it

Privacy Policy

This privacy policy pursuant to Article 13 of Regulation (EU) 2016/679 (the “Regulation” or “GDPR”) is provided to those who browse the website below:

www.angeliniwinesandestates.com

[The website]

This privacy policy describes how the Website is managed regarding the processing of personal data referring to visitors browsing the Website. Please note that this policy relates exclusively to the Website and does not include any website to which the visitor may be redirected through links that may be available on the Website. For these reasons, in order to know the details concerning the processing of personal data on these external websites, we invite you to read the relevant privacy policy.

1 THE DATA CONTROLLER

Angelini Wines & Estates Società Agricola a r.l., with registered office in Via Roma n. 117, 60031, Castelpiano (AN), in person of its legal representative for the time being is the Controller of the processing of your personal data. (“Angelini” or the “Data Controller”), which can be contacted at the following e-mail address: angeliniwinesandestatessocagrarl@legalmail.it.

2 THE DATA PROTECTION OFFICER

The Controller has appointed a Data Protection Officer (“Data Protection Officer” or “DPO”). The DPO can be contacted by e-mail at dpo@angeliniwinestates.com or by writing to the following address:

Data Protection Officer

c/o Angelini Wines & Estates Società Agricola a r.l.

Via Roma n. 11, 60031

Castelpiano (AN)

 3 PERSONAL DATA DEFINITION

Personal Data” is any information that relates to an identified or identifiable natural person, in this case, you browsing the Website (“Data”).

The Data Controller may process the following Data:

i. the IP address, domain name and URL of the device used;

ii. geolocation data, browser type and operating system;

iii. browsing data (e.g., number of visits to the Website and time spent on the Website);

iv. the browsing history.

If a request is made to the Controller via the link in the “Contacts” section, the Data Controller will also collect and process the following Data:

v. first and last name;

vi. e-mail address;

vii. phone

viii. any further information provided in the context of the formulation of your request.

When you visit the Website, the Data Controller may collect your Data both indirectly (e.g., by tracking the IP address and URL of your device in order to monitor the Website’s traffic) and directly (e.g., if you submit a request to the Data Controller or register in the personal area).

The Data Controller may also collect and process special categories of personal data under Art. 9 of the GDPR (“Sensitive Data”) that you may voluntarily provide when making a request to the Data Controller via the appropriate link on the Website, to the extent that this is made necessary by your request for information.

In any case, the Data Controller will only collect data that is adequate, relevant and limited to what is strictly necessary to achieve the purposes of the processing each time, and that this does not result in a restriction or other violation of your rights and freedoms as a data subject.

4 PURPOSES OF THE PROCESSING AND RELEVANT LEGAL BASIS

4.1 Website management

The Data Controller will process your Data to carry out activities concerning the management and administration of the Website. In addition, the Data Controller may process your Data in order to improve the visitors’ browsing experience. The processing of your Data is based on the condition of lawfulness pursuant to Art. 6, par. 1, lett. f), GDPR, i.e., the legitimate interests pursued by the Data Controller.

4.2 Compliance with a legal obligation

The Data Controller will process your Data should it be necessary   to fulfil legal and regulatory obligations or provisions of public authorities, under Art. 6, par. 1, lett. c), GDPR., i.e., compliance with a legal obligation.

For this purpose, the provision of Data is mandatory. If you fail to provide the Data, the Data Controller will not be able to guarantee you the navigation of the Website, as well as the satisfaction of your requests..

4.3 Defense of rights

The Data Controller may process your Data to assert and defend its rights. If necessary, processing will be based on the condition of lawfulness referred to in Art. 6, par. 1, lett. f), GDPR, i.e., the legitimate interests pursued by the Data Controller.

For this purpose, the provision of Data is optional. However, if you do not provide it, the Data Controller will not be able to guarantee you navigation on the Website.

4.4 Management of requests submitted via link in the “Contacts” section

The Data Controller collects and processes your Data in order to comply with requests that you may have voluntarily submitted via the appropriate link in the “Contacts” section on the Website. The processing activity is carried out pursuant to Art. 6, par. 1, lett. b), GDPR, i.e., for the performance of a contract of which you are a party or of pre-contractual measures taken at your request.

The Controller may also become aware of the Sensitive Data you have communicated in the context of the formulation of your request.

If the processing of your Sensitive Data is not necessary for the fulfilment of your request, the Data Controller will not subject them to any processing activities and will promptly delete them. Alternatively, the Data Controller will only process your Sensitive Data to the extent strictly necessary to fulfil your request. In this case, the legal basis for processing is the consent of the data subject pursuant to  Article 9, par. 2, lett. a), GDPR.

For this purpose, the provision of Data is optional. However, if you do not provide it, the Data Controller will not be able to process your request.

5 TRANSFER OF DATA

The server where the Website is located is within the European Economic Area.

Your Data may be shared with other companies of the Angelini Group, as well as with third party companies located within the European Economic Area that offer the Controller maintenance and development services for the Website and, in general, IT services, specifically appointed as Processors pursuant to Article 28, GDPR. Where required by law, your Data may also be communicated to other companies, competent Authorities or Public Entities located within the European Economic Area. These subjects will process your data for their own purposes as independent data controllers.

6 APPLICABLE RETENTION PERIODS

As a principle, the Data Controller is committed to ensure that your Data will be processed for the time strictly necessary to fulfil the purposes of the processing.

The retention period for Data collected indirectly by the Controller via cookies is listed within the appropriate Cookie Policy.

For each of the purposes mentioned in paragraph 4 you might find here below information about the retention period provided for by the Data Controller:

  • Management of the Website: your Data will be kept for the time strictly necessary to carry out the management and optimization activities of the Website;
  • Fulfillment of a legal obligation/Defense of one’s rights: your Data will be kept for the time strictly necessary to comply with any legal or regulatory obligations incumbent on the Controller and/or necessary for the defense of rights in court;
  • Management of requests submitted via link: your Data and Sensitive Data will be kept for the time strictly necessary to process the request you have made;;

We reserve the right to retain the so-called log data for longer periods in order to be able to deal with any crimes committed against the Website (e.g., hacking).

At the end of the period described above, your Data will be permanently deleted or otherwise irreversibly anonymised.

7 DATA SUBJECTS RIGHTS

You, as a data subject, have the right to:

  • access to Personal Data collected and request copies of the Data;
  • request the rectification or updating of the Data, where inaccurate or incomplete;
  • request, under certain circumstances, the deletion of the Data or the limitation of processing involving Data;
  • request the portability of the Data;
  • object to the processing of the same (where applicable);
  • withdraw consent, where the processing of Data was based on the aforementioned legal basis.

In order to obtain more information regarding your rights, you may contact the Data Controller or the DPO at the contact details given in paragraphs 1 and 2 of this privacy policy

The exercise of these rights is not subject to any formal constraints and is free of charge.

8 HOW TO FILE A COMPLAINT

Should you wish to file a motion as to how your Data is being processed by the Data Controller, or as to how your complaint has been handled, you have the right to lodge a complaint directly before the Data Protection Authority (Garante per la protezione dei dati personali, Piazza Venezia 11, 00187 – Roma, Italia, Telephone +39 06696771, E-mail: protocollo@gpdp.it, www.garanteprivacy.it).

9 FINAL PROVISIONS

The Data Controller reserves the right to modify and/or update this privacy policy.

 

[Version updated November 2023]