws. In general, POLSINELLI processes personal data following browsing on the Website, sending email requests by a Website user (“User”) or the purchaser of a POLSINELLI product (“Customer”) registering in the Restricted Area.
1. Data Controller
Polsinelli Enologia S.r.l. with registered offices at Via Carnello, 323, 03036 Isola del Liri (FR), Italy is the data controller.
2. Type of data processed
POLSINELLI may collect the following types of data:
2.1 Requests regarding the services offered in the Contacts section:
When filling in the contacts form online to be found in the Contacts section of the website, the User and/or the Customer will be asked to provide some personal data, specifically name, surname, email address and the reason for the request or suggestion. These data are necessary for the purposes of following up the specific request of the User and/or of the Customer. The data marked with an asterisk on the contact form is obligatory and failure to fill them in correctly will prevent the Data Controller from following up the request.
2.2 Sending the Newsletter
The User may ask to be sent a newsletter regarding the services, the products, the courses and the offers of the Data Controller by filling in the form “Subscribe to the newsletter” by indicating their own email address. Indicating the email address is obligatory and failure to or incorrectly doing so prevents the Data Controller from sending the User its newsletters.
2.3 Restricted Area
When registering for and/or accessing the Restricted Area (“Subscribe”), the User or Customer will be asked to provide some personal data, including but not limited to name, surname, email address and mobile phone number. The User or the Customer may also create the credentials to access the Restricted Area. The data marked with an asterisk on the contact form is obligatory and failure to fill them in correctly will prevent the Data Controller from completing the registration procedure to the Restricted Area. On the other hand providing the data present in the fields not marked with an asterisk, while being useful for simplifying the relations with the Data Controller, is optional and failure to indicate it does not jeopardise the registration procedure to the Restricted Area.
2.4 Product purchase and training course data
If the User and/or Customer makes a purchase on the Website, the Data Controller will process further information regarding the User and/or the Customer and the purchase made, necessary to process and complete the purchase orders. This information includes but is not limited to: payment and billing data (for example, credit card number, ZIP code and address), delivery data, shipping address, customer order number, purchase history on the Website, etc.
2.5 Browsing Data
During their normal operation, computer systems and software procedures used to operate the Website acquire some personal data, the transmission of which is implicit in the use of Internet communication protocols. This information is not collected with the purpose of identifying subjects, but by its very nature, the information could lead to user identification. This category of data includes the IP addresses or domain names of computers used by users connecting to the Website, the URI (Uniform Resource Identifier) of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response from the server (successful, failed, etc.) and other parameters associated with the user's operating system and computer environment. This data is only used to obtain anonymous statistical information on the use of the Website and to ensure that it operates correctly and it is cancelled immediately after processing.
Cookies collect information including data that may potentially allow an interested subject to be identified. For processing the data through cookies, please consult the relevant policy, available at the following link.
3. Manner of collecting the data
The data is collected directly by interested subjects when they browse the Website, send emails or communications to POLSINELLI, also through the contacts section (“Contacts”) or ask to register in the restricted area (“Subscribe”) or purchase a product or a training course.
4. Purpose and legal basis of the data processing; storage period
4.1 To respond to the requests received through the communication channels published on the Website (Contacts).
The legal basis of this processing is the legitimate interest of POLSINELLI to communicate with the public and handle and respond to the requests of potential customers, suppliers and other interested subjects. The storage time of this data is equal to the time necessary to process the request. This storage period may be longer if the interested party is subject to another specific processing. The legal basis of this processing is to process pre-contractual obligations.
4.2 To allow the User and/or the Customer to purchase the products or the training courses on the Website.
The Customer and/or User registering on and/or accessing the Restricted Area (“Subscribe”) may purchase the products offered for sale through the Website and conclude the relevant contract with the Data Controller after accepting the Terms and Conditions of Sale. In this case, the Data Controller will process the data to complete and manage the purchase orders, ship the products purchased, provide the necessary after-sales assistance, manage the return procedure for the purchased products, fulfil the provisions of the tax laws. The Customer can also use the online services indicated in paragraph 4.2 above. The storage time of this data is 10 years. The legal basis of this processing is to process contractual obligations.
4.3 To prevent or control unlawful conduct or to protect and assert rights.
For example, POLSINELLI may use the data of the interested subjects to prevent or follow up unlawful acts or violations of intellectual/industrial property rights (even third party ones) or cybercrimes or those committed through data networks. The legal basis of this processing is the legitimate interest of POLSINELLI as Data Controller. The storage period of the data is equal to the time reasonably necessary to assert the rights of POLSINELLI from the moment POLSINELLI becomes aware of the unlawful act or its potential perpetration. In relation to the purposes indicated above, the processing of the personal data is carried out by means of manual, computerised and data transfer systems with logics closely connected to the purposes themselves and anyway in such a way as to guarantee the safety and the confidentiality of the data itself in respect of the law.
5. Data subject's rights
The User and the Customer may contact POLSINELLI to exercise the rights laid down by art. 15 and foll. of the GDPR and, in particular, request access to their own personal data, know the existence of it, ask for it to be rectified, deleted or its processing to be limited, to oppose its processing and ask for the portability of their data; the User and the Customer can also revoke the consent at any time (this will not jeopardise the lawfulness of the processing based on the consent given before revocation). When the right to access is exercised, the User and the Customer may request information on who processes their information, for what purposes and for how long, who the data is shared with and if it is transferred to third countries, and can also ask to not be subject to automatic processing like profiling. The User and the Customer are entitled to lodge a complaint to the Data processing authority and to ask the Data Controller, at any moment, for information about the data processors and the subjects authorised by the Data Controller to process the data. The User and the Customer can exercise their own right by contacting POLSINELLI. Requests should be made to the Data Controller at the above-indicated addresses or by sending an email to email@example.com
6. Where the data is processed – Data transfer
The data processed is stored in Italy. The data can also be stored in the European Union by POLSINELLI suppliers who the data is transmitted to on the basis of signing contracts complying with art. 28 of the GDPR, with standard contractual clauses in compliance with the decision of the European Commission related to protection clauses or by virtue of a decision of suitability of the European Commission on the level of data protection (Privacy Shield). The updated list of the third party suppliers, operating as data processors pursuant to art. 28 of the GDPR, is available by email request to firstname.lastname@example.org
7. Sharing the data - recipients of the data
With the internal divisions of Polsinelli. In compliance with the POLSINELLI policy, the data may be communicated to the Data Controller by one of its divisions to another.
With subjects who may become aware in their capacity of “Data Processors” who the Data Controller assigns some processing activities related to the purposes illustrated in the previous paragraph 4 (e.g. transporters, shippers, consultants, companies sending communications, carrying out customer satisfaction controls, carrying out surveys, etc.). The updated list of the third party suppliers, operating as data processors pursuant to art. 28 of the GDPR, is available by email request to email@example.com.
With subjects who may become aware in their capacity of independent data processors to whom the Data Controller communicates the data in order to execute a request of the data subject. It is the communication of the data to companies that have been expressly authorised by Polsinelli Enologia S.r.l. to sell products with the POLSINELLI brand name.
With service providers. POLSINELLI uses third party services (cloud, content management system, analysis, hosting, browsing functions) that operate as data processors in accordance with agreements complying with art. 28 of the GDPR. When these suppliers operate from another country, they do so on the basis of standard contractual clauses in compliance with the decision of the European Commission related to protection clauses or by virtue of a decision of suitability of the European Commission on the level of data protection (Privacy Shield). These subjects come into possession only of the personal data necessary to carry out their functions and can use them only for carrying out these services on behalf of POLSINELLI or for legal fulfilments.
With legal authorities and administrative bodies. If permitted or requested by the law, POLSINELLI may share the data requested by the legal authority, by an administrative authority or by a government body in order to protect or exercise the rights of POLSINELLI or of third parties, or to fulfil a legal obligation.
8. Changes to the disclosure
This disclosure may be modified from time to time to reflect changes in law, technology, changes in collecting and in using the data, commercial initiatives or to allow us to add new functions. In the event of modifications, POLSINELLI will inform the User and the Customer: (i) by means of an announcement made on the home page of the Website and/or (ii) by adopting any other action that POLSINELLI may deem opportune. The User and the Customer are invited to consult the Website periodically for updates. Any changes made will become effective from when they are published and browsing the Website after that moment will be valid as accepting those changes.
Last update 6 March 2019